All kinds of problems

[tpolcha]

Problems you name it.  Scans take four hours to finish and indicate 'No Dections'.  Nothing to quarrentine.

Windows XP Home
Windows and Java up to date.
Using McAfee suite from cox.net.
Using Superantispyware, Lavasoft SE and Malwarebytes.

The attachments; when I try to browse won't let me find the notepad destination or am I just stupid.  No answer required.

I used the HJT run tool.  I Removed schedulares and cloakers once already but did not persue all the recommended removals as I was unsure.  They (the exe's) have found away to resume themselves.

I tried to browse and attach the HJTlog from notepad but am unable to find the notepad destination.  It will not let me find it.  This PC really doesn't like what your about to suggest I'm sure.... So here is HJTlog in copy & Paste.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:55:30 PM, on 8/30/2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Ulead Systems\Ulead Photo Assistant\UATRAY.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?ptnrS=ZRxdm479YYUS&ptb=tx.yihxEYvLfli.3RhgMzQ&n=77cec9e7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ShopAtHomeIEHelper - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: ShopAtHome Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - S-1-5-18 Startup: PowerReg Scheduler.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: PowerReg Scheduler.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: PowerReg Scheduler.exe (User 'Default user')
O4 - .DEFAULT User Startup: Registry Defender Platinum.lnk = C:\Program Files\Registry Defender Platinum\RegistryDefender.exe (User 'Default user')
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Ulead Acquire Fast.lnk = C:\Program Files\Ulead Systems\Ulead Photo Assistant\UATRAY.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271112910818
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--

Looking forward to your recommendations.

Tom

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

when I try to browse won't let me find the notepad destination or am I just stupid

Don't bother browsing. Just copy and paste the contents of the log into your reply.

FYI, the Notepad is found here: %SystemRoot%\system32\notepad.exe

ShopAtHomeToolbar is adware and it should be removed from here. C:\Program Files\SelectRebates\Toolbar

*****************************************

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*****************************************

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*******************************************

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O2 - BHO: ShopAtHomeIEHelper - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: ShopAtHome Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

**************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

[tpolcha]

Sorry it has taken so long to reply to your instructions.  I can't get to the PC every day and some times a spyware scan can run 4 hours to finish.  I've done what you asked.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:50:10 PM, on 8/21/2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Ulead Systems\Ulead Photo Assistant\UATRAY.EXE
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?ptnrS=ZRxdm479YYUS&ptb=tx.yihxEYvLfli.3RhgMzQ&n=77cec9e7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ShopAtHomeIEHelper - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: ShopAtHome Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - S-1-5-18 Startup: PowerReg Scheduler.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: PowerReg Scheduler.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: PowerReg Scheduler.exe (User 'Default user')
O4 - .DEFAULT User Startup: Registry Defender Platinum.lnk = C:\Program Files\Registry Defender Platinum\RegistryDefender.exe (User 'Default user')
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Ulead Acquire Fast.lnk = C:\Program Files\Ulead Systems\Ulead Photo Assistant\UATRAY.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271112910818
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/15/2010 at 07:06 PM

Application Version : 4.42.1000

Core Rules Database Version : 5513
Trace Rules Database Version: 3325

Scan type       : Complete Scan
Total Scan Time : 03:23:07

Memory items scanned      : 479
Memory threats detected   : 0
Registry items scanned    : 5198
Registry threats detected : 0
File items scanned        : 30371
File threats detected     : 1

Adware.Tracking Cookie
   C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt

Here is the next previous log.  There are about 6 more detailed scans.  Do you want to see them?

UPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/11/2010 at 02:28 AM

Application Version : 4.39.1002

Core Rules Database Version : 5431
Trace Rules Database Version: 3170

Scan type       : Complete Scan
Total Scan Time : 03:20:48

Memory items scanned      : 494
Memory threats detected   : 0
Registry items scanned    : 5203
Registry threats detected : 22
File items scanned        : 30530
File threats detected     : 65

Adware.ShopAtHomeSelect
   HKLM\Software\Classes\CLSID\{E8DAAA30-6CAA-4b58-9603-8E54238219E2}
   HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
   HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
   HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}\InprocServer32
   HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}\InprocServer32#ThreadingModel
   HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}\ProgID
   HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}\Programmable
   HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}\TypeLib
   HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}\VersionIndependentProgID
   HKCR\ToolBand.ShopAtHomeIEHelper.1
   HKCR\ToolBand.ShopAtHomeIEHelper.1\CLSID
   HKCR\ToolBand.ShopAtHomeIEHelper
   HKCR\ToolBand.ShopAtHomeIEHelper\CLSID
   HKCR\ToolBand.ShopAtHomeIEHelper\CurVer
   HKCR\TypeLib\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}
   HKCR\TypeLib\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}\1.0
   HKCR\TypeLib\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}\1.0\0
   HKCR\TypeLib\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}\1.0\0\win32
   HKCR\TypeLib\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}\1.0\FLAGS
   HKCR\TypeLib\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}\1.0\HELPDIR
   C:\PROGRAM FILES\SELECTREBATES\TOOLBAR\SHOPATHOMETOOLBAR.DLL
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8DAAA30-6CAA-4b58-9603-8E54238219E2}

Adware.Tracking Cookie
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
   C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[2].txt
   C:\Documents and Settings\Owner\Cookies\owner@azjmp[2].txt
   C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt
   C:\Documents and Settings\Owner\Cookies\owner@specificclick[2].txt
   C:\Documents and Settings\Owner\Cookies\owner@lucidmedia[2].txt
   C:\Documents and Settings\Owner\Cookies\owner@apmebf[2].txt
   C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt
   C:\Documents and Settings\Owner\Cookies\owner@interclick[1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\owner@revsci[1].txt
   C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt
   C:\Documents and Settings\Owner\Cookies\owner@collective-media[1].txt
   C:\Documents and Settings\Owner\Cookies\owner@yieldmanager[1].txt
   C:\Documents and Settings\Owner\Cookies\owner@pointroll[2].txt
   C:\Documents and Settings\Owner\Cookies\owner@ak[2].txt
   C:\Documents and Settings\Owner\Cookies\owner@adbrite[1].txt
   C:\Documents and Settings\Owner\Cookies\owner@adinterax[2].txt
   C:\Documents and Settings\Owner\Cookies\owner@specificmedia[2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
   C:\Documents and Settings\Owner\Cookies\owner@ru4[2].txt
   C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\owner@invitemedia[1].txt

Adware.MyWebSearch/FunWebProducts
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
   C:\PROGRAM FILES\MSN MESSENGER\MSIMG32.DLL

Adware.SelectRebates
   C:\Program Files\SELECTREBATES\FFToolbar\chrome\sahtoolbar.jar
   C:\Program Files\SELECTREBATES\FFToolbar\chrome
   C:\Program Files\SELECTREBATES\FFToolbar\chrome.manifest
   C:\Program Files\SELECTREBATES\FFToolbar\defaults\preferences\sahtoolbar.js
   C:\Program Files\SELECTREBATES\FFToolbar\defaults\preferences
   C:\Program Files\SELECTREBATES\FFToolbar\defaults
   C:\Program Files\SELECTREBATES\FFToolbar\install.rdf
   C:\Program Files\SELECTREBATES\FFToolbar
   C:\Program Files\SELECTREBATES\SelectAlerts.dat
   C:\Program Files\SELECTREBATES\SelectRebates.ini
   C:\Program Files\SELECTREBATES\SelectRebatesA.dat
   C:\Program Files\SELECTREBATES\SelectRebatesApi.exe
   C:\Program Files\SELECTREBATES\SelectRebatesB.dat
   C:\Program Files\SELECTREBATES\SelectRebatesBT.dat
   C:\Program Files\SELECTREBATES\SelectRebatesDownload.exe
   C:\Program Files\SELECTREBATES\SelectRebatesUninstall.exe
   C:\Program Files\SELECTREBATES\SRebates.dll
   C:\Program Files\SELECTREBATES\SRFF3.dll
   C:\Program Files\SELECTREBATES\Toolbar\AddtoList.bmp
   C:\Program Files\SELECTREBATES\Toolbar\basis.xml
   C:\Program Files\SELECTREBATES\Toolbar\Basis.xml.dym
   C:\Program Files\SELECTREBATES\Toolbar\Blank.bmp
   C:\Program Files\SELECTREBATES\Toolbar\Cache
   C:\Program Files\SELECTREBATES\Toolbar\CashBack.bmp
   C:\Program Files\SELECTREBATES\Toolbar\Coupons.bmp
   C:\Program Files\SELECTREBATES\Toolbar\GroceryCoupon.bmp
   C:\Program Files\SELECTREBATES\Toolbar\icons.bmp
   C:\Program Files\SELECTREBATES\Toolbar\ImageCache
   C:\Program Files\SELECTREBATES\Toolbar\i_magnifying.bmp
   C:\Program Files\SELECTREBATES\Toolbar\logo.bmp
   C:\Program Files\SELECTREBATES\Toolbar\logo_24.bmp
   C:\Program Files\SELECTREBATES\Toolbar\logo_HotSpots.bmp
   C:\Program Files\SELECTREBATES\Toolbar\ReviewSite.bmp
   C:\Program Files\SELECTREBATES\Toolbar\RightControls.dym
   C:\Program Files\SELECTREBATES\Toolbar\Scissors.bmp
   C:\Program Files\SELECTREBATES\Toolbar
   C:\Program Files\SELECTREBATES

www.malwarebytes.org

Database version: 4511

Windows 5.1.2600 Service Pack 1
Internet Explorer 6.0.2800.1106

9/16/2010 2:30:40 PM
mbam-log-2010-09-16 (14-30-40).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 352398
Time elapsed: 16 hour(s), 33 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

This scan is from early Aug

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4431

Windows 5.1.2600 Service Pack 1
Internet Explorer 6.0.2800.1106

8/15/2010 3:02:00 AM
mbam-log-2010-08-15 (03-02-00).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 346353
Time elapsed: 5 hour(s), 43 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 40
Registry Values Infected: 9
Registry Data Items Infected: 0
Folders Infected: 140
Files Infected: 4320

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.multiplebutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.multiplebutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xhukgshu (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xhukgshu (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\eskin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\IESkins (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\2 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\DownLoad (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOL (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOL\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOL\static (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOL\static\1 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOL\static\2 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOL\static\DownLoad (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\Hotbar\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\Hotbar\dynamic\344stat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\Hotbar\dynamic\hstat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML (Adware.Hotbar) -> Files: 906 -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\Hotbar\static (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\Hotbar\static\1 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\Hotbar\static\2 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Hotbar\eskin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Hotbar\IESkins (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Hotbar\v3.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Hotbar\v3.0\HostOI (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Hotbar\v3.0\HostOI\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Hotbar\v3.0\HostOI\static (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Hotbar\v3.0\HostOI\static\1 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Hotbar\v3.0\HostOI\static\2 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Hotbar\v3.0\HostOI\static\DownLoad (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Hotbar\v3.0\HostOL (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Hotbar\v3.0\HostOL\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Hotbar\v3.0\HostOL\static (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Hotbar\v3.0\HostOL\static\1 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Hotbar\v3.0\HostOL\static\2 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Hotbar\v3.0\HostOL\static\DownLoad (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Hotbar\v3.0\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Hotbar\v3.0\Hotbar\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Hotbar\v3.0\Hotbar\dynamic\344stat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Hotbar\v3.0\Hotbar\dynamic\hstat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML (Adware.Hotbar) -> Files: 906 -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Hotbar\v3.0\Hotbar\static (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Hotbar\v3.0\Hotbar\static\1 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Hotbar\v3.0\Hotbar\static\2 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Rapid Antivirus (Rogue.RapidAntiVirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Rapid Antivirus (Rogue.RapidAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SeekmoSA (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Seekmo\IESkins (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Seekmo\v3.0 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Seekmo\v3.0\HostOI (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Seekmo\v3.0\HostOI\dynamic (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Seekmo\v3.0\HostOI\static (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Seekmo\v3.0\HostOI\static\1 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Seekmo\v3.0\HostOI\static\DownLoad (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Seekmo\v3.0\HostOL (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Seekmo\v3.0\HostOL\dynamic (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Seekmo\v3.0\HostOL\static (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Seekmo\v3.0\Seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Seekmo\v3.0\Seekmo\dynamic (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Seekmo\v3.0\Seekmo\static (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Seekmo\v3.0\Seekmo\static\1 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Seekmo\Wallpaper (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Seekmo\IESkins (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Seekmo\v3.0 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Seekmo\v3.0\HostOI (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Seekmo\v3.0\HostOI\dynamic (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Seekmo\v3.0\HostOI\static (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Seekmo\v3.0\HostOI\static\1 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Seekmo\v3.0\HostOI\static\DownLoad (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Seekmo\v3.0\HostOL (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Seekmo\v3.0\HostOL\dynamic (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Seekmo\v3.0\HostOL\static (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Seekmo\v3.0\Seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Seekmo\v3.0\Seekmo\dynamic (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Seekmo\v3.0\Seekmo\static (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Seekmo\v3.0\Seekmo\static\1 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Seekmo\Wallpaper (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware\Games (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware\JokeSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware\Movies (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware\Pranks (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware\SearchAssistPlus (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware\SearchMatch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware\SmileyTown (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Program Files\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\VnrBlock (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Start Menu\Programs\Registry Defender Platinum (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Registry Defender Platinum (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Start Menu\Antivirus 2009 (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Start Menu\Antivirus 2009 (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\311496 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\675873 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\912525 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AppCert (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\ErrorFix\ErrorFix.exe (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\AdwareAlert\Log\2008 Oct 17 - 09_51_15 PM_312.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\AdwareAlert\Log\2008 Oct 17 - 10_24_54 PM_656.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\AdwareAlert\Log\2008 Oct 17 - 12_45_14 PM_421.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\AdwareAlert\Log\2008 Oct 17 - 12_45_24 PM_484.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\AdwareAlert\Log\2008 Oct 18 - 01_57_33 PM_937.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\AdwareAlert\Log\2008 Oct 18 - 06_18_42 PM_078.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\AdwareAlert\Log\2008 Oct 18 - 07_04_52 AM_953.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\AdwareAlert\Log\2008 Oct 18 - 10_05_34 AM_328.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\AdwareAlert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\AdwareAlert\Log\2008 Oct 17 - 09_51_15 PM_312.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\AdwareAlert\Log\2008 Oct 17 - 10_24_54 PM_656.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\AdwareAlert\Log\2008 Oct 17 - 12_45_14 PM_421.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\AdwareAlert\Log\2008 Oct 17 - 12_45_24 PM_484.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\AdwareAlert\Log\2008 Oct 18 - 01_57_33 PM_937.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\AdwareAlert\Log\2008 Oct 18 - 06_18_42 PM_078.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\AdwareAlert\Log\2008 Oct 18 - 07_04_52 AM_953.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\AdwareAlert\Log\2008 Oct 18 - 10_05_34 AM_328.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\AdwareAlert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-03-31 15-10-450.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-03-31 15-14-030.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-03-31 15-28-000.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-04-01 16-14-110.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-04-01 22-49-310.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-04-01 23-00-570.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-04-02 04-53-570.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\navE0C.tmp (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\reports.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\eskin\011203mail1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\eskin\011203mail1_st.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\eskin\011203mail1_st.xml (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\eskin\020105_emmo2_em.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\eskin\020105_emmo2_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\eskin\030105_animi14_img.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\eskin\030105_animi14_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\eskin\030203us_angel.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\eskin\030203us_angel_prv.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\eskin\030203us_angel_st.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\eskin\030203us_angel_st.xml (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\eskin\040104_bgn6_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\eskin\040104_bgn6_st.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\eskin\0423ZAVangelas82_prv.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\eskin\0423ZAVangelas82_st.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\eskin\110103_oven_em.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\eskin\110103_oven_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\eskin\110104_bgn28_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\eskin\110104_bgn28_st.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\eskin\120102funny_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\eskin\120102funny_st.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\eskin\120102funny_st.xml (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\eskin\120103_bga8_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\eskin\120103_bga8_st.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\eskin\120103_eca7_ec.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\eskin\120103_eca7_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\eskin\empty_bg_st.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\eskin\en_tellafriend_inv.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\eskin\FileManager.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\011203flk_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\030104_emte10_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\030104_emte11_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\030104_emte12_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\030104_emte13_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\030104_emte14_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\030104_emte19_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\030104_emte20_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\030104_emte21_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\030104_emte9_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\030203free_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\030203lib_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\030203us_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102angel_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102angry_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102bad_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102band_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102bebe_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102beer_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102bigangry_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102bigblink_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102bigkiss_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102biglove_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102bigluf_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102bigsad_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102bigscream_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102bigsmile_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102bigtong_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102biguhm_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102birthday_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102blink_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102cheers_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102clown_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102cry_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102fight_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102flo_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102good_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102jump_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102king_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102kiss_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102kite_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102lough_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102love_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102lovu_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102luf_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102mad_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102shamed_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102smiled_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102smile_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102sor_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102stupid_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102thanx_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102tongue_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102uhu_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\033102uu_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\040103ahh_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\040103bg_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\040103wow_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\040104_emi2_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\042102_1134_112_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\050103big_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\050103crazicon4_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\050103gig_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Hotbar\v3.0\HostOI\static\1\050103hm_prv.gif (Adware.Hotbar) -&g

[tpolcha]

That last post didn't include this.....

 Results of screen317's Security Check version 0.99.5 
 Windows XP Service Pack 1 
 Out of date service pack!!
 Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
 Windows Security Center service is not running! This report may not be accurate!
 McAfee SecurityCenter     
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 CCleaner     
 Java(TM) 6 Update 21 
 Adobe Flash Player   
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 McAfee VIRUSS~1 mcshield.exe 
 McAfee VIRUSS~1 mcsysmon.exe 
````````````````````````````````
DNS Vulnerability Check:
 GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

[SuperDave]

Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.

There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

Registry Defender
For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners
***************************************

There are about 6 more detailed scans.  Do you want to see them?

This program is out-of-date. Please download this one and run another scan.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
***************************************

The program SelectRebates is a malicious program bundled with adware. It should be uninstalled.

***********************************************
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O2 - BHO: ShopAtHomeIEHelper - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: ShopAtHome Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

Important: Close all open windows except for HijackThis and then click Fix checked.
Once completed, exit HijackThis.

***************************************
Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

[tpolcha]

I hope we didn't lose some relevant data; I followed your instructions.

Combofix ran through its stages (about 35 minutes total), repairs and was waiting to create a log in note pad when before that finished, the PC auto rebooted.

I didn't find anything in note pad.

Before I had to stop working I ran combofix again and will see later the results.

Is that first log still there someplace?   

[SuperDave]

You should find the log in C: ComboFix. Just look for .txt file.

[tpolcha]

See attached 2 files.

I believe you told me my service pack was outdated.  Since using combo fix, the system is running better but not so good.  CH just denied this thread stating the hijackthis log's file type was not supported so I am copy & pasting.  I will update the service pack while waiting for your next instructions.

Thanks Tom
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:04:13 PM, on 9/27/2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Gamesbar\SearchEngineProtection.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.iplay.com/?o=shp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [SearchEngineProtection] C:\Program Files\Gamesbar\SearchEngineProtection.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: PowerReg Scheduler.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: PowerReg Scheduler.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: PowerReg Scheduler.exe (User 'Default user')
O4 - .DEFAULT User Startup: Registry Defender Platinum.lnk = C:\Program Files\Registry Defender Platinum\RegistryDefender.exe (User 'Default user')
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271112910818
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

[tpolcha]

I can't see where you recieved 2 of my attachments; superantispyware and combofix so I will c&p again.

ComboFix 10-09-25.05 - Owner 09/25/2010  17:20:55.3.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.1.1252.1.1033.18.631.413 [GMT -5:00]
Running from: c:\documents and settings\Owner\My Documents\Commy.exe
 * Created a new restore point
 * Resident AV is active

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\qmgr.dll was found and disinfected
Restored copy from - c:\windows\$NtUninstallKB842773$\qmgr.dll

.
(((((((((((((((((((((((((   Files Created from 2010-08-25 to 2010-09-25  )))))))))))))))))))))))))))))))
.

2010-09-22 14:57 . 2010-09-22 18:38   --------   d-----w-   c:\documents and settings\Owner\Application Data\JewelMatch2
2010-09-05 18:02 . 2010-09-05 18:03   --------   d-----w-   c:\documents and settings\Owner\Application Data\Clip Art Collection
2010-09-05 17:55 . 2010-09-05 17:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Optimizer Pro
2010-09-05 17:55 . 2010-09-05 17:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\WeCareReminder
2010-09-05 17:54 . 2010-09-05 17:54   --------   d-----w-   c:\documents and settings\Owner\Application Data\Oberon Media
2010-09-05 17:54 . 2010-09-23 08:11   --------   d-----w-   c:\documents and settings\All Users\Application Data\GamesBar

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 22:27 . 2010-04-23 22:45   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-09-23 22:21 . 2010-08-15 00:27   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-09-23 18:26 . 2008-10-07 20:22   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-09-22 14:54 . 2008-10-19 17:18   --------   d-----w-   c:\program files\Oberon Media
2010-09-17 23:37 . 2010-09-05 17:54   --------   d-----w-   c:\program files\SpeedItup Free
2010-09-15 19:43 . 2010-09-15 19:43   --------   d-----w-   c:\program files\Common Files\Java
2010-09-15 19:42 . 2006-11-15 02:34   --------   d-----w-   c:\program files\Java
2010-09-11 11:21 . 2004-02-20 14:31   --------   d-----w-   c:\program files\MSN Messenger
2010-09-05 17:56 . 2010-09-05 17:56   --------   d-----w-   c:\program files\Clip Art Collection
2010-09-05 17:56 . 2006-05-02 01:33   --------   d-----w-   c:\program files\Free Offers from Freeze.com
2010-09-05 17:55 . 2010-09-05 17:54   --------   d-----w-   c:\program files\GamesBar
2010-09-05 17:54 . 2008-10-19 17:18   --------   d-----w-   c:\program files\Common Files\Oberon Media
2010-08-21 23:53 . 2003-10-30 23:23   --------   d-----w-   c:\program files\Google
2010-08-15 00:28 . 2010-08-15 00:28   --------   d-----w-   c:\documents and settings\Owner\Application Data\Malwarebytes
2010-08-15 00:27 . 2010-08-15 00:27   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-14 23:37 . 2010-06-28 22:49   --------   d-----w-   c:\documents and settings\All Users\Application Data\Lavasoft
2010-08-14 22:19 . 2010-08-14 22:19   --------   d--h--w-   c:\documents and settings\All Users\Application Data\CanonBJ
2010-08-12 22:05 . 2010-08-12 22:05   --------   d-----w-   c:\program files\Trend Micro
2010-07-17 10:00 . 2010-04-23 22:14   423656   ----a-w-   c:\windows\system32\deployJava1.dll
2010-07-15 20:18 . 2010-04-12 21:52   120136   ----a-w-   c:\windows\system32\drivers\Mpfp.sys
2010-06-28 22:59 . 2010-06-28 22:59   95024   ----a-w-   c:\windows\system32\drivers\SBREDrv.sys
2006-07-26 05:12 . 2006-07-26 05:13   774144   -c--a-w-   c:\program files\RngInterstitial.dll
2001-07-26 22:58 . 2000-01-11 18:50   47   -c--a-w-   c:\program files\ACMonitor_X73.ini
2001-07-05 18:46 . 2001-07-20 16:48   8116   -c--a-w-   c:\program files\OSLO3071b2.USB
2001-05-11 16:39 . 2100-02-08 21:03   53248   -c--a-w-   c:\program files\ACMonitor_X73.exe
2001-05-08 21:36 . 2000-12-05 20:56   114688   -c--a-w-   c:\program files\lxarscan.dll
2001-04-23 20:22 . 2100-02-08 21:53   1437   -c--a-w-   c:\program files\gtx73.ini
2001-02-22 15:54 . 2100-02-23 20:35   768   -c--a-w-   c:\program files\x73_lut.dat
2007-09-16 06:35 . 2008-10-27 21:01   66408   -c--a-w-   c:\program files\mozilla firefox\components\jar50.dll
2007-09-16 06:35 . 2008-10-27 21:01   54112   -c--a-w-   c:\program files\mozilla firefox\components\jsd3250.dll
2007-09-16 06:35 . 2008-10-27 21:01   34688   -c--a-w-   c:\program files\mozilla firefox\components\myspell.dll
2007-09-16 06:35 . 2008-10-27 21:01   46456   -c--a-w-   c:\program files\mozilla firefox\components\spellchk.dll
2007-09-16 06:35 . 2008-10-27 21:01   171880   -c--a-w-   c:\program files\mozilla firefox\components\xpinstal.dll
.

------- Sigcheck -------

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\Driver Cache\i386\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys
[-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 00:12 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mspmsnsv.dll
[-] 2004-09-22 23:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-09-22 23:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\mspmsnsv.dll
[-] 2002-11-27 09:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll

[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\d3d9.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\d3d9.dll
[-] 2002-12-12 14:14 . 5773686BA13346408A9EBA0AC448B2D5 . 1634304 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\system32\d3d9.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VibeFireAlerts"="" [BU]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2009-12-29 1653248]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [BU]
"SearchEngineProtection"="c:\program files\Gamesbar\SearchEngineProtection.exe" [2010-05-31 568312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-03-12 114688]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"PS2"="c:\windows\system32\ps2.exe" [BU]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2008-3-14 256000]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]
PowerReg Scheduler.exe [2008-3-14 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-9-20 53248]
Windows Desktop Search.lnk - c:\program files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe [2005-6-15 238080]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/13/2010 5:20 PM 93320]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/21/2010 6:50 PM 136176]
S2 mrtRate;mrtRate;

.
Contents of the 'Scheduled Tasks' folder

2010-09-23 c:\windows\Tasks\At1.job
- c:\windows\System32\wdixbwx.dll [2003-06-05 12:00]

2010-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-21 23:49]

2010-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-21 23:49]

2010-09-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-04-12 17:22]

2010-09-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-04-12 17:22]

2010-09-25 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe [2008-10-29 20:10]

2010-09-20 c:\windows\Tasks\rpc.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2008-10-28 21:24]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://srch-qus8.hpwis.com/
uStart Page = hxxp://start.iplay.com/?o=shp
mSearch Bar = hxxp://srch-qus8.hpwis.com/
uInternet Settings,ProxyOverride = localhost
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
Trusted Zone: nwfdailynews.com\www
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-25 17:43
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(504)
c:\windows\System32\ODBC32.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

- - - - - - - > 'lsass.exe'(560)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(1432)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2010-09-25  18:06:28 - machine was rebooted
ComboFix-quarantined-files.txt  2010-09-25 23:05
ComboFix2.txt  2010-09-24 00:14

Pre-Run: 15,541,374,976 bytes free
Post-Run: 15,511,580,672 bytes free


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/27/2010 at 05:44 PM

Application Version : 4.43.1000

Core Rules Database Version : 5506
Trace Rules Database Version: 3318

Scan type       : Quick Scan
Total Scan Time : 01:04:39

Memory items scanned      : 433
Memory threats detected   : 0
Registry items scanned    : 1303
Registry threats detected : 0
File items scanned        : 11966
File threats detected     : 0

[SuperDave]

Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
Winferno
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners
************************************

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

c:\windows\System32\ODBC32.dll
 
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

I would like to see the MBAM log.

[tpolcha]

Thanks for all your help; no need to go any further. 

You can close this thread.

Thanks again,

T