Can anyone tell me what this was??

[debby]

Wednesday evening I was on Computer Hope, software forum where I was being helped with another problem. All of a sudden a window popped up telling me Security Tools needs to run right away, I have 101 viruses, Trojans, etc.  I clicked on the x and another window popped up asking was I sure I wanted to stop scan, I said yes, and yet another window popped up telling me I was leaving my computer vulnerable, do I want to do that, and every time I clicked the x or cancel, new windows just kept popping up.  My desktop went black, no icons, no picture, but I did have the taskbar at the bottom. So I cut the computer off, disconnected from the Internet and ran a virus scan (I have F-Secure-which I don't like but my computer guy does-I am getting rid of it).  It came back with no viruses.  So I got on the internet again and went back to Computer Hope and it started again. I shut my computer down and opened back up in safe mode and did a system restore to a few days ago. When I cut my computer back on to regular Vista, everything was fine, no problems.  Last night my husband got on the computer and it started doing the same thing all over again.  I ran a virus scan again, no infection. Is this a virus trying to get me, or can anyone explain what the heck is going on?  Little windows were popping up so fast I couldn't even read them as the very second I clicked on the x or cancel, a new window was there.  I was panicking, especially when my desktop went black. Scared the dickens out of me!!! I have a working knowledge of computers, but just basically. Mostly I am computer challenged when it comes to a lot of things and Computer Hope has helped a lot in my learning these things. Was my computer being attacked?

[SuperDave]

Hello debby. Your computer is infected. The first thing I will need you to do is to go to this link and follow the directions precisely. If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. If you can't run any step, just jump to the next one. Please let me know how you are doing or have any questions. Initially, I will need the SuperAntiSpyware, MBAM and HJT logs. Please post any logs that you can generate.

[debby]

Okay, SuperDave, getting ready to do what you have linked me to in order to get rid of the virus.  My question first is, I have antivirus F-Secure program on here, do you want me to uninstall it before I do this, or just turn it off?  Obviously it didn't work well and I'm going to ask for my money back as it's less than a month old, but I didn't know if it would be better to just uninstall it or turn it off. (Told you I'm somewhat computer stupid!!!)

[SuperDave]

Debby, please don't turn off your AV unless I ask you to. Many of the problems you have may not be related to viruses. Run those programs I suggested and post the logs.

[debby]

Okay - here's the first one...I'm a little under-the-weather, moving kind of slow. Going to start others now.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/02/2010 at 07:46 PM

Application Version : 4.32.1000

Core Rules Database Version : 4441
Trace Rules Database Version: 2265

Scan type       : Complete Scan
Total Scan Time : 02:13:10

Memory items scanned      : 368
Memory threats detected   : 0
Registry items scanned    : 5963
Registry threats detected : 0
File items scanned        : 237584
File threats detected     : 146

Adware.Tracking Cookie
   C:\Users\debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Windows.old\Documents and Settings\debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Documents and Settings\debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\debby@doubleclick[1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@123count[1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@247realmedia[1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@2o7[1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@adbrite[2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@adbureau[1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@adrevolver[2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@advertising[1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@alineamedia[1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@apmebf[2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@atdmt[1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@bizrate[2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@bravenet[1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@chitika[2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@clickbank[1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@collective-media[1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@dealtime[1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@dmtracker[1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@doubleclick[1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@ez-tracks[2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@fastclick[2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@findyour-siding[2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@gpstracklog[2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@hitbox[2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@imrworldwide[2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@insightexpressai[2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@interclick[2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@invitemedia[1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@lionadtrack[1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@media6degrees[2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@mediaonenetwork[1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@mediaplex[1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@nextag[2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@oddcast[1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@overture[2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@qnsr[1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@questionmarket[1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@revsci[2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@roiservice[1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][6].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][7].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@specificclick[1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@specificmedia[2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@tacoda[1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@testcountry[1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@thefind[2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@trackalyzer[1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@tradedoubler[2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@trafficmp[1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@traveladvertising[1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@tribalfusion[2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@tripod[2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][10].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][11].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][5].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][6].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][7].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][8].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][9].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@xiti[1].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@yieldmanager[2].txt
   C:\Windows.old\Users\Debby\AppData\Roaming\Microsoft\Windows\Cookies\Low\debby@zedo[2].txt
   C:\Windows.old\Users\Debby\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\Application Data\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Windows.old\Users\Debby\Cookies\Low\[email protected][2].txt
   C:\Windows.old\Users\Debby\Cookies\Low\[email protected][3].txt

[debby]

Here's MBAM

Malwarebytes' Anti-Malware 1.43
Database version: 3485
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

1/2/2010 10:12:40 PM
mbam-log-2010-01-02 (22-12-40).txt

Scan type: Quick Scan
Objects scanned: 93356
Time elapsed: 3 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[debby]

I'm not sure I did Hijack This correctly.  It didn't come up at all like the instructions given on Computer Hope page. I clicked install and save and it installed and ran scan right away.  This is what it said:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:51 PM, on 1/2/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\Webshots\315~1.761\webshots.scr
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/mycomcast/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: agihelper.AGUtils - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - mscoree.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: agihelper.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\3.1.5.7617\Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\4.2\AGCoreService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 6416 bytes

[SuperDave]

Hello debby and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R3 - URLSearchHook: agihelper.AGUtils - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - mscoree.dll (file missing)
O2 - BHO: agihelper.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab


Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
link #2

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts.
Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[debby]

SD - This is from ComboFix

ComboFix 10-01-04.01 - debby 01/05/2010  18:42:28.1.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.1919.1111 [GMT -5:00]
Running from: c:\users\debby\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500
c:\recycler\S-1-5-21-1343024091-1993962763-682003330-1003

.
(((((((((((((((((((((((((   Files Created from 2009-12-05 to 2010-01-05  )))))))))))))))))))))))))))))))
.

2010-01-05 23:48 . 2010-01-05 23:48   --------   d-----w-   c:\users\debby\AppData\Local\temp
2010-01-05 23:48 . 2010-01-05 23:48   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-01-03 03:24 . 2010-01-03 03:24   --------   d-----w-   c:\program files\Trend Micro
2010-01-03 03:07 . 2010-01-03 03:07   --------   d-----w-   c:\users\debby\AppData\Roaming\Malwarebytes
2010-01-03 03:07 . 2009-12-30 19:55   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-03 03:07 . 2010-01-03 03:07   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-01-03 03:07 . 2010-01-03 03:07   --------   d-----w-   c:\programdata\Malwarebytes
2010-01-03 03:07 . 2009-12-30 19:54   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-01-02 22:30 . 2010-01-02 22:30   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2010-01-02 22:29 . 2010-01-02 22:29   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-01-02 22:29 . 2010-01-02 22:29   --------   d-----w-   c:\users\debby\AppData\Roaming\SUPERAntiSpyware.com
2010-01-02 22:28 . 2010-01-02 22:28   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-01-02 21:08 . 2010-01-02 21:08   --------   d-----w-   c:\program files\CCleaner
2009-12-31 01:24 . 2009-12-31 01:24   --------   d-----w-   c:\users\debby\AppData\Local\Apps
2009-12-31 01:15 . 2009-12-31 01:15   --------   d-----w-   c:\program files\MSECache
2009-12-26 20:18 . 2009-12-26 20:18   --------   d-----w-   c:\programdata\Seagate
2009-12-26 20:18 . 2009-12-26 20:18   --------   d-----w-   c:\program files\Seagate
2009-12-26 20:16 . 2009-12-26 20:24   --------   d-----w-   c:\users\debby\AppData\Local\Downloaded Installations
2009-12-26 20:15 . 2009-12-26 20:15   --------   d-sh--w-   c:\windows\ftpcache
2009-12-26 20:12 . 2009-12-26 20:12   --------   d-----w-   c:\users\debby\AppData\Roaming\Leadertech
2009-12-20 05:00 . 2009-12-20 05:00   --------   d-----w-   c:\users\debby\AppData\Roaming\F-Secure
2009-12-19 00:52 . 1995-08-01 09:44   212480   ----a-w-   c:\windows\PCDLIB32.DLL
2009-12-19 00:50 . 2009-12-19 00:51   --------   d-----w-   c:\program files\EPSON Print CD
2009-12-19 00:45 . 2009-12-19 00:50   --------   d-----w-   c:\program files\EPSON
2009-12-19 00:44 . 2003-05-21 07:27   64000   ----a-w-   c:\windows\system32\E_FBCBAIA.DLL
2009-12-19 00:44 . 2004-11-25 10:07   79679   ----a-w-   c:\windows\system32\E_FLMAIA.DLL
2009-12-19 00:44 . 2004-06-24 06:20   309760   ----a-w-   c:\windows\system32\EAL32.DLL
2009-12-19 00:44 . 2004-03-12 06:30   82944   ----a-w-   c:\windows\system32\EAL.EXE
2009-12-19 00:44 . 2000-06-07 06:01   34304   ----a-w-   c:\windows\system32\E_FBCHAIA.DLL
2009-12-19 00:27 . 2006-08-25 00:00   9216   ----a-w-   c:\windows\system32\escdev.dll
2009-12-19 00:27 . 2007-11-29 05:00   73216   ----a-w-   c:\windows\system32\eswia7c.dll
2009-12-19 00:27 . 2007-10-18 05:00   65793   ----a-w-   c:\windows\system32\esfw7c.bin
2009-12-19 00:27 . 2007-10-18 05:00   221184   ----a-w-   c:\windows\system32\esint7c.dll
2009-12-19 00:27 . 2006-03-10 05:00   3584   ----a-w-   c:\windows\system32\eswiaml.dll
2009-12-17 23:52 . 2009-12-17 23:53   --------   d-----w-   c:\program files\eMusic Download Manager
2009-12-15 18:34 . 2009-12-15 18:34   --------   d-----w-   c:\users\debby\AppData\Roaming\eMusic
2009-12-15 18:34 . 2009-12-15 18:34   --------   d-----w-   c:\users\debby\AppData\Local\eMusic
2009-12-14 04:44 . 2000-03-21 05:55   118784   ----a-w-   c:\windows\system32\vbalNCSM6.dll
2009-12-14 04:44 . 1999-02-19 13:54   40960   ----a-w-   c:\windows\system32\SSubTmr6.dll
2009-12-14 04:44 . 1999-03-26 05:00   101888   ----a-w-   c:\windows\system32\Vb6stkit.dll
2009-12-14 04:42 . 2009-12-14 04:42   --------   d-----w-   c:\program files\eGames
2009-12-13 19:43 . 2009-12-13 19:44   --------   d-----w-   c:\users\debby\AppData\Roaming\Template
2009-12-13 04:44 . 2009-12-13 04:44   --------   d-----w-   c:\users\debby\AppData\Roaming\KodakCredentialStore
2009-12-13 04:43 . 2009-12-13 04:43   --------   d-----w-   c:\users\debby\AppData\Local\KodakGallery
2009-12-13 04:42 . 2009-12-13 04:42   --------   d-----w-   c:\users\debby\AppData\Roaming\Skinux
2009-12-13 04:38 . 2009-12-13 04:38   --------   d-----w-   c:\users\debby\AppData\Local\ArcSoft
2009-12-13 04:38 . 2009-12-13 04:38   --------   d-----w-   c:\users\debby\AppData\Roaming\Arcsoft
2009-12-13 04:37 . 2009-12-13 04:38   --------   d-----w-   c:\programdata\ArcSoft
2009-12-13 04:36 . 2009-12-26 20:27   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-12-13 04:36 . 2009-12-19 00:52   --------   d-----w-   c:\program files\ArcSoft
2009-12-13 04:36 . 2009-12-13 04:37   --------   d-----w-   c:\program files\Common Files\ArcSoft
2009-12-13 04:10 . 2009-12-13 04:10   --------   d-----w-   c:\windows\system32\BWKDLogs
2009-12-13 04:10 . 2009-12-13 04:33   --------   d-----w-   c:\program files\Common Files\Kodak
2009-12-13 04:10 . 2009-12-13 04:33   --------   d-----w-   c:\windows\system32\color
2009-12-13 04:09 . 2009-12-13 04:34   --------   d-----w-   c:\program files\Kodak
2009-12-13 04:08 . 2009-12-13 04:20   --------   d-----w-   c:\programdata\Kodak
2009-12-12 17:15 . 2009-12-12 17:15   --------   d-----w-   c:\program files\Windows Portable Devices
2009-12-12 15:36 . 2009-09-10 02:00   92672   ----a-w-   c:\windows\system32\UIAnimation.dll
2009-12-12 15:36 . 2009-09-10 02:00   1164800   ----a-w-   c:\windows\system32\UIRibbonRes.dll
2009-12-12 15:36 . 2009-09-10 02:01   3023360   ----a-w-   c:\windows\system32\UIRibbon.dll
2009-12-12 15:34 . 2009-10-01 01:02   30208   ----a-w-   c:\windows\system32\WPDShextAutoplay.exe
2009-12-12 15:33 . 2009-10-08 21:07   4096   ----a-w-   c:\windows\system32\oleaccrc.dll
2009-12-12 15:33 . 2009-10-08 21:08   555520   ----a-w-   c:\windows\system32\UIAutomationCore.dll
2009-12-12 15:33 . 2009-10-08 21:08   234496   ----a-w-   c:\windows\system32\oleacc.dll
2009-12-12 15:33 . 2009-12-12 15:33   --------   d-----w-   c:\program files\MSXML 4.0
2009-12-12 00:22 . 2009-12-12 00:22   --------   d-----w-   c:\programdata\TomTom
2009-12-12 00:20 . 2009-12-12 00:20   --------   d-----w-   c:\users\debby\AppData\Roaming\TomTom
2009-12-12 00:20 . 2009-12-12 00:20   --------   d-----w-   c:\users\debby\AppData\Local\TomTom
2009-12-12 00:20 . 2009-12-12 00:20   --------   d-----w-   c:\program files\TomTom International B.V
2009-12-12 00:19 . 2009-12-12 00:19   --------   d-----w-   c:\program files\TomTom HOME 2
2009-12-12 00:18 . 2009-12-12 00:18   --------   d-----w-   c:\program files\TomTom DesktopSuite
2009-12-11 23:57 . 2009-12-11 23:59   --------   d-----w-   c:\users\debby\AppData\Roaming\acccore
2009-12-11 23:57 . 2009-12-11 23:57   --------   d-----w-   c:\users\debby\AppData\Local\AOL
2009-12-11 23:57 . 2009-12-11 23:57   --------   d-----w-   c:\users\debby\AppData\Local\AIM
2009-12-11 23:57 . 2009-12-11 23:57   --------   d-----w-   c:\programdata\AIM
2009-12-11 23:57 . 2009-12-11 23:57   --------   d-----w-   c:\program files\AIM
2009-12-11 23:57 . 2009-12-11 23:57   --------   d-----w-   c:\program files\Common Files\Software Update Utility
2009-12-11 23:57 . 2009-12-11 23:57   --------   d-----w-   c:\program files\Common Files\AOL
2009-12-11 23:07 . 2009-12-11 23:07   --------   d-----w-   c:\program files\Shockwave.com
2009-12-11 22:40 . 2009-12-15 18:36   --------   d-----w-   c:\users\debby\AppData\Local\Apple Computer
2009-12-11 22:40 . 2009-12-11 22:43   --------   d-----w-   c:\users\debby\AppData\Roaming\Apple Computer
2009-12-11 22:40 . 2009-12-11 22:40   --------   dc----w-   c:\windows\system32\DRVSTORE
2009-12-11 22:40 . 2009-05-18 19:17   26600   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2009-12-11 22:40 . 2008-04-17 18:12   107368   ----a-w-   c:\windows\system32\GEARAspi.dll
2009-12-11 22:39 . 2009-12-11 22:39   --------   d-----w-   c:\program files\iPod
2009-12-11 22:39 . 2009-12-11 22:40   --------   d-----w-   c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-11 22:39 . 2009-12-11 22:40   --------   d-----w-   c:\program files\iTunes
2009-12-11 22:39 . 2009-12-11 22:39   --------   d-----w-   c:\program files\Bonjour
2009-12-11 22:38 . 2009-12-11 22:39   --------   d-----w-   c:\program files\QuickTime
2009-12-11 22:38 . 2009-12-11 22:39   --------   d-----w-   c:\programdata\Apple Computer
2009-12-11 22:37 . 2009-12-11 22:37   --------   d-----w-   c:\users\debby\AppData\Local\Apple
2009-12-11 22:37 . 2009-12-11 22:37   --------   d-----w-   c:\program files\Apple Software Update
2009-12-11 22:35 . 2009-12-11 22:39   --------   d-----w-   c:\program files\Common Files\Apple
2009-12-11 22:35 . 2009-12-11 22:35   --------   d-----w-   c:\programdata\Apple
2009-12-11 21:38 . 2009-12-11 21:38   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-12-11 21:37 . 2009-12-11 21:37   --------   d-----w-   c:\program files\Java
2009-12-11 21:08 . 2009-04-23 17:52   750984   ----a-w-   c:\windows\system32\Magentic Screensaver.scr
2009-12-11 21:08 . 2009-12-11 21:25   --------   d-----w-   c:\users\debby\AppData\Local\Magentic
2009-12-11 21:08 . 2009-12-11 21:13   --------   d-----w-   c:\program files\Magentic
2009-12-11 20:57 . 2009-12-11 20:59   --------   d-----w-   c:\users\debby\AppData\Local\IM
2009-12-11 20:56 . 2009-12-11 20:56   --------   d-----w-   c:\programdata\IncrediMail
2009-12-11 20:56 . 2009-12-11 20:57   --------   d-----w-   c:\programdata\IM
2009-12-11 20:56 . 2009-12-11 20:56   --------   d-----w-   c:\program files\IncrediMail
2009-12-11 20:48 . 2008-01-19 04:34   89600   ----a-w-   c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2009-12-11 19:42 . 2009-12-13 06:56   --------   d-----w-   c:\users\debby\AppData\Local\MigWiz
2009-12-11 18:26 . 2009-10-29 09:17   2048   ----a-w-   c:\windows\system32\tzres.dll
2009-12-11 03:59 . 2009-12-11 03:59   --------   d-----w-   c:\users\debby\AppData\Roaming\Webshots
2009-12-11 03:59 . 2009-12-26 20:45   --------   d-----w-   c:\program files\Webshots
2009-12-11 03:59 . 2009-12-11 03:59   --------   d-----w-   c:\program files\AGI
2009-12-11 03:57 . 2009-12-11 03:59   --------   d-----w-   c:\programdata\agi
2009-12-11 03:25 . 2009-12-29 05:24   --------   d-----w-   c:\users\debby\AppData\Local\Microsoft Games
2009-12-11 01:49 . 2009-12-11 01:55   33920   ----a-w-   c:\windows\system32\drivers\fsbts.sys
2009-12-11 01:49 . 2009-07-09 09:33   35680   ----a-w-   c:\windows\system32\drivers\fses.sys
2009-12-11 01:49 . 2009-07-09 09:35   572512   ----a-w-   c:\windows\system32\msvcp50.dll
2009-12-11 01:49 . 2009-07-09 09:33   71040   ----a-w-   c:\windows\system32\drivers\fsdfw.sys
2009-12-11 01:48 . 2009-12-11 01:56   --------   d-----w-   c:\program files\F-Secure
2009-12-11 01:48 . 2009-12-11 01:48   --------   d-----w-   c:\programdata\fssg
2009-12-11 01:45 . 2009-12-11 01:49   --------   d-----w-   c:\programdata\f-secure
2009-12-11 01:39 . 2009-12-11 01:39   --------   d-----w-   c:\windows\ShellNew
2009-12-11 01:38 . 2009-12-11 01:38   --------   d-----w-   c:\windows\Twain32
2009-12-11 01:38 . 2009-12-11 01:38   --------   d-----w-   c:\users\debby\AppData\Roaming\Microsoft Web Folders
2009-12-11 01:30 . 2009-12-11 01:30   --------   d-----w-   c:\windows\system32\RTCOM
2009-12-11 01:30 . 2009-12-11 01:30   --------   d-----w-   c:\program files\Realtek
2009-12-11 01:23 . 2009-12-11 01:23   319456   ----a-w-   c:\windows\DIFxAPI.dll
2009-12-11 01:22 . 2009-12-11 01:23   --------   d--h--w-   c:\program files\Temp

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 21:58 . 2009-12-13 04:37   720   ----a-w-   c:\programdata\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-01-03 02:48 . 2010-01-02 22:30   117760   ----a-w-   c:\users\debby\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-02 22:30 . 2010-01-02 22:30   52224   ----a-w-   c:\users\debby\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-17 23:30 . 2009-12-17 23:30   0   ---ha-w-   c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-12-13 19:38 . 2009-12-13 19:38   0   ----a-w-   c:\users\debby\AppData\Roaming\wklnhst.dat
2009-12-13 04:38 . 2009-12-13 04:38   2380538   ----a-w-   c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2009-12-13 04:30 . 2009-12-13 04:30   77824   ----a-w-   c:\programdata\Kodak\EasyShareSetup\ESS\bindbins\bindbins.exe
2009-12-13 04:30 . 2009-12-13 04:30   225280   ----a-w-   c:\programdata\Kodak\EasyShareSetup\*censored*\finish.exe
2009-12-13 04:30 . 2009-12-13 04:30   175104   ----a-w-   c:\programdata\Kodak\EasyShareSetup\reduced_contents_PrintCreation_expanded\setup.exe
2009-12-13 04:30 . 2009-12-13 04:30   225280   ----a-w-   c:\programdata\Kodak\EasyShareSetup\*censored*\update.exe
2009-12-13 04:30 . 2009-12-13 04:30   45056   ----a-w-   c:\programdata\Kodak\EasyShareSetup\SysFiles\kb945060\kb945060.exe
2009-12-13 04:30 . 2009-12-13 04:29   225280   ----a-w-   c:\programdata\Kodak\EasyShareSetup\*censored*\start.exe
2009-12-13 04:29 . 2009-12-13 04:29   1187840   ----a-w-   c:\programdata\Kodak\EasyShareSetup\$SETUP_1e0001_63347\EasyShrx.Dll
2009-12-13 04:20 . 2009-12-13 04:20   114688   ----a-w-   c:\programdata\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_8.0.30.1.dll
2009-12-13 04:09 . 2009-12-13 04:09   163840   ----a-w-   c:\programdata\Kodak\EasyShareSetup\KDEVICES\CR2\cr_stop.exe
2009-12-13 04:09 . 2009-12-13 04:09   69632   ----a-w-   c:\programdata\Kodak\EasyShareSetup\Ksu\ksustop.exe
2009-12-13 04:08 . 2009-12-13 04:08   167936   ----a-w-   c:\programdata\Kodak\EasyShareSetup\CCS\CCSStop.exe
2009-12-13 04:08 . 2009-12-13 04:08   425984   ----a-w-   c:\programdata\Kodak\EasyShareSetup\$SETUP_140011_2556d0a\EasyShrx.Dll
2009-12-12 17:15 . 2006-11-02 10:25   665600   ----a-w-   c:\windows\inf\drvindex.dat
2009-12-12 17:15 . 2009-12-12 17:15   0   ---ha-w-   c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-11 18:43 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2009-12-11 01:52 . 2009-12-08 20:31   67448   ----a-w-   c:\users\debby\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-11 01:40 . 2009-12-11 01:40   5058   ----a-w-   c:\windows\Help\hhcolreg.dat
2009-12-11 01:02 . 2006-12-23 01:12   358912   ----a-w-   c:\windows\system32\nvraiins.dll
2009-12-11 01:02 . 2006-12-23 01:12   358912   ----a-w-   c:\windows\system32\nvraidco.dll
2009-12-11 01:02 . 2006-12-23 01:07   93696   ----a-w-   c:\windows\system32\drivers\nvstor32.sys
2009-12-11 01:02 . 2007-01-15 22:35   1032104   ----a-w-   c:\windows\system32\drivers\nvmfdx32.sys
2009-12-11 01:02 . 2007-01-15 21:46   198656   ----a-w-   c:\windows\system32\fdco1.dll
2009-12-10 23:51 . 2006-11-02 12:35   --------   d-----w-   c:\program files\Windows Sidebar
2009-12-10 23:51 . 2006-11-02 12:35   --------   d-----w-   c:\program files\Windows Calendar
2009-12-10 23:51 . 2006-11-02 12:35   --------   d-----w-   c:\program files\Windows Photo Gallery
2009-12-10 23:51 . 2006-11-02 12:35   --------   d-----w-   c:\program files\Windows Defender
2009-12-10 23:51 . 2006-11-02 12:35   --------   d-----w-   c:\program files\Windows Collaboration
2009-12-10 23:34 . 2009-12-10 23:34   0   ---ha-w-   c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-12-10 22:42 . 2006-11-02 10:32   101888   ----a-w-   c:\windows\system32\ifxcardm.dll
2009-12-10 22:41 . 2006-11-02 10:32   82432   ----a-w-   c:\windows\system32\axaltocm.dll
2009-11-12 22:07 . 2009-11-12 22:07   79144   ----a-w-   c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-27 14:11 . 2009-12-10 23:16   834048   ----a-w-   c:\windows\system32\wininet.dll
2009-10-27 13:16 . 2009-12-10 23:16   78336   ----a-w-   c:\windows\system32\ieencode.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2009-12-11 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-11 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-12-11 81920]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-21 7625248]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2009-07-09 199264]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2009-07-09 2349664]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]

c:\users\debby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\3.1.5.7617\Launcher.exe [2009-12-10 157088]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31   247144   ----a-w-   c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):46,a8,66,5c,f4,79,ca,01

R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [12/10/2009 8:49 PM 33920]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [12/10/2009 8:48 PM 68064]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [12/10/2009 8:49 PM 35680]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [12/10/2009 8:49 PM 71040]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [12/10/2009 8:48 PM 12384]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480]
R2 AGCoreService;AG Core Services;c:\program files\AGI\core\4.2\AGCoreService.exe [12/10/2009 10:59 PM 20480]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 6:31 AM 92008]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [12/10/2009 8:48 PM 107104]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [12/10/2009 5:24 PM 21504]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [12/10/2009 8:48 PM 55936]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [12/10/2009 8:48 PM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [12/10/2009 8:48 PM 25184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ      PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-01-05 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2009-12-11 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/mycomcast/
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 18:48
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\program files\f-secure\hips\fshook32.dll

- - - - - - - > 'lsass.exe'(608)
c:\program files\f-secure\hips\fshook32.dll
.
Completion time: 2010-01-05  18:53:44
ComboFix-quarantined-files.txt  2010-01-05 23:53

Pre-Run: 220,036,182,016 bytes free
Post-Run: 219,983,683,584 bytes free

- - End Of File - - 1BED114FC9630E723BCD68F008F7ACF1

[SuperDave]

Hello debby. Let's try this scan.

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log

How is your computer working now?

[debby]

Right now computer is working just fine, no problems.  Are you sure I need to continue?  Are these reports telling you I have something going on? I will do ESET right now, so I'll post back when I get the results.

[debby]

I did not get a report from ESET to give you because it came back with no threats so I guess they didn't do a report as there was nowhere on there to click for one.  The only thing to click was FINISH, so that's what I did.  I guess this means I'm all clean now??  If so, I thank you so very, very much for the help you have given me.  That was the scariest thing I ever experienced. I feel lucky we have something like Computer Hope to help us and all the hard-working people on it. SD, you were ever so patient and an absolute gem! Thank you, thank you, thank you!!!!

[SuperDave]

Are you sure I need to continue?

I just want to ensure that your computer is completely cleaned. If there are no other issues, it's time to clean up.
You can uninstall HJT but keep SAS and MBAM. Update them and run them about once per week to keep the bugs out.

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Safe Surfing!

[debby]

OK, SD, everything looks great - thanks so much.  Am I to uninstall Super Antivirus Spyware and CCleaner also?  And are you saying WOT and Spyware Blaster is all I need to download to keep me safe and I can finally get rid of F-Secure?

[SuperDave]

I just want to check what protection you have before I give you advice.

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.