malware removal

[jongoe]

I have read and reread the read this before posting section and copied the files as requested. My problem is being  redirected to sites that are different from the ones I have clicked on. I had microsoft security essentials
and maleware-bytes on my windows xp laptop.  any help is greatly appreciated .

[recovering disk space - old attachment deleted by admin]

[SuperDave]

Hello and welcome to

Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
**********************************
Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

[jongoe]

ComboFix 10-09-22.05 - joe trotte 09/22/2010  21:33:27.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1022.507 [GMT -4:00]
Running from: c:\documents and settings\joe trotte\desktop\commy.exe
Command switches used :: /stepdel
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\LOG101.tmp
C:\LOG87.tmp
C:\LOGDC.tmp
c:\windows\system32\18467.exe
c:\windows\system32\6334.exe
c:\windows\system32\drivers\1028_DELL_XPS_MM061                           .MRK
c:\windows\system32\drivers\DELL_XPS_MM061                           .MRK

.
(((((((((((((((((((((((((   Files Created from 2010-08-23 to 2010-09-23  )))))))))))))))))))))))))))))))
.

2010-09-22 15:36 . 2010-09-22 15:36   862872   ----a-w-   c:\documents and settings\joe trotte\Application Data\Yahoo!\SearchProtection\fudogs_2.0.1.13_msgr_bts_setup.2010.04.01.01.exe
2010-09-21 23:32 . 2010-09-21 23:32   --------   d-----w-   c:\windows\system32\wbem\Repository
2010-09-21 23:32 . 2010-09-21 23:32   --------   d-----w-   c:\program files\CourseDownloads.com
2010-09-21 23:32 . 2010-09-21 23:32   --------   d-----w-   c:\program files\Common Files\CourseDownloads.com
2010-09-12 20:39 . 2010-09-12 20:39   388096   ----a-r-   c:\documents and settings\joe trotte\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-12 20:39 . 2010-09-12 20:39   --------   d-----w-   c:\program files\sniper.exe
2010-09-12 15:31 . 2010-09-12 15:32   --------   d-----w-   c:\documents and settings\joe trotte\Application Data\PCToolsFirewallPlus
2010-09-12 14:49 . 2010-09-12 14:49   63488   ----a-w-   c:\documents and settings\joe trotte\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-12 14:49 . 2010-09-12 14:49   52224   ----a-w-   c:\documents and settings\joe trotte\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-12 14:49 . 2010-09-12 14:49   117760   ----a-w-   c:\documents and settings\joe trotte\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-12 14:48 . 2010-09-12 14:48   --------   d-----w-   c:\documents and settings\joe trotte\Application Data\SUPERAntiSpyware.com
2010-09-12 14:48 . 2010-09-12 14:48   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-12 14:48 . 2010-09-21 23:32   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-09-12 14:07 . 2009-11-23 17:54   88040   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-12 14:07 . 2009-11-09 15:20   207792   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2010-09-12 14:07 . 2010-01-07 16:40   233136   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
2010-09-12 14:06 . 2010-09-12 14:07   --------   d-----w-   c:\program files\Common Files\PC Tools
2010-09-12 14:06 . 2010-01-12 13:34   70664   ----a-w-   c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-09-12 14:06 . 2010-01-07 15:35   58816   ----a-w-   c:\windows\system32\drivers\pctNdis.sys
2010-09-12 14:06 . 2010-01-07 15:35   32680   ----a-w-   c:\windows\system32\drivers\pctNdis-DNS.sys
2010-09-12 14:06 . 2010-01-13 12:59   115216   ----a-w-   c:\windows\system32\drivers\pctplfw.sys
2010-09-12 14:06 . 2010-09-21 23:34   --------   d-----w-   c:\program files\PC Tools Firewall Plus
2010-08-26 12:52 . 2010-08-26 12:52   --------   d-----w-   c:\documents and settings\joe trotte\Application Data\Uniblue
2010-08-26 12:51 . 2010-08-26 12:51   --------   d-----w-   c:\program files\Uniblue

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 23:38 . 2009-12-16 23:52   1324   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-09-22 01:32 . 2009-12-11 01:17   5646   ----a-w-   c:\documents and settings\joe trotte\Application Data\wklnhst.dat
2010-09-21 23:37 . 2010-02-16 14:15   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-09-12 20:31 . 2009-12-12 03:23   --------   d-----w-   c:\program files\Java
2010-09-12 14:27 . 2010-06-17 12:27   --------   d-----w-   c:\program files\CCleaner
2010-09-10 13:51 . 2009-12-19 19:49   --------   d-----w-   c:\documents and settings\joe trotte\Application Data\Image Zone Express
2010-09-10 13:44 . 2009-12-11 01:58   --------   d-----w-   c:\documents and settings\joe trotte\Application Data\U3
2010-09-04 15:15 . 2010-01-06 18:39   --------   d-----w-   c:\documents and settings\All Users\Application Data\Dell
2010-08-17 13:17 . 2004-08-04 10:00   58880   ----a-w-   c:\windows\system32\spoolsv.exe
2010-08-09 01:14 . 2010-08-02 02:49   --------   d--h--r-   c:\documents and settings\Guest\Application Data\yahoo!
2010-08-08 16:21 . 2010-08-08 16:21   503808   ----a-w-   c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1474571f-n\msvcp71.dll
2010-08-08 16:21 . 2010-08-08 16:21   499712   ----a-w-   c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1474571f-n\jmc.dll
2010-08-08 16:21 . 2010-08-08 16:21   348160   ----a-w-   c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1474571f-n\msvcr71.dll
2010-08-08 16:21 . 2010-08-08 16:21   61440   ----a-w-   c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2d9fd22e-n\decora-sse.dll
2010-08-08 16:21 . 2010-08-08 16:21   12800   ----a-w-   c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2d9fd22e-n\decora-d3d.dll
2010-08-08 13:50 . 2010-08-08 13:50   --------   d-----w-   c:\documents and settings\Guest\Application Data\Sony Corporation
2010-08-06 01:48 . 2009-12-12 03:23   --------   d-----w-   c:\program files\Common Files\Java
2010-08-06 01:48 . 2010-08-06 01:48   503808   ----a-w-   c:\documents and settings\joe trotte\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-66c867bc-n\msvcp71.dll
2010-08-06 01:48 . 2010-08-06 01:48   499712   ----a-w-   c:\documents and settings\joe trotte\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-66c867bc-n\jmc.dll
2010-08-06 01:48 . 2010-08-06 01:48   348160   ----a-w-   c:\documents and settings\joe trotte\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-66c867bc-n\msvcr71.dll
2010-08-06 01:48 . 2010-08-06 01:48   61440   ----a-w-   c:\documents and settings\joe trotte\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7d1f7279-n\decora-sse.dll
2010-08-06 01:48 . 2010-08-06 01:48   12800   ----a-w-   c:\documents and settings\joe trotte\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7d1f7279-n\decora-d3d.dll
2010-08-02 02:49 . 2010-08-02 02:49   --------   d-----w-   c:\documents and settings\Guest\Application Data\HP
2010-08-02 02:49 . 2010-08-02 02:49   --------   d-----w-   c:\documents and settings\Guest\Application Data\ATI
2010-08-02 02:49 . 2010-08-02 02:49   76192   ----a-w-   c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-30 23:53 . 2010-01-12 15:52   0   -c--a-w-   c:\windows\system32\drivers\lvuvc.hs
2010-07-30 23:53 . 2010-01-12 15:50   0   -c--a-w-   c:\windows\system32\drivers\logiflt.iad
2010-07-30 23:46 . 2009-12-19 19:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\HP
2010-07-26 00:39 . 2010-07-26 00:39   --------   d-----w-   c:\documents and settings\joe trotte\Application Data\Apple Computer
2010-07-24 11:44 . 2010-08-02 02:48   53632   ----a-w-   c:\documents and settings\Guest\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-24 11:44 . 2010-07-24 11:45   53632   ----a-w-   c:\documents and settings\joe trotte\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-24 11:44 . 2010-07-24 11:45   53632   ----a-w-   c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-22 15:49 . 2004-08-04 10:00   590848   ----a-w-   c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-12-12 22:59   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2010-07-20 01:56 . 2010-07-20 01:56   44032   --sha-r-   c:\windows\system32\vfpodbcp.dll
2010-07-17 09:00 . 2010-08-06 01:48   423656   ----a-w-   c:\windows\system32\deployJava1.dll
2010-07-17 00:03 . 2010-07-17 00:03   53248   ----a-r-   c:\documents and settings\joe trotte\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-07-07 22:41 . 2010-07-07 22:41   76192   ----a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-07 22:31 . 2004-08-04 10:00   162816   ----a-w-   c:\windows\system32\drivers\netbt.sys
2010-07-07 12:42 . 2009-12-11 01:17   76192   -c--a-w-   c:\documents and settings\joe trotte\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-30 12:31 . 2004-08-04 10:00   149504   ----a-w-   c:\windows\system32\schannel.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-12 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2010-6-17 40368]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2010-6-16 738776]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^joe trotte^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\joe trotte\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 22:41   45056   ----a-w-   c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2010-05-31 21:49   126976   ----a-w-   c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-10 00:55   49208   ----a-w-   c:\program files\Hp\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2010-05-11 20:43   6061400   ----a-w-   c:\program files\Logitech\Logitech Vid\Vid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid HD]
2010-05-11 20:43   6061400   ----a-w-   c:\program files\Logitech\Logitech Vid\Vid.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [9/12/2010 10:07 AM 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [9/12/2010 10:07 AM 88040]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [9/12/2010 10:06 AM 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [9/12/2010 10:06 AM 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [9/12/2010 10:06 AM 115216]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 10:15 AM 135664]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 14:15]

2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 14:15]

2010-09-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]

2010-09-23 c:\windows\Tasks\User_Feed_Synchronization-{42F3F8C1-3820-4CBB-8C3A-E814B786CA46}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.myway.com/
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files\FinalVideoDownloader\fvdRunner.html
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\Logitech WebCam Software\LWS.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-22 21:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1416)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-09-22  21:39:01
ComboFix-quarantined-files.txt  2010-09-23 01:38

Pre-Run: 88,160,415,744 bytes free
Post-Run: 88,661,667,840 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 7A19F351E1D884F42FC3395008C90681

[SuperDave]

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
  
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  
• Now click the Scan button.
• Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  
• Save it where you can easily find it, such as your desktop.

[jongoe]

I tried to scan with GMER.exe three times .  Each time, windows shut down and gave me error messages and required a restart at which time there were error reports and codes as to what the problems were . I wrote these codes down if needed.  the scan stopped each time about half way down the page if this means anything.   lost in space .  thank you for your patience.

[SuperDave]

Ok. Let's try this one.

* Download the following tool: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.

[jongoe]

this seemed to work. ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2010/09/24 21:32
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF2113000   Size: 98304   File Visible: No   Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79F9000   Size: 8192   File Visible: No   Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEEC9A000   Size: 49152   File Visible: No   Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\System Volume Information\_restore{A8CD964F-C08F-46D3-9848-E1C9786A50AE}\RP14\change.log.3
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\DellDriverDownloadManager.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\DellDriverDownloadManager.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\DellDriverDownloadManager.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\DellDriverDownloadManager.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Core.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Core.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.ISOImage.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.ISOImage.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Interop.IWshRuntimeLibrary.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Interop.IWshRuntimeLibrary.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\stdole.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\stdole.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Xceed.Compression.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\joe trotte\Local Settings\Apps\2.0\HRJER09B.8Z7\95HE60JP.99E\manifests\Xceed.Compression.manifest
Status: Locked to the Windows API!

==EOF==

[SuperDave]

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[jongoe]

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=23c6a197a6c4fd4c9ff2e25dccb9ab8b
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-25 10:54:18
# local_time=2010-09-25 06:54:18 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5891 16776533 100 100 0 14962903 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=73224
# found=0
# cleaned=0
# scan_time=3752
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=23c6a197a6c4fd4c9ff2e25dccb9ab8b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-25 11:45:47
# local_time=2010-09-25 07:45:47 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5891 16776869 100 100 0 14966930 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=73219
# found=0
# cleaned=0
# scan_time=2814

[SuperDave]

That looks good. If there are no other issues, it's time for some cleanup

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

***************************************

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

******************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

[jongoe]

I followed the directions and suggestions from your last post. Seems that everything is running better. downloaded more and have done more scans than I thought possible but I believe you fixed this problem. Please place another feather in your cap . I thank you for all your time .  You provide a wonderful service.