Downloaded a keylogger for fun.. sometimes i think ill never learn my lesson...

[WiseFailure]

Straight to the point. I uninstalled it, then did a virus scan, found some stuff and cleaned it.

My boot up is slow, and sometimes it wont boot up at all, and i have to force restart before it boots up.

Ive identified some processes in my task manager that im not familiar with.

Help me get rid of whatever is causing my trouble. Im not going to download anything anymore.

Quick question about keyloggers though, There Are legitimate keyloggers for home use, right? The place that i downloaded it from (i realize now) didnt look too legitimate. Unfortunately i cant find the website that i downloaded it from.

Anyway, here are the things ive found on my processes;

winlogon.exe

nvvsvc.exe

fSex.exe

csrss.exe


Ive tried terminating the process, but it doesnt work. i cant seem to find the files in system32. I DO see "winlogon" from the Microsoft Corporation, but it does not say .exe on the end. Help me out, i need Find the problem and deal with it as soon as possible.

My virus scanner is WindowsDefender.

Ive just realized that all of the above files are Applications. How do i delete them, and is it safe to? I know for sure that nvvsvc is Nvidia software.


Thank you.

(i feel so dumb) lol

[WiseFailure]

I am Completely unable to find the site that i downloaded this from. Is it possible that the virus is preventing me from finding it? There was one site that simply said "404" on a white page. Other than that, how much danger could i be in? and what do i need to do in order to get rid of the danger?

[Allan]

I deleted your duplicate thread - one is enough please.

Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

[WiseFailure]

I deleted your duplicate thread - one is enough please.

Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

Sorry for the unnecessary thread. This has to do with Both programs, and viruses so i figured i could get help from both. Thanks for deleting it though, i knew it was excessive.  That is alot of reading, and i dont think im capable of reading and putting into action what ive read successfully. Due to being in such despair about my security, im freaking out a bit.

Is it really necessary to download all this stuff to get rid of a few small things? I really dont know what im dealing with exactly so, how do i know what i need?

[WiseFailure]

I just downloaded "Superantispyware". is this enough? Should i have to do much more than this? When it comes to this kind of stuff, im not that great. Really. The program is easy enough to use it seems, but Actually ridding my computer of threats is another thing.

[WiseFailure]

I just downloaded "Superantispyware". is this enough? Should i have to do much more than this? When it comes to this kind of stuff, im not that great. Really. The program is easy enough to use it seems, but Actually ridding my computer of threats is another thing.

Ive finished running Superantispyware.. and its much better than windows defender. Though i still have these processes running. I saw a new application/process that said "consent", t though i didnt catch the file type since it disappeared. 

Im going to run the antispyware one more time, but i just feel like someone is still watching me.

Side Note: The keylogger program i downloaded, did not appear in my add/remove programs list, in the control panel. I had to go to the file location to uninstall it. Thats not normal.

Im gonna keep trying tomorrow, but in the meanwhile, do you have any tips? Personal experience?

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*******************************************************
We'll take this nice and slowly. Just take a deep breath, read carefully and follow the instructions and post the logs in your next reply.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
***************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

[WiseFailure]

Alright guys, im going to do the malware scan but im really scared right now. my computer wont start up and fear that our personal information is compromised. I received two calls from private callers, telling us we won something from last summer that we DID register for at a fair. But its been so long, youd think that they would ahve contacted us sooner. I really dont want to ruin my life or the liv es of my family. What am i going to do? I need to do more than run scans!!

[Allan]

If you want our assistance please follow SuperDave's advice - he is the only one who will be responding to you in this thread from now on. If you do not want to follow his instructions please say so and we will close out this thread.

[WiseFailure]

If you want our assistance please follow SuperDave's advice - he is the only one who will be responding to you in this thread from now on. If you do not want to follow his instructions please say so and we will close out this thread.

I did follow his instructions. I finished the scan the other day, but i didnt know if it was safe to "delete" the items on the results of the scan. i didnt post the logs either becuase i didnt know if there was anything i should delete out of them to make it safe to psot on the internet.

What are the chances of having my familys personal information stolen? I am really scared, bare with me.

Anyway, im running the scan now,but when my computer booted up, it started to do a system recovery. what the heck is up with that?  I was freaking out trying to shut it off. I am not in control of my computer right now. someone else is.

Is this a high jacking? is the person who is controlling my computer Watching everything that im doing? How does he get my phone number and address? I dont know if we are safe! How worried should i be man!? I honestly dont know!

[WiseFailure]

I did follow his instructions. I finished the scan the other day, but i didnt know if it was safe to "delete" the items on the results of the scan. i didnt post the logs either becuase i didnt know if there was anything i should delete out of them to make it safe to psot on the internet.

What are the chances of having my familys personal information stolen? I am really scared, bare with me.

Anyway, im running the scan now,but when my computer booted up, it started to do a system recovery. what the heck is up with that?  I was freaking out trying to shut it off. I am not in control of my computer right now. someone else is.

Is this a high jacking? is the person who is controlling my computer Watching everything that im doing? How does he get my phone number and address? I dont know if we are safe! How worried should i be man!? I honestly dont know!

I was ina sort of panic when i first did the scan the other day, but even if "he" did have my personal information, it would have been too late to stop him right? I mean if hes got the info it doesnt matter if i take off the virus/malware/spyware that came with this false keylogger, would it? How long does it take to figure out if my familis social security or credit information is being used and destroyed? How can i repair this!?!? (i know im jumping to conclusions and being paranoid, but i am honestly scared of this situation. This could have happened because of anything, not just because i downloaded one thing.)

[WiseFailure]

My log for the scan... Is this how i was supposed to do it?


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5700

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/9/2011 1:48:21 PM
mbam-log-2011-02-09 (13-48-21).txt

Scan type: Full scan (C:\|I:\|)
Objects scanned: 488304
Time elapsed: 54 minute(s), 9 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 10
Registry Data Items Infected: 1
Folders Infected: 10
Files Infected: 78

Memory Processes Infected:
c:\program files (x86)\application updater\applicationupdater.exe (PUP.Dealio) -> 1436 -> Unloaded process successfully.
c:\program files (x86)\common files\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> 3336 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Dealio (PUP.Dealio) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\[email protected] (PUP.Dealio) -> Value: [email protected] -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchSettings (PUP.Dealio) -> Value: SearchSettings -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE (PUP.Dealio) -> Value: SEARCHSETTINGS.EXE -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\DEALIO TOOLBAR\FF\CHROME.MANIFEST (PUP.Dealio) -> Value: CHROME.MANIFEST -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\DEALIO TOOLBAR\FF\INSTALL.RDF (PUP.Dealio) -> Value: INSTALL.RDF -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\DEALIO TOOLBAR\FF\CHROME\LOCALE\EN-US\WIDGITOOLBARPLUGIN.PROPERTIES (PUP.Dealio) -> Value: WIDGITOOLBARPLUGIN.PROPERTIES -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
c:\program files (x86)\dealio toolbar (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\content (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\locale (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\locale\EN-US (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\skin (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\IE (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\IE\4.1 (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res (PUP.Dealio) -> Quarantined and deleted successfully.

Files Infected:
c:\program files (x86)\application updater\applicationupdater.exe (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\IE\4.1\dealiotoolbarie.dll (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\widgihelper.exe (PUP.Dealio) -> Quarantined and deleted successfully.
c:\Windows.old\program files (x86)\mywebsearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Windows.old\Users\uncledavid\downloads\setupplaysushi(2).exe (PUP.PlaySushi) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\[email protected] (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome.manifest (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\install.rdf (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\content\chevron.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\content\chevron.xul (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\content\login.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\content\login.xul (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\content\parser.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\content\rsstickerwidget.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\content\searchbox.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\content\searchbox.xul (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\content\utils.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\content\widgichevron.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\content\widgicomm.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\content\widgihandling.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\content\widgilisteners.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\content\widgitoolbarplugin.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\content\widgitoolbarplugin.xul (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\content\widgiui.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\locale\EN-US\searchbox.dtd (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\locale\EN-US\yahoo-search.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\skin\amazon.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\skin\apple.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\skin\barnes.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\skin\bestbuy.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\skin\chevron.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\skin\dealio_logo.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\skin\dealio_logo_hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\skin\ebay.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\skin\icon_settings.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\skin\macys.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\skin\newegg.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\skin\overstock.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\skin\search-button-hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\skin\search-button.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\skin\search-chevron-hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\skin\search-chevron.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\skin\searchbox.css (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\skin\search_amazon.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\skin\search_dealio.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\skin\search_ebay.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\skin\search_yahoo.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\skin\splitter.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\skin\target.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\skin\walmart.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\FF\chrome\skin\widgitoolbarplugin.css (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\IE\4.1\config.ini (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\amazon.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\apple.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\barnes.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\bestbuy.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\dealio_logo.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\dealio_logo_hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\ebay.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\icon_settings.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\macys.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\newegg.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\overstock.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\search-button-hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\search-button.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\search-chevron-hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\search-chevron.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\search_amazon.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\search_dealio.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\search_ebay.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\search_yahoo.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\target.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\walmart.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\widgets.xml (PUP.Dealio) -> Quarantined and deleted successfully.

[SuperDave]

I don't see the SAS log. Did you run it yet? If not, please run it and post the log. I need to see it.

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
****************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

[WiseFailure]

 Results of screen317's Security Check version 0.99.8 
 Windows 7  (UAC is enabled)
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 Java(TM) 6 Update 21 
 Out of date Java installed!
 Adobe Flash Player 10.1.102.64 
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
 Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check: 
objlist.exe by Laurent
``````````End of Log````````````

[WiseFailure]

SuperDave i sent you a PM with my logs.

Did you get my logs? what is in them that you are looking for? i dont understand. Please be quick to get back to me.

[BC_Programmer]

SuperDave i sent you a PM with my logs.

* Copy and Paste the log in your post.

[Allan]

SuperDave i sent you a PM with my logs.

Post the logs in this thread

[SuperDave]

Seriously man, should i really be worried? You saw how i mentioned that i got acall from someone saying that i won something that i registered to win last summer, right? They knew our address. I mean, that is just a coincidence, right?

Also taxes are being done right now, so if this person is watching us... they have seen everything. and its basically being given to them!!

There is no reason why you cannot post the logs in your replies.There is nothing in these logs that would give a hacker anything.
I get those calls all the time. There is yet no evidence that your computer has been compromised. 

I still need to see the log from SuperAntiSpyware.

Looking over your log it seems you don't have any antivirus software.

Before we continue download and install a free antivirus.

Remember to only install one antivirus!
 
1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

************************************************

Old versions of Java have vulnerabilities that malware can use to infect your system.[/COLOR]

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
************************************************
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
****************************************************
I strongly recommend that you remove Ask from your computer because it;

•Promotes its toolbars on sites targeted to kids.

•Promotes its toolbars through ads that appear to be part of other companies' sites.

•Promotes its toolbars through other companies' spyware.

•Installs without any disclosure whatsoever and without any consent whatsoever.

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

See Here for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

•AskBarDis or anything related to Ask

Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.
***************************************************
Please read here for more information about WildTangent. Your choice if you want to remove it or not.

If you choose to follow my advice, please follow these instructions.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

•WildTangent Web Driveror anything related to WildTangent.
*******************************************************
P2P - I see you have P2P software installed on your machine (µTorrent). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

[WiseFailure]

DDS (Ver_10-12-12.02) - NTFS_AMD64 
Run by McCreary's at 15:01:33.06 on Wed 02/09/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Professional   6.1.7600.0.1252.1.1033.18.4094.2680 [GMT -5:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Windows\system32\lxducoms.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe
C:\Windows\SysWOW64\Filter Services\Filter.exe
C:\Windows\SysWOW64\Filter Services\fSec.exe
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\Filter Services\fService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\McCreary's\Music\SecurityCheck.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\McCreary's\Music\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = https://online.woodforest.com/WNB/Login.aspx?ReturnUrl=%2fWNB%2fAccounts%2fActivity.aspx
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: GoodShopToolbar: {0b4d6b1c-d1a6-4b21-9412-cc846ebfa818} - C:\Program Files (x86)\GoodSearch.com\GoodSearch Toolbar\adxloader.dll
BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: GoodSearchBar: {10834e9a-d475-4a24-ad01-f3f24f71b28e} - C:\Program Files (x86)\GoodSearch.com\GoodSearch Toolbar\adxloader.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\MCCREA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://access.hersheymed.net/dana-cached/sc/JuniperSetupClient.cab
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [lxdumon.exe] "C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe"
mRun-x64: [EzPrint] "C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe"
mRun-x64: [TotalNetGuard] C:\Windows\SysWOW64\Filter Services\Filter.exe
mRun-x64: [TotalNetGuardSec] C:\Windows\SysWOW64\Filter Services\fSec.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\MCCREA~1\AppData\Roaming\Mozilla\Firefox\Profiles\ykon5cvh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - GoodSearch
FF - prefs.js: browser.startup.homepage - hxxp://myafo.net
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=374563&p=
FF - prefs.js: network.proxy.http - bastion01.afo.net
FF - prefs.js: network.proxy.http_port - 10101
FF - prefs.js: network.proxy.type - 1
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Users\McCreary's\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\McCreary's\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 NEOFLTR_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);C:\Windows\System32\drivers\NEOFLTR_650_14951.SYS [2010-3-25 100400]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 lxdu_device;lxdu_device;C:\Windows\system32\lxducoms.exe -service --> C:\Windows\system32\lxducoms.exe -service [?]
R2 TotalNetGuard;TotalNetGuard;C:\Windows\SysWOW64\Filter Services\fService.exe [2009-6-24 28672]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-13 135664]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-16 1255736]

=============== Created Last 30 ================

2011-02-08 11:51:33   7844688   ----a-w-   C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{B1DED7A7-7FC5-4864-9FE4-5A9562C744ED}\mpengine.dll
2011-02-08 11:50:55   737072   ----a-w-   C:\PROGRA~3\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-7\Microsoft.MediaCenter.Sports.UI.dll
2011-02-07 03:49:17   --------   d-----w-   C:\Users\MCCREA~1\AppData\Roaming\Malwarebytes
2011-02-07 03:49:11   38224   ----a-w-   C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-07 03:49:11   --------   d-----w-   C:\PROGRA~3\Malwarebytes
2011-02-07 03:49:08   24152   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2011-02-07 03:49:08   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-06 00:28:52   --------   d-----w-   C:\Users\MCCREA~1\AppData\Roaming\SUPERAntiSpyware.com
2011-02-06 00:28:52   --------   d-----w-   C:\PROGRA~3\SUPERAntiSpyware.com
2011-02-06 00:28:49   --------   d-----w-   C:\PROGRA~3\!SASCORE
2011-02-06 00:28:47   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2011-02-05 02:38:35   --------   d-----w-   C:\Users\MCCREA~1\AppData\Roaming\POWKEY
2011-02-05 02:38:35   --------   d-----w-   C:\PROGRA~3\IMEAM
2011-02-05 02:37:59   2291200   ----a-w-   C:\Windows\System32\drivers\imon\netconfig64.dll
2011-02-05 02:37:59   --------   d-----w-   C:\Windows\System32\drivers\imon
2011-02-05 02:37:58   99328   ----a-w-   C:\Windows\SysWow64\drivers\imon\imonlspins64.exe
2011-02-05 02:37:58   147456   ----a-w-   C:\Windows\SysWow64\drivers\imon\uninstall.exe
2011-02-05 02:37:58   110592   ----a-w-   C:\Windows\SysWow64\drivers\imon\netconfig.dll
2011-02-05 02:37:58   --------   d--h--w-   C:\Windows\SysWow64\drivers\imon
2011-02-05 02:37:56   --------   d--h--w-   C:\PROGRA~3\IMPKL
2011-02-03 21:41:41   --------   d-----w-   C:\Program Files (x86)\Common Files\AnswerWorks 4.0
2011-02-03 21:41:23   69715   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-02-03 21:41:23   5632   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-02-03 21:41:23   266240   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-02-03 21:41:23   172032   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-02-03 21:41:22   733184   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-02-03 21:41:22   303236   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-02-03 21:41:22   180356   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2011-02-03 21:19:11   --------   d-----w-   C:\Users\MCCREA~1\AppData\Roaming\Intuit
2011-02-03 21:19:06   --------   d-----w-   C:\Program Files (x86)\Common Files\AnswerWorks 5.0
2011-02-03 21:16:44   --------   d-----w-   C:\Users\MCCREA~1\AppData\Local\IsolatedStorage
2011-02-03 21:16:43   --------   d-----w-   C:\Program Files (x86)\Common Files\Intuit
2011-02-03 21:14:55   --------   d-----w-   C:\Program Files (x86)\TurboTax
2011-02-03 21:14:45   --------   d-----w-   C:\PROGRA~3\Intuit
2011-02-03 05:04:21   --------   d-----w-   C:\Program Files (x86)\Combined Community Codec Pack
2011-02-03 04:55:19   --------   d--h--w-   C:\Windows\msdownld.tmp
2011-02-03 04:55:16   --------   d-----w-   C:\Windows\SysWow64\directx
2011-02-01 15:04:22   --------   d-----w-   C:\Users\MCCREA~1\AppData\Roaming\HdO Adventure
2011-02-01 13:47:27   --------   d-----w-   C:\Program Files (x86)\A Girl in the City
2011-01-31 23:23:25   --------   d-----w-   C:\Users\MCCREA~1\AppData\Roaming\Sungift Games
2011-01-31 23:23:25   --------   d-----w-   C:\PROGRA~3\Sungift Games
2011-01-31 23:22:33   --------   d-----w-   C:\Program Files (x86)\WildGames
2011-01-31 23:14:44   --------   d-----w-   C:\Program Files (x86)\WildTangent Games
2011-01-29 16:15:37   --------   d-----w-   C:\Users\MCCREA~1\AppData\Roaming\SpinTop Games
2011-01-28 15:59:14   --------   d-----w-   C:\Users\MCCREA~1\AppData\Roaming\Sudden Games
2011-01-27 14:05:58   --------   d-----w-   C:\Users\MCCREA~1\AppData\Roaming\DivoGames
2011-01-24 02:19:13   374664   ----a-w-   C:\Windows\System32\drivers\netio.sys
2011-01-22 03:46:29   --------   d-----w-   C:\Users\MCCREA~1\AppData\Roaming\Sawer
2011-01-22 03:46:22   --------   d-----w-   C:\Users\MCCREA~1\AppData\Roaming\Sakura
2011-01-22 03:46:11   --------   d-----w-   C:\Users\MCCREA~1\AppData\Roaming\PoiZone
2011-01-20 21:21:42   --------   d-----w-   C:\Users\MCCREA~1\AppData\Roaming\Hardcore
2011-01-20 21:18:20   --------   d-----w-   C:\Program Files (x86)\ASIO4ALL v2
2011-01-20 21:06:12   225280   ----a-w-   C:\Windows\SysWow64\rewire.dll
2011-01-20 21:06:03   1554944   ----a-w-   C:\Windows\SysWow64\vorbis.acm
2011-01-20 21:05:52   --------   d-----w-   C:\Program Files (x86)\VstPlugins
2011-01-20 21:05:51   --------   d-----w-   C:\Program Files (x86)\Outsim
2011-01-20 21:04:58   --------   d-----w-   C:\Program Files (x86)\Image-Line
2011-01-20 20:53:39   --------   d-----w-   C:\Users\MCCREA~1\AppData\Roaming\DVDVideoSoftIEHelpers
2011-01-12 19:56:34   987136   ----a-w-   C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 19:56:34   720896   ----a-w-   C:\Windows\System32\odbc32.dll
2011-01-12 19:56:34   573440   ----a-w-   C:\Windows\SysWow64\odbc32.dll
2011-01-12 19:56:34   495616   ----a-w-   C:\Program Files\Common Files\System\ado\msadox.dll
2011-01-12 19:56:34   466944   ----a-w-   C:\Program Files\Common Files\System\ado\msadomd.dll
2011-01-12 19:56:34   372736   ----a-w-   C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 19:56:34   352256   ----a-w-   C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 19:56:34   258048   ----a-w-   C:\Program Files\Common Files\System\msadc\msadco.dll
2011-01-12 19:56:34   208896   ----a-w-   C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-01-12 19:56:34   1425408   ----a-w-   C:\Program Files\Common Files\System\ado\msado15.dll

==================== Find3M  ====================

2011-02-02 22:11:20   270720   ------w-   C:\Windows\System32\MpSigStub.exe
2011-01-07 08:06:50   46080   ----a-w-   C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11   34304   ----a-w-   C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20   366080   ----a-w-   C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11   294400   ----a-w-   C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30   612352   ----a-w-   C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33   428032   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16   3127808   ----a-w-   C:\Windows\System32\win32k.sys
2010-12-18 06:15:38   1197056   ----a-w-   C:\Windows\System32\wininet.dll
2010-12-18 06:11:41   57856   ----a-w-   C:\Windows\System32\licmgr10.dll
2010-12-18 06:11:34   714752   ----a-w-   C:\Windows\System32\kerberos.dll
2010-12-18 05:32:22   981504   ----a-w-   C:\Windows\SysWow64\wininet.dll
2010-12-18 05:29:40   44544   ----a-w-   C:\Windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31   541184   ----a-w-   C:\Windows\SysWow64\kerberos.dll
2010-12-18 04:55:03   482816   ----a-w-   C:\Windows\System32\html.iec
2010-12-18 04:20:55   386048   ----a-w-   C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40   1638912   ----a-w-   C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59   1638912   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2010-11-29 22:38:30   94208   ----a-w-   C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38:30   69632   ----a-w-   C:\Windows\SysWow64\QuickTime.qts
2010-11-12 23:53:06   472808   ----a-w-   C:\Windows\SysWow64\deployJava1.dll

============= FINISH: 15:01:58.41 ===============


second log



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/9/2010 5:08:14 PM
System Uptime: 2/9/2011 2:35:29 PM (1 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. |  | EP45-UD3P
Processor: Intel(R) Core(TM)2 Quad CPU    Q9400  @ 2.66GHz | Socket 775 | 1973/333mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 699 GiB total, 539.904 GiB free.
D: is CDROM ()
I: is FIXED (NTFS) - 0 GiB total, 0.069 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\5&428A151&0&3
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\5&428A151&0&3
Service:

==== System Restore Points ===================

RP179: 2/3/2011 12:01:40 AM - Installed DirectX
RP180: 2/3/2011 11:06:25 AM - Windows Update
RP181: 2/3/2011 4:16:45 PM - Installed TurboTax 2009 wrapper
RP182: 2/3/2011 4:17:07 PM - Installed TurboTax 2009 WinPerReleaseEngine
RP183: 2/3/2011 4:17:54 PM - Installed TurboTax 2009 WinPerFedFormset
RP184: 2/3/2011 4:18:24 PM - Installed TurboTax 2009 WinPerTaxSupport
RP185: 2/3/2011 4:18:45 PM - Installed iSEEK AnswerWorks English Runtime
RP186: 2/3/2011 4:36:45 PM - Installed TurboTax 2009 wpaiper
RP187: 2/3/2011 4:40:38 PM - Installed TurboTax Premier 2007
RP188: 2/3/2011 4:41:25 PM - Installed AnswerWorks 4.0 Runtime - English
RP189: 2/3/2011 4:52:07 PM - Installed TurboTax 2008 wrapper
RP190: 2/3/2011 4:52:18 PM - Installed TurboTax 2008 WinPerReleaseEngine
RP191: 2/3/2011 4:53:03 PM - Installed TurboTax 2008 WinPerFedFormset
RP192: 2/3/2011 4:53:29 PM - Installed TurboTax 2008 WinPerTaxSupport
RP193: 2/3/2011 4:53:53 PM - Installed TurboTax 2008 WinPerProgramHelp
RP194: 2/3/2011 4:54:15 PM - Installed TurboTax 2008 WinPerUserEducation
RP195: 2/4/2011 2:36:59 PM - Windows Update
RP196: 2/5/2011 1:22:52 AM - Windows Update
RP197: 2/5/2011 10:54:29 AM - Windows Update
RP198: 2/8/2011 6:51:13 AM - Windows Update
RP199: 2/9/2011 12:30:49 PM - Windows Update
RP200: 2/9/2011 2:33:27 PM - Installed Java(TM) 6 Update 23

==== Installed Programs ======================

µTorrent
A Girl in the City
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Amazon MP3 Downloader 1.0.10
AnswerWorks 4.0 Runtime - English
Apple Application Support
Apple Software Update
ASIO4ALL
Ask Toolbar
Autumn's Treasures: The Jade Coin
Big Fish Games: Game Manager
BufferChm
Byki
Byki Standard
Carambis Driver Updater
Combined Community Codec Pack 2010-10-10
Compatibility Pack for the 2007 Office system
Copy
Counter-Strike: Source
Coupon Printer for Windows
Dealio Toolbar v4.1
Destinations
DeviceDiscovery
Disney-Pixar Ratatouille
DJ_AIO_05_F4400_Software_Min
Dream Day True Love
Driver Detective
Drumaxx
F4400
Facebook Plug-In
FL Studio 9
Forgotten Places - Lost Circus
GoodSearch Toolbar
Google Earth
Google Update Helper
GPBaseService2
Hardcore
Hidden Expedition: Amazon ™
Holly 2: Magic Land
HP Photo Creations
HP Update
HPPhotoGadget
HPProductAssistant
HPSSupply
IL Download Manager
InfraRecorder
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java(TM) 6 Update 23
Juniper Networks Cache Cleaner 6.5.0
Juniper Networks Host Checker
Juniper Networks Secure Application Manager
Juniper Networks Setup Client
Killing Floor
LeapFrog Connect
LeapFrog Leapster2 Plugin
Left 4 Dead
Left 4 Dead 2
Lexmark Printable Web
Lost Lagoon: The Trail of Destiny
Malwarebytes' Anti-Malware
MarketResearch
Mass Effect
Microsoft Default Manager
Microsoft Flight Simulator X Demo
Microsoft Office Excel Viewer
Microsoft Office Word Viewer 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Motorola Driver Installation
Mozilla Firefox (3.6.13)
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Mystery of Shark Island
Mystery Stories: Berlin Nights
Mystic Gateways: The Celestial Quest
Oblivion
OpenOffice.org 3.1
Oregon Trail 5
PoiZone
PriceGong 2.1.0
PunkBuster Services
QuickTime
Sakura
Sawer
Scan
Secret Mission: The Forgotten Island
SmartWebPrinting
SolutionCenter
Status
Steam
The Clumsys
The Polynomial
Toolbox
Toxic Biohazard
Transparent Language System
TrayApp
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wpaiper
TurboTax 2009 wrapper
TurboTax Premier 2007
Unity Web Player
Update Installer for WildTangent Games App
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
WeatherBug
WebReg
WildTangent Games
WildTangent Games App

==== Event Viewer Messages From Past Week ========

2/9/2011 12:17:57 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
2/9/2011 1:48:21 PM, Error: Service Control Manager [7034]  - The Application Updater service terminated unexpectedly.  It has done this 1 time(s).
2/4/2011 7:25:51 AM, Error: Microsoft Antimalware [3002]  -
2/2/2011 1:55:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.97.875.0).

==== End Of File ===========================

[WiseFailure]

Before i left, i was going to post my log from my first spyware scan.

Here it is

(the K drive is not hooked up right now.)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/05/2011 at 10:42 PM

Application Version : 4.48.1000

Core Rules Database Version : 6348
Trace Rules Database Version: 4160

Scan type       : Complete Scan
Total Scan Time : 03:03:47

Memory items scanned      : 625
Memory threats detected   : 0
Registry items scanned    : 13438
Registry threats detected : 0
File items scanned        : 381800
File threats detected     : 152

Adware.Tracking Cookie
   C:\Users\McCreary's\AppData\Roaming\Microsoft\Windows\Cookies\mccreary's@pointroll[4].txt
   C:\Users\McCreary's\AppData\Roaming\Microsoft\Windows\Cookies\mccreary's@zedo[1].txt
   C:\Users\McCreary's\AppData\Roaming\Microsoft\Windows\Cookies\mccreary's@doubleclick[2].txt
   C:\Users\McCreary's\AppData\Roaming\Microsoft\Windows\Cookies\mccreary's@apmebf[1].txt
   C:\Users\McCreary's\AppData\Roaming\Microsoft\Windows\Cookies\mccreary'[email protected][6].txt
   C:\Users\McCreary's\AppData\Roaming\Microsoft\Windows\Cookies\mccreary'[email protected][2].txt
   C:\Users\McCreary's\AppData\Roaming\Microsoft\Windows\Cookies\mccreary's@2o7[2].txt
   C:\Users\McCreary's\AppData\Roaming\Microsoft\Windows\Cookies\mccreary's@mediaplex[2].txt
   C:\Users\McCreary's\AppData\Roaming\Microsoft\Windows\Cookies\mccreary'[email protected][1].txt
   C:\Users\McCreary's\AppData\Roaming\Microsoft\Windows\Cookies\mccreary's@invitemedia[2].txt
   C:\Users\McCreary's\AppData\Roaming\Microsoft\Windows\Cookies\mccreary'[email protected][3].txt
   C:\Users\McCreary's\AppData\Roaming\Microsoft\Windows\Cookies\mccreary'[email protected][2].txt
   C:\Users\McCreary's\AppData\Roaming\Microsoft\Windows\Cookies\mccreary'[email protected][1].txt
   C:\Users\McCreary's\AppData\Roaming\Microsoft\Windows\Cookies\mccreary's@questionmarket[2].txt
   2mdn.net [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   allegromultimedia.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   bbca.channelfinder.net [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   cdn.eyewonder.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   cdn.insights.gravity.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   cdn2.themis-media.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   cdn4.specificclick.net [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   content.oddcast.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   convoad.technoratimedia.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   core.insightexpressai.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   files.youporn.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   ia.media-imdb.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   macromedia.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   media.alot.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   media.ign.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   media.kmov.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   media.mtvnservices.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   media.nbcwashington.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   media.nintendo.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   media.richrelevance.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   media.scanscout.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   media.vmixcore.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   media10.washingtonpost.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   mediasuite.multicastmedia.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   msnbcmedia.msn.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   msntest.serving-sys.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   multimedia.msn.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   s0.2mdn.net [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   secure-us.imrworldwide.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   serving-sys.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   static.discoverymedia.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   timesofindia.indiatimes.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   udn.specificclick.net [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
   cache.specificmedia.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
   cdn4.specificclick.net [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
   cdn5.specificclick.net [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
   core.insightexpressai.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
   ds.serving-sys.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
   m1.2mdn.net [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
   media.dreamhost.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
   media.ign.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
   media.komonews.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
   media.kusi.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
   media.mtvnservices.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
   media.nbcwashington.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
   media.scanscout.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
   media.scrippsnewspapers.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
   media.socialvibe.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
   media1.break.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
   media10.washingtonpost.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
   msnbcmedia.msn.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
   msntest.serving-sys.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
   objects.tremormedia.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
   oddcast.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
   s0.2mdn.net [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
   secure-us.imrworldwide.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
   static.2mdn.net [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
   udn.specificclick.net [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
   www.countryinns.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
   www.wvnetworkmedia.org [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]

Adware.MyWebSearch/FunWebProducts
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3CJPEG.DLL
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3DTACTL.DLL
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3HISTSW.DLL
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3HTMLMU.DLL
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3HTTPCT.DLL
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3POPSWT.DLL
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3PSSAVR.SCR
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3REPROX.DLL
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3RESTUB.DLL
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3SCHMON.EXE
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3SCRCTR.DLL
   C:\WINDOWS.OLD\WINDOWS\SYSWOW64\F3PSSAVR.SCR
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3CJPEG.DLL
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3DTACTL.DLL
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3HISTSW.DLL
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3HTMLMU.DLL
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3HTTPCT.DLL
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3POPSWT.DLL
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3PSSAVR.SCR
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3REPROX.DLL
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3RESTUB.DLL
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3SCHMON.EXE
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3SCRCTR.DLL

Adware.MyWebSearch
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3HKSTUB.DLL
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3REGHK.DLL
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3AUXSTB.DLL
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3DLGHK.DLL
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3HIGHIN.EXE
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3HTML.DLL
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3IDLE.DLL
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3IMPIPE.EXE
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3MEDINT.EXE
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3MSG.DLL
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3OUTLCN.DLL
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3PLUGIN.DLL
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3SKIN.DLL
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3SKPLAY.EXE
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3SLSRCH.EXE
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3SRCHMN.EXE
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\MWSOEPLG.DLL
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\MWSOESTB.DLL
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\MWSSRCAS.DLL
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\MWSSVC.EXE
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\FIREFOX\NPMYWEBS.DLL
   C:\WINDOWS.OLD\USERS\UNCLEDAVID\DOWNLOADS\IWONSETUP2.3.50.62.SA.HP.ZLFOX000.EXE
   K:\DOWNLOADS\IWONSETUP2.3.50.62.SA.HP.ZLFOX000.EXE
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3HKSTUB.DLL
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3REGHK.DLL
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3AUXSTB.DLL
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3DLGHK.DLL
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3HIGHIN.EXE
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3HTML.DLL
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3IDLE.DLL
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3IMPIPE.EXE
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3MEDINT.EXE
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3MSG.DLL
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3OUTLCN.DLL
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3PLUGIN.DLL
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3SKIN.DLL
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3SKPLAY.EXE
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3SLSRCH.EXE
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3SRCHMN.EXE
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\MWSOEPLG.DLL
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\MWSOESTB.DLL
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\MWSSRCAS.DLL
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\MWSSVC.EXE
   K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\FIREFOX\NPMYWEBS.DLL

Trojan.Vundo-Variant/F
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\STEAM\STEAMAPPS\DIAMONDWRAITH\COUNTER-STRIKE SOURCE\BIN\PARSIFAL.DLL
   C:\WINDOWS.OLD\PROGRAM FILES (X86)\STEAM\STEAMAPPS\DIAMONDWRAITH\COUNTER-STRIKE SOURCE\BIN\VAUDIO_MILES.DLL

Adware.CouponBar
   C:\WINDOWS.OLD\USERS\UNCLEDAVID\APPDATA\LOCAL\TEMP\CPNPRT2.CID

Adware.Gamevance
   C:\WINDOWS.OLD\USERS\UNCLEDAVID\DOWNLOADS\SETUPGAMEVANCE(2).EXE
   C:\WINDOWS.OLD\USERS\UNCLEDAVID\DOWNLOADS\SETUPGAMEVANCE.EXE
   K:\DOWNLOADS\SETUPGAMEVANCE.EXE
   K:\DOWNLOADS\SETUPGAMEVANCE(2).EXE


Phone issue is resolve.
The problem with the cellphones is a regional "glitch". its occurring in many states, and affecting many people. Thank god for that. lol

[SuperDave]

Did you do the other things I asked you to do in my reply; like installing an AV program?

[WiseFailure]

Did you do the other things I asked you to do in my reply; like installing an AV program?

Isnt superantivirus, an anti virus program? If so, ive got that. I also use Windows Defender. Ive updated my java and adobe. ive disabled and deleted Various things as you said i should.

Did you see anything in my spyware logs? What do i do now?

[BC_Programmer]

Isnt superantivirus, an anti virus program?

SuperAntiSpyware is not an Anti-Virus program. It's an Anti-spyware program.

[WiseFailure]

Downloaded AVG.

[WiseFailure]

I received a call from some SNG ressearch corp, today. Apparently it was a "random" phone number generator. Im really getting scared out of my mind that my familys personal information has been compromised! at what point should i rationally put all my personal information on alert? Is that necessary at this point? Its not the first time ive gotten calls for Surveys, but This particular call, along with the last call about winning something.. i really dont know what to think.

Anyway, what now?

Is it possible that there is a virus or something of the sort "running in the background" that cant be detected? thats all for now.

[WiseFailure]

This is my HijackThis log. when i started the scan it said this "For some reason your system denied white access to your host files. If any hijack domains are in this file Hijack may not be able to fix it."


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:28:30 PM, on 2/10/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\TrendMicro\Trend Micro\HiJackThis\sniper.exe.exe
C:\Program Files (x86)\TrendMicro\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://online.woodforest.com/WNB/Login.aspx?ReturnUrl=%2fWNB%2fAccounts%2fActivity.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: GoodShopToolbar - {0b4d6b1c-d1a6-4b21-9412-cc846ebfa818} - C:\Program Files (x86)\GoodSearch.com\GoodSearch Toolbar\adxloader.dll
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
O3 - Toolbar: GoodSearchBar - {10834e9a-d475-4a24-ad01-f3f24f71b28e} - C:\Program Files (x86)\GoodSearch.com\GoodSearch Toolbar\adxloader.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://access.hersheymed.net/dana-cached/sc/JuniperSetupClient.cab
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: lxdu_device -   - C:\Windows\system32\lxducoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TotalNetGuard - Clean WWW, Inc. - C:\Windows\SysWOW64\Filter Services\fService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10949 bytes

[Allan]

Please stop clogging this thread with unnecessary information. Just follow SuperDave's instructions to the letter.

[WiseFailure]

Please stop clogging this thread with unnecessary information. Just follow SuperDave's instructions to the letter.

"Posting The Logs: Please give details. Just posting the logs in many instances is not enough information for us."

Im simply doing what the "read this before requesting help" thread says. It might seem unnecessary, but its still information. What else am i supposed to do?



Hijackthis log again with antivirus installed.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:21:32 PM, on 2/11/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\TrendMicro\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://online.woodforest.com/WNB/Login.aspx?ReturnUrl=%2fWNB%2fAccounts%2fActivity.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: GoodShopToolbar - {0b4d6b1c-d1a6-4b21-9412-cc846ebfa818} - C:\Program Files (x86)\GoodSearch.com\GoodSearch Toolbar\adxloader.dll
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
O3 - Toolbar: GoodSearchBar - {10834e9a-d475-4a24-ad01-f3f24f71b28e} - C:\Program Files (x86)\GoodSearch.com\GoodSearch Toolbar\adxloader.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://access.hersheymed.net/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: lxdu_device -   - C:\Windows\system32\lxducoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TotalNetGuard - Clean WWW, Inc. - C:\Windows\SysWOW64\Filter Services\fService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11710 bytes

[reddevilggg]

If you're here for a while you'll get used to it! 

[SuperDave]

Is it possible that there is a virus or something of the sort "running in the background" that cant be detected?

Anything is possible.Here are some things you can do to protect yourself.These are just suggestions.

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one! If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach.

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
****************************************************
Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[WiseFailure]

Combofix is telling me that it wont run with AVG installed.

[SuperDave]

That's correct. Please download MicroSoft Security Essentials from the link below. Make sure that you install the 64 bit one. Once it's installed, remove AVG with the AVG tool remover below. Now try to run ComboFix.

Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
*************************************************
AVG Antivirus - AVG Antivirus Remover utility

[WiseFailure]

That's correct. Please download MicroSoft Security Essentials from the link below. Make sure that you install the 64 bit one. Once it's installed, remove AVG with the AVG tool remover below. Now try to run ComboFix.

Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
*************************************************
AVG Antivirus - AVG Antivirus Remover utility

I did have to delete AVG. I have a problem. CommandPrompt, stops working while Combofix is running. It wont let me use it! What can i do now?


this is what it tells me

Problem signature:
  Problem Event Name:   APPCRASH
  Application Name:   CF22586.cfxxe
  Application Version:   6.1.7600.16385
  Application Timestamp:   4a5bc48d
  Fault Module Name:   ntdll.dll
  Fault Module Version:   6.1.7600.16695
  Fault Module Timestamp:   4cc7b325
  Exception Code:   c00000fd
  Exception Offset:   000000000005316f
  OS Version:   6.1.7600.2.0.0.256.48
  Locale ID:   1033
  Additional Information 1:   c5ec
  Additional Information 2:   c5ec62c949c41b1acf62ab7e02ba2792
  Additional Information 3:   8f53
  Additional Information 4:   8f53f0bd77fc1dd72129be33405f9dcb

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt

What can i do to make it work?

[SuperDave]

I have a problem. CommandPrompt, stops working while Combofix is running. It wont let me use it! What can i do now?

Why do you want to run CommandPrompt? I specifically asked you not to run anything other than the scans I requested. Please run ComboFix and post the log.

[WiseFailure]

Why do you want to run CommandPrompt? I specifically asked you not to run anything other than the scans I requested. Please run ComboFix and post the log.

combofix runs in the command prompt. Then it stops working. The command prompt has a blue background though. Then it makes it so i cant get on the internet. Dude I know its crazy, but if you could, i would totally let you come into my computer and do this remotely. Im such a noob. and im freaking out. 

I keep trying combofix, but its not working.

[SuperDave]

Please try this:

Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat

Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now

[WiseFailure]

Please try this:

Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat

Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now

i have the "run" window open..and im putting that command in. nothing is happening though. What am i doing wrong?

[WiseFailure]

i have the "run" window open..and im putting that command in. nothing is happening though. What am i doing wrong?

How do i rename it before i download it? Im using firefox.

[SuperDave]

If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

When the Save file box opens up you can change the name down at the bottom of the box.

[WiseFailure]

When the Save file box opens up you can change the name down at the bottom of the box.

Actually, no i cant. Whats up with that?

[SuperDave]

Please download it with Internet Explorer.

[carterericron]

A software keylogger would probably record keystrokes from an O/S soft keyboard like Microsoft, depending on where exactly it hooks into the operating system.