Solved Problem with Hotmail. Attn. Bobbye

Status
Not open for further replies.
S

Squidget1031

Posts: 19   +0
Hi Bobbye,

About nine months ago you helped me remove some spyware/malware from my home computer. Recently, my husband has been having some new problems: When he tries to log in to his Hotmail account the first entry of his password always fails, but works the second time. Then, when he goes into his Inbox, he can't read or delete his mail. I'm not sure if this is a Hotmail problem, or if it has to do with a repeat spyware/malware issue?

We recently changed internet providers and have a new "security" system and I'm wondering if that may have led to some of these new problems. He also seems to be having trouble on other websites where new windows need to pop up. These problems do not seem to be affecting my user profile.

The logs from the 8-step process are below:

MALWAREBYTES:
Malwarebytes' Anti-Malware 1.44
Database version: 3928
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/29/2010 2:50:32 PM
mbam-log-2010-03-29 (14-50-32).txt

Scan type: Quick Scan
Objects scanned: 236386
Time elapsed: 22 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\gwr (Rogue.GreenAV) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\HelpAssistant.AREBRO\Local Settings\Temp\agsbgi.dll (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\gwr\Viruses.dat (Rogue.GreenAV) -> Quarantined and deleted successfully.


DDS.TXT
DDS (Ver_10-12-12.02) - NTFSx86
Run by Emily at 21:31:15.64 on Sun 12/19/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.160 [GMT -5:00]

AV: CA Anti-Virus Plus *Enabled/Updated* {6B98D35F-BB76-41C0-876B-A50645ED099A}
FW: CA Personal Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mdmcls32.exe
C:\WINDOWS\system32\svcprs32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Emily\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.yahoo.com
mSearch Bar = hxxp://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
mWinlogon: Userinit=userinit.exe,
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: CA Anti-Phishing Toolbar Helper: {45011cf5-e4a9-4f13-9093-f30a784eb9b2} - c:\program files\ca\ca internet security suite\rrr anti-phishing\toolbar\caIEToolbar.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\progra~1\yahoo!\common\YIeTagBm.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: CA Anti-Phishing Toolbar: {0123b506-0ad9-43aa-b0cf-916c122ad4c5} - c:\program files\ca\ca internet security suite\rrr anti-phishing\toolbar\caIEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Yahoo! Pager] 1
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [TkBellExe] "realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sbcsel~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - hxxp://www.trueswitch.com/sbcyahoo/TrueInstallSBC.exe
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: PFW - UmxWnp.Dll
AppInit_DLLs: UmxSbxExw.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\emily\applic~1\mozilla\firefox\profiles\smny8jtr.default\
FF - component: c:\program files\ca\ca internet security suite\rrr anti-phishing\toolbar\firefox\components\CAFxToolBar.dll
FF - plugin: c:\documents and settings\emily\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: CA Anti-Phishing Toolbar: caaphishtoolbar@ca.com - c:\program files\ca\ca internet security suite\rrr anti-phishing\toolbar\Firefox

============= SERVICES / DRIVERS ===============

R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2010-9-17 135248]
R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2010-5-3 108112]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2010-3-22 79864]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2010-9-24 61008]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2010-9-24 115792]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 CAAMSvc;CAAMSvc;c:\program files\ca\ca internet security suite\ca anti-virus plus\CAAMSvc.exe [2010-11-29 206152]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2010-11-29 212992]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2010-11-29 206160]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2010-9-24 146000]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2010-9-24 61008]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2009-8-4 887288]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2010-8-24 740160]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2010-9-17 301648]
R2 WinExtManager;WinSock Extention Manager;c:\windows\system32\mdmcls32.exe [2010-11-29 2347760]
R2 WinSvchostManager;WinSock Svchost Manager;c:\windows\system32\svcprs32.exe [2010-11-29 1377008]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2010-6-9 244304]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]
S3 KmxAMVet;KmxAMVet;c:\windows\system32\drivers\KmxAMVet.sys [2009-3-27 598656]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]

=============== Created Last 30 ================

2010-12-19 21:04:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-19 21:04:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-19 21:04:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-18 21:24:08 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-12-18 21:24:08 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-18 21:21:55 -------- d-----w- c:\program files\ISSThirdParty
2010-12-18 21:18:14 -------- d-----w- c:\docume~1\emily\applic~1\VirtualStore
2010-12-15 20:01:35 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 20:01:02 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-11-30 01:52:20 7 ----a-w- c:\windows\system32\mkghj.dll
2010-11-30 01:50:01 -------- d-----w- c:\program files\CA
2010-11-21 00:21:00 -------- d-----w- c:\program files\iPod
2010-11-21 00:20:39 -------- d-----w- c:\program files\iTunes

==================== Find3M ====================

2010-12-19 16:48:16 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-11-30 02:26:31 1054032 ----a-w- c:\windows\system32\cfgmig32.dll
2010-11-30 02:26:25 95568 ----a-w- c:\windows\system32\vetredir.dll
2010-11-30 02:26:25 128336 ----a-w- c:\windows\system32\isafeif.dll
2010-11-30 01:51:34 5845744 ----a-w- c:\windows\system32\win32cpr.dll
2010-11-30 01:51:34 1872624 ----a-w- c:\windows\system32\winsflt.dll
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-09-28 20:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-24 16:16:18 272976 ----a-w- c:\windows\system32\UmxSbxw.dll
2010-09-24 16:16:18 113232 ----a-w- c:\windows\system32\UmxSbxExw.dll

============= FINISH: 21:38:49.01 ===============

ATTACH.TXT
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/4/2006 5:01:11 PM
System Uptime: 12/19/2010 9:17:38 PM (0 hours ago)

Motherboard: Dell Inc. | | 0JC474
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 144 GiB total, 115.772 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP159: 9/21/2010 7:27:28 AM - System Checkpoint
RP160: 9/22/2010 8:27:28 AM - System Checkpoint
RP161: 9/23/2010 9:11:14 AM - System Checkpoint
RP162: 9/24/2010 9:28:50 AM - System Checkpoint
RP163: 9/25/2010 10:50:58 AM - System Checkpoint
RP164: 9/26/2010 12:40:49 PM - System Checkpoint
RP165: 9/27/2010 1:25:52 PM - System Checkpoint
RP166: 9/28/2010 1:28:49 PM - System Checkpoint
RP167: 9/29/2010 3:00:19 AM - Software Distribution Service 3.0
RP168: 9/30/2010 4:28:48 AM - System Checkpoint
RP169: 10/1/2010 3:00:22 AM - Software Distribution Service 3.0
RP170: 10/2/2010 3:22:03 AM - System Checkpoint
RP171: 10/3/2010 3:34:01 AM - System Checkpoint
RP172: 10/4/2010 4:34:01 AM - System Checkpoint
RP173: 10/5/2010 5:02:32 AM - System Checkpoint
RP174: 10/6/2010 5:21:59 AM - System Checkpoint
RP175: 10/7/2010 6:34:22 AM - System Checkpoint
RP176: 10/8/2010 7:51:51 AM - System Checkpoint
RP177: 10/9/2010 8:39:49 AM - System Checkpoint
RP178: 10/10/2010 9:03:48 AM - System Checkpoint
RP179: 10/11/2010 11:11:23 AM - System Checkpoint
RP180: 10/12/2010 11:58:15 AM - System Checkpoint
RP181: 10/13/2010 3:00:24 AM - Software Distribution Service 3.0
RP182: 10/14/2010 3:28:45 AM - System Checkpoint
RP183: 10/15/2010 4:29:00 AM - System Checkpoint
RP184: 10/16/2010 5:40:40 AM - System Checkpoint
RP185: 10/17/2010 6:28:40 AM - System Checkpoint
RP186: 10/18/2010 7:16:38 AM - System Checkpoint
RP187: 10/19/2010 8:04:38 AM - System Checkpoint
RP188: 10/20/2010 9:04:35 AM - System Checkpoint
RP189: 10/21/2010 10:40:33 AM - System Checkpoint
RP190: 10/22/2010 11:52:34 AM - System Checkpoint
RP191: 10/23/2010 12:29:34 PM - System Checkpoint
RP192: 10/24/2010 1:04:29 PM - System Checkpoint
RP193: 10/25/2010 1:28:29 PM - System Checkpoint
RP194: 10/26/2010 2:16:26 PM - System Checkpoint
RP195: 10/27/2010 3:40:25 PM - System Checkpoint
RP196: 10/28/2010 4:10:15 PM - System Checkpoint
RP197: 10/29/2010 4:28:24 PM - System Checkpoint
RP198: 10/30/2010 5:04:19 PM - System Checkpoint
RP199: 10/31/2010 6:52:19 PM - System Checkpoint
RP200: 11/1/2010 7:10:44 PM - System Checkpoint
RP201: 11/2/2010 10:02:51 PM - System Checkpoint
RP202: 11/3/2010 10:46:46 PM - System Checkpoint
RP203: 11/4/2010 11:44:37 PM - System Checkpoint
RP204: 11/6/2010 12:35:59 AM - System Checkpoint
RP205: 11/7/2010 1:26:17 AM - System Checkpoint
RP206: 11/8/2010 2:22:36 AM - System Checkpoint
RP207: 11/9/2010 3:28:32 AM - System Checkpoint
RP208: 11/10/2010 4:46:32 AM - System Checkpoint
RP209: 11/11/2010 3:00:34 AM - Software Distribution Service 3.0
RP210: 11/11/2010 8:27:50 PM - Software Distribution Service 3.0
RP211: 11/12/2010 8:55:05 PM - System Checkpoint
RP212: 11/13/2010 10:10:32 PM - System Checkpoint
RP213: 11/14/2010 10:38:24 PM - System Checkpoint
RP214: 11/15/2010 10:47:57 PM - System Checkpoint
RP215: 11/16/2010 11:34:00 PM - System Checkpoint
RP216: 11/18/2010 12:10:23 AM - System Checkpoint
RP217: 11/19/2010 1:10:23 AM - System Checkpoint
RP218: 11/20/2010 2:10:23 AM - System Checkpoint
RP219: 11/21/2010 2:54:56 AM - System Checkpoint
RP220: 11/22/2010 3:54:56 AM - System Checkpoint
RP221: 11/23/2010 4:54:53 AM - System Checkpoint
RP222: 11/24/2010 5:54:51 AM - System Checkpoint
RP223: 11/25/2010 6:54:50 AM - System Checkpoint
RP224: 11/26/2010 2:27:33 PM - System Checkpoint
RP225: 11/27/2010 2:55:55 PM - System Checkpoint
RP226: 11/28/2010 3:10:30 PM - System Checkpoint
RP227: 11/29/2010 3:21:22 PM - System Checkpoint
RP228: 11/29/2010 8:50:00 PM - CA Internet Security Suite
RP229: 11/29/2010 9:42:04 PM - Software Distribution Service 3.0
RP230: 11/30/2010 9:51:58 PM - System Checkpoint
RP231: 12/1/2010 10:36:44 PM - System Checkpoint
RP232: 12/2/2010 11:04:15 PM - System Checkpoint
RP233: 12/4/2010 12:32:47 AM - System Checkpoint
RP234: 12/5/2010 12:37:03 AM - System Checkpoint
RP235: 12/6/2010 1:15:56 AM - System Checkpoint
RP236: 12/7/2010 1:50:20 AM - System Checkpoint
RP237: 12/7/2010 9:26:08 PM - Software Distribution Service 3.0
RP238: 12/8/2010 10:48:26 PM - System Checkpoint
RP239: 12/9/2010 10:54:18 PM - System Checkpoint
RP240: 12/10/2010 11:51:21 PM - System Checkpoint
RP241: 12/12/2010 1:14:38 AM - System Checkpoint
RP242: 12/13/2010 1:50:09 AM - System Checkpoint
RP243: 12/14/2010 2:50:09 AM - System Checkpoint
RP244: 12/15/2010 5:02:08 AM - System Checkpoint
RP245: 12/16/2010 3:00:20 AM - Software Distribution Service 3.0
RP246: 12/17/2010 3:16:39 AM - System Checkpoint
RP247: 12/17/2010 11:02:23 PM - Software Distribution Service 3.0
RP248: 12/18/2010 3:56:51 PM - Restore Operation
RP249: 12/18/2010 4:16:45 PM - Restore Operation
RP250: 12/19/2010 7:02:52 PM - System Checkpoint

==== Installed Programs ======================


Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
Adobe Shockwave Player
AIM 6
AMRT
AntiPhishing
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
APH placeholder
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoBase 3
ArcSoft PhotoStudio 5
AT&T Yahoo! Applications
Audacity 1.2.6
Bonjour
BroadJump Client Foundation
CA Anti-Virus Plus
CA Backup and Migration
CA Internet Security Suite
CA Parental Controls
CA Personal Firewall
Canon CanoScan Toolbox 4.0
CCleaner
Corel Photo Album 6
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell System Restore
DellSupport
Digital Content Portal
Digital Photo Navigator 1.5
DNAMigrator
Easy CD & DVD Creator 6
EducateU
ESET Online Scanner v3
ESPNMotion
Evil Dead Regeneration
Facebook Plug-In
FUJIFILM USB Driver
Google AFE
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 18
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
MicroStaff WINASPI
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch for Windows Media Player
NetZeroInstallers
OmniPage SE
Otto
Pinball Panic
PowerCinema NE for Everio
PowerDirector Express
PowerDVD 5.5
PowerProducer
QuickTime
Qurb
RAW FILE CONVERTER LE
RealPlayer
SBC Self Support Tool
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic Encoders
SUPERAntiSpyware Free Edition
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebFldrs XP
WildTangent Web Driver
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Yahoo! Photos Easy Upload Tool
Yahoo! Photos Print-at-Home Tool
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

12/19/2010 9:12:36 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:35 PM, error: Service Control Manager [7034] - The WinSock Svchost Manager service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:35 PM, error: Service Control Manager [7034] - The WinSock Extention Manager service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:35 PM, error: Service Control Manager [7034] - The CaCCProvSP service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:34 PM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:34 PM, error: Service Control Manager [7034] - The CA Common Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:33 PM, error: Service Control Manager [7034] - The CAISafe service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:33 PM, error: Service Control Manager [7034] - The CAAMSvc service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:32 PM, error: Service Control Manager [7034] - The HIPS Policy Manager service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:32 PM, error: Service Control Manager [7034] - The HIPS Firewall Helper service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:32 PM, error: Service Control Manager [7034] - The HIPS Event Manager service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:32 PM, error: Service Control Manager [7034] - The HIPS Configuration Interpreter service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:32 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:32 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/17/2010 11:06:46 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Office XP Service Pack 3.
12/17/2010 11:02:32 AM, error: Dhcp [1002] - The IP address lease 192.168.0.100 for the Network Card with network address 001320B469C1 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
12/16/2010 5:13:08 PM, error: Print [23] - Printer Lexmark 640 Series,0 failed to initialize because a suitable Lexmark 640 Series driver could not be found.

==== End Of File ===========================
 
Welcome back! I see you've been using popcaploader games! That always leaves unwanted malware. There is also a rogue program named Rogue.Green.AV adding data. If you installed this, please remove it.

It appears that you did 2 System Restores:
RP248: 12/18/2010 3:56:51 PM - Restore Operation
RP249: 12/18/2010 4:16:45 PM - Restore Operation
Please don do any more restores while we're cleaning because if restore points are infected and you use one of them, you could reinfect the system. We'll remove those at the end of cleaning.
===================================
There are some outdated programs on the system. They should be uninstalled as they are vulnerabilities, the program folder then removed and the current version installed: They are:
Adobe Reader 6.0.1
Adobe Acrobat - Reader 6.0.2 Update
(Replace with current version v9.xx> Visit this Adobe Reader site )
HijackThis 2.0.2
(Will give link to current v2.0.4 to run later)
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 18
(Current Java is v6u22> Check this site .Java Updates)
Windows Media Player 10
(You have the current v11)
Remove the following in Add/Remove Programs. No updates)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WildTangent Web Driver

As I explained to you, Hotmail is a web-based email and going by what I see here, hacking into it can't be much of a challenge! Change password, close old account and open new one.
========================================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Re-enable your Antivirus software.
  10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
====================================
Please download ComboFix from Here and save to your Desktop.

  • [1]. Do NOT rename Combofix unless instructed.
    [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3].Close any open browsers.
    [4]. Double click combofix.exe & follow the prompts to run.
  • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
    [5]. If Combofix asks you to install Recovery Console, please allow it.
    [6]. If Combofix asks you to update the program, always allow.
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..
 
Hello again.

I haven't used popcaploader games in a while ... But no more "Hedgehog Launch" for me from here on out! And I don't know what Rogue.Green.AV is? I did try System Restore as a feeble attempt to solve our problems before contacting you here. It obviously did not work. :)

Anyway ...

I've gone through and deleted the outdated programs you listed ... Although I'm having trouble locating Windows Media Player 10 to get rid of it! I ran ESET with no problem, but when I went to run Combofix, my Internet Security System (CA Internet Security) would not temporarily disable. I tried to uninstall it, and it only partially went away (the firewall component is still on my machine because of an error that keeps popping up during the uninstall) ... I even tried to get rid of it via Add/Remove programs with no luck and it is preventing the Combofix from running. Any suggestions for moving forward?

I will attach the ESET log as that is all I have right now:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=fd0ae9bab32f3c499074bc55cd960bec
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-31 10:12:33
# local_time=2010-03-31 06:12:33 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16776613 100 96 0 22077800 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=146343
# found=3
# cleaned=0
# scan_time=4478
C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\JYX8AEM2\index[1].htm probably a variant of Win32/TrojanDownloader.Agent trojan 00000000000000000000000000000000 I
C:\Documents and Settings\HelpAssistant.AREBRO\Local Settings\Temp\CSM22.tmp a variant of Win32/Adware.Mongoose.A application 00000000000000000000000000000000 I
C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe Win32/Spy.Ursnif.A virus 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=fd0ae9bab32f3c499074bc55cd960bec
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-31 11:32:27
# local_time=2010-03-31 07:32:27 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16776613 100 96 0 22082553 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=146431
# found=3
# cleaned=0
# scan_time=4520
C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\JYX8AEM2\index[1].htm probably a variant of Win32/TrojanDownloader.Agent trojan 00000000000000000000000000000000 I
C:\Documents and Settings\HelpAssistant.AREBRO\Local Settings\Temp\CSM22.tmp a variant of Win32/Adware.Mongoose.A application 00000000000000000000000000000000 I
C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe Win32/Spy.Ursnif.A virus 00000000000000000000000000000000 I
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=fd0ae9bab32f3c499074bc55cd960bec
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-04-05 04:25:37
# local_time=2010-04-05 12:25:37 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16776869 100 96 0 22443559 0 0
# compatibility_mode=8192 67108863 100 0 279612 279612 0 0
# scanned=175016
# found=8
# cleaned=0
# scan_time=6704
C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.ARE\Local Settings\Temp\CSM22.tmp a variant of Win32/Adware.Mongoose.A application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1275\A0107071.dll a variant of Win32/TrojanDownloader.Mebload.Z trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1276\A0110434.dll a variant of Win32/TrojanDownloader.Mebload.Z trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1277\A0111118.dll a variant of Win32/TrojanDownloader.Mebload.Z trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1277\A0111591.dll a variant of Win32/TrojanDownloader.Mebload.Z trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1278\A0112750.dll a variant of Win32/TrojanDownloader.Mebload.Z trojan 00000000000000000000000000000000 I
C:\_OTM\MovedFiles\04022010_124959\C_Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\JYX8AEM2\index[1].htm probably a variant of Win32/TrojanDownloader.Agent trojan 00000000000000000000000000000000 I
C:\_OTM\MovedFiles\04022010_124959\C_WINDOWS\$NtServicePackUninstall$\winlogon.exe Win32/Spy.Ursnif.A virus 00000000000000000000000000000000 I
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=fd0ae9bab32f3c499074bc55cd960bec
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-04-07 10:40:58
# local_time=2010-04-07 06:40:58 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16776533 100 96 0 22680248 0 0
# compatibility_mode=8192 67108863 100 0 516301 516301 0 0
# scanned=172602
# found=8
# cleaned=0
# scan_time=8535
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1275\A0107071.dll a variant of Win32/TrojanDownloader.Mebload.Z trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1276\A0110434.dll a variant of Win32/TrojanDownloader.Mebload.Z trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1277\A0111118.dll a variant of Win32/TrojanDownloader.Mebload.Z trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1277\A0111591.dll a variant of Win32/TrojanDownloader.Mebload.Z trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1278\A0112750.dll a variant of Win32/TrojanDownloader.Mebload.Z trojan 00000000000000000000000000000000 I
C:\_OTM\MovedFiles\04022010_124959\C_Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\JYX8AEM2\index[1].htm probably a variant of Win32/TrojanDownloader.Agent trojan 00000000000000000000000000000000 I
C:\_OTM\MovedFiles\04022010_124959\C_WINDOWS\$NtServicePackUninstall$\winlogon.exe Win32/Spy.Ursnif.A virus 00000000000000000000000000000000 I
C:\_OTM\MovedFiles\04072010_160710\C_HelpAsst_backup\C\DOCUME~1\HELPAS~1.ARE\Local Settings\Temp\CSM22.tmp a variant of Win32/Adware.Mongoose.A application 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=fd0ae9bab32f3c499074bc55cd960bec
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-21 04:52:33
# local_time=2010-12-20 11:52:33 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777191 100 0 903997 903997 0 0
# compatibility_mode=5121 16777214 0 3 113791 113791 0 0
# compatibility_mode=8192 67108863 100 0 22748706 22748706 0 0
# scanned=95831
# found=2
# cleaned=0
# scan_time=3226
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4144.0.4\setup.exe probably a variant of Win32/Agent.HZHBURL trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe probably a variant of Win32/Agent.HZHBURL trojan (unable to clean) 00000000000000000000000000000000 I
 
I was able to get rid of the rest of CA Internet Security and run Combofix without any problems. I wasn't very happy with CA anyway (I didn't find it to be very user friendly). Can you recommend a good anti-virus/internet protection program that I could/should use from here on out?

Here is the Combofix log:

ComboFix 10-12-21.01 - Emily 12/21/2010 21:09:07.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.238 [GMT -5:00]
Running from: c:\documents and settings\Emily\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\mkghj.dll
c:\windows\system32\Oeminfo.ini

.
((((((((((((((((((((((((( Files Created from 2010-11-22 to 2010-12-22 )))))))))))))))))))))))))))))))
.

2010-12-22 02:01 . 2010-12-22 02:01 -------- d-----w- c:\windows\system32\winsflte.dl1
2010-12-22 02:01 . 2010-12-22 02:01 -------- d-----w- c:\windows\system32\winsflt.dl1
2010-12-22 01:59 . 2010-12-22 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\CA-SupportBridge
2010-12-21 03:50 . 2010-12-21 03:50 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-12-21 03:27 . 2010-12-21 03:27 -------- d-----w- c:\program files\Common Files\Java
2010-12-21 03:26 . 2010-12-21 03:25 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-21 03:26 . 2010-12-21 03:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-21 03:26 . 2010-12-21 03:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-19 21:04 . 2010-12-19 21:04 -------- d-----w- c:\documents and settings\Anthony\Application Data\Malwarebytes
2010-12-19 21:04 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-19 21:04 . 2010-12-19 21:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-19 21:04 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-18 21:24 . 2010-12-18 21:24 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-18 21:20 . 2010-12-18 21:20 -------- d-----w- c:\documents and settings\Anthony\Application Data\dvdcss
2010-12-18 21:18 . 2010-12-18 21:18 -------- d-----w- c:\documents and settings\Emily\Application Data\VirtualStore
2010-12-18 21:18 . 2010-12-18 21:18 -------- d-----w- c:\documents and settings\Anthony\Application Data\VirtualStore
2010-12-15 20:01 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 20:01 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-11-30 01:50 . 2010-12-22 02:04 -------- d-----w- c:\program files\CA
2010-11-23 02:38 . 2010-11-23 02:38 -------- d-----w- c:\documents and settings\Anthony\Application Data\ArcSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2005-08-16 10:40 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2005-08-16 10:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2005-08-16 10:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2005-08-16 10:18 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2005-08-16 10:18 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2005-08-16 10:18 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2005-08-16 10:18 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-09-28 20:44 . 2010-08-08 03:13 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-28 20:44 . 2008-06-17 19:45 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="1" [X]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="realsched.exe -osboot" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-20 114688]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-01-05 168448]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
SBC Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2006-3-23 217088]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 18:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 22:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2007-11-01 21:13 151552 ------w- c:\program files\CyberLink\PCM4Everio\EverioService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-05-10 00:24 50760 ----a-w- c:\program files\Common Files\AOL\1143160613\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
2006-02-17 16:59 124520 ----a-w- c:\program files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-18 01:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
2002-02-21 01:01 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE\opware32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2004-01-09 20:01 868352 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
2003-05-01 22:44 65536 ----a-w- c:\program files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-02-18 20:40 2012912 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-04-15 05:41 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1143160613\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1143160613\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 9:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 9:15 AM 66632]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 2:51 PM 135664]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 9:15 AM 12872]
.
Contents of the 'Scheduled Tasks' folder

2010-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 19:51]

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 19:51]

2010-12-22 c:\windows\Tasks\User_Feed_Synchronization-{2D1E7F2F-E2A0-478C-B3E5-9B3AEC900A94}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.yahoo.com
mSearch Bar = hxxp://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Emily\Application Data\Mozilla\Firefox\Profiles\smny8jtr.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{0123B506-0AD9-43AA-B0CF-916C122AD4C5} - (no file)
HKLM-Run-cctray - c:\program files\CA\CA Internet Security Suite\casc.exe
HKLM-Run-capfupgrade - c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-21 21:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-12-21 21:19:56
ComboFix-quarantined-files.txt 2010-12-22 02:19

Pre-Run: 122,568,638,464 bytes free
Post-Run: 122,580,180,992 bytes free

- - End Of File - - C61B3BB6EE34529533547B203AA4ED48
 
I got Combofix to work. Here is the log:

ComboFix 10-12-21.01 - Emily 12/21/2010 21:09:07.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.238 [GMT -5:00]
Running from: c:\documents and settings\Emily\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\mkghj.dll
c:\windows\system32\Oeminfo.ini

.
((((((((((((((((((((((((( Files Created from 2010-11-22 to 2010-12-22 )))))))))))))))))))))))))))))))
.

2010-12-22 02:01 . 2010-12-22 02:01 -------- d-----w- c:\windows\system32\winsflte.dl1
2010-12-22 02:01 . 2010-12-22 02:01 -------- d-----w- c:\windows\system32\winsflt.dl1
2010-12-22 01:59 . 2010-12-22 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\CA-SupportBridge
2010-12-21 03:50 . 2010-12-21 03:50 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-12-21 03:27 . 2010-12-21 03:27 -------- d-----w- c:\program files\Common Files\Java
2010-12-21 03:26 . 2010-12-21 03:25 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-21 03:26 . 2010-12-21 03:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-21 03:26 . 2010-12-21 03:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-19 21:04 . 2010-12-19 21:04 -------- d-----w- c:\documents and settings\Anthony\Application Data\Malwarebytes
2010-12-19 21:04 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-19 21:04 . 2010-12-19 21:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-19 21:04 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-18 21:24 . 2010-12-18 21:24 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-18 21:20 . 2010-12-18 21:20 -------- d-----w- c:\documents and settings\Anthony\Application Data\dvdcss
2010-12-18 21:18 . 2010-12-18 21:18 -------- d-----w- c:\documents and settings\Emily\Application Data\VirtualStore
2010-12-18 21:18 . 2010-12-18 21:18 -------- d-----w- c:\documents and settings\Anthony\Application Data\VirtualStore
2010-12-15 20:01 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 20:01 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-11-30 01:50 . 2010-12-22 02:04 -------- d-----w- c:\program files\CA
2010-11-23 02:38 . 2010-11-23 02:38 -------- d-----w- c:\documents and settings\Anthony\Application Data\ArcSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2005-08-16 10:40 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2005-08-16 10:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2005-08-16 10:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2005-08-16 10:18 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2005-08-16 10:18 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2005-08-16 10:18 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2005-08-16 10:18 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-09-28 20:44 . 2010-08-08 03:13 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-28 20:44 . 2008-06-17 19:45 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="1" [X]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="realsched.exe -osboot" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-20 114688]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-01-05 168448]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
SBC Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2006-3-23 217088]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 18:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 22:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2007-11-01 21:13 151552 ------w- c:\program files\CyberLink\PCM4Everio\EverioService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-05-10 00:24 50760 ----a-w- c:\program files\Common Files\AOL\1143160613\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
2006-02-17 16:59 124520 ----a-w- c:\program files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-18 01:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
2002-02-21 01:01 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE\opware32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2004-01-09 20:01 868352 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
2003-05-01 22:44 65536 ----a-w- c:\program files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-02-18 20:40 2012912 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-04-15 05:41 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1143160613\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1143160613\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 9:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 9:15 AM 66632]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 2:51 PM 135664]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 9:15 AM 12872]
.
Contents of the 'Scheduled Tasks' folder

2010-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 19:51]

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 19:51]

2010-12-22 c:\windows\Tasks\User_Feed_Synchronization-{2D1E7F2F-E2A0-478C-B3E5-9B3AEC900A94}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.yahoo.com
mSearch Bar = hxxp://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Emily\Application Data\Mozilla\Firefox\Profiles\smny8jtr.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{0123B506-0AD9-43AA-B0CF-916C122AD4C5} - (no file)
HKLM-Run-cctray - c:\program files\CA\CA Internet Security Suite\casc.exe
HKLM-Run-capfupgrade - c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-21 21:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-12-21 21:19:56
ComboFix-quarantined-files.txt 2010-12-22 02:19

Pre-Run: 122,568,638,464 bytes free
Post-Run: 122,580,180,992 bytes free

- - End Of File - - C61B3BB6EE34529533547B203AA4ED48
 
Okay, not too much going on here.

Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: 
    :Processes	

:Files 
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4144.0.4\setup.exe 
C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe 
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=========================================
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:[Be sure to scroll down to include ALL lines.
Code: 
File::
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
These 2 LSP entries are described a part of Compouter Associates or Zone Alarm Security Suite:
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll

Otherwise this looks pretty good.

Let's do a HijackThis scan to be sure:
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.
  • Extract it to a directory on your hard drive called c:\HijackThis.
  • Then navigate to that directory and double-click on the hijackthis.exe file.
  • When started click on the Scan button and then the Save Log button to create a log of your information.
  • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
 
Sorry for the double post ... I submitted and didn't notice that it had to be cleared by a moderator, panicked, and posted again! :)

I have run the programs you specified and the logs are below:

OTM:
All processes killed
========== PROCESSES ==========
========== FILES ==========
File/Folder C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4144.0.4\setup.exe not found.
File/Folder C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator(2)

User: All Users

User: Anthony
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Emily
->Temp folder emptied: 1076 bytes
->Temporary Internet Files folder emptied: 65850 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 27609063 bytes
->Flash cache emptied: 733 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17048 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 26.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 12242010_230401

Files moved on Reboot...

Registry entries deleted on Reboot...

CFScript:
ComboFix 10-12-24.01 - Emily 12/24/2010 23:12:13.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.233 [GMT -5:00]
Running from: c:\documents and settings\Emily\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Emily\My Documents\Downloads\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2010-11-25 to 2010-12-25 )))))))))))))))))))))))))))))))
.

2010-12-23 08:00 . 2010-12-23 08:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-12-22 02:01 . 2010-12-22 02:01 -------- d-----w- c:\windows\system32\winsflte.dl1
2010-12-22 02:01 . 2010-12-22 02:01 -------- d-----w- c:\windows\system32\winsflt.dl1
2010-12-22 01:59 . 2010-12-22 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\CA-SupportBridge
2010-12-21 03:50 . 2010-12-21 03:50 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-12-21 03:27 . 2010-12-21 03:27 -------- d-----w- c:\program files\Common Files\Java
2010-12-21 03:26 . 2010-12-21 03:25 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-21 03:26 . 2010-12-21 03:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-21 03:26 . 2010-12-21 03:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-19 21:04 . 2010-12-19 21:04 -------- d-----w- c:\documents and settings\Anthony\Application Data\Malwarebytes
2010-12-19 21:04 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-19 21:04 . 2010-12-19 21:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-19 21:04 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-18 21:24 . 2010-12-18 21:24 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-18 21:20 . 2010-12-18 21:20 -------- d-----w- c:\documents and settings\Anthony\Application Data\dvdcss
2010-12-18 21:18 . 2010-12-18 21:18 -------- d-----w- c:\documents and settings\Emily\Application Data\VirtualStore
2010-12-18 21:18 . 2010-12-18 21:18 -------- d-----w- c:\documents and settings\Anthony\Application Data\VirtualStore
2010-12-15 20:01 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 20:01 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-11-30 01:50 . 2010-12-22 02:04 -------- d-----w- c:\program files\CA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2005-08-16 10:40 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2005-08-16 10:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2005-08-16 10:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2005-08-16 10:18 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2005-08-16 10:18 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2005-08-16 10:18 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2005-08-16 10:18 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-09-28 20:44 . 2010-08-08 03:13 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-28 20:44 . 2008-06-17 19:45 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-12-22_02.17.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-25 04:05 . 2010-12-25 04:05 16384 c:\windows\Temp\Perflib_Perfdata_11c.dat
+ 2010-12-23 08:00 . 2010-12-23 08:00 470528 c:\windows\Installer\66d15ec.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="1" [X]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="realsched.exe -osboot" [X]

Hijack This:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:26:02 PM, on 12/24/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Emily\My Documents\Downloads\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRA~1\Yahoo!\common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbcyahoo/TrueInstallSBC.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8745 bytes

Thanks again for all of your help!
 
We had a glitch on the site that was sending posts to moderation and members didn't think the posts showed. I think it's fixed now- but there was a lot of deleting duplicate logs. Were you the one I had the AOL Suds problem with? We had a hard time finding out what it was and getting rid of it.

Part of the Combofix log is missing. In the Regedit section, there are 2 entries: one for Yahoo pager and one for TkBellExe which is the updater for Real Player. Both entries are followed by an [X] indicating these aren't being used. But there are other sections below that.

The same 2 processes show in the HIJT log as:
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] 1

We can remove these entries easily then remove the cleaning tools- so let me know.This is just a bit of housekeeping, not malware. Otherwise both logs are okay.

Did you hubby close the Hotmail account and change his password? It doesn't appear that the problem he had was due to any malware on the system. But rather as I told you, the account was hacked on the site.

I hope you holiday has been nice. I'm taking a small break between festivities.
Have a Happy and Peaceful Holiday!
peace_dove_bigger_normal.jpg
 
I'm not sure if it was AOL Suds, but last time you helped me, my logs were REALLY long and it took a while to get rid of whatever was there.

Would you like me to run Combofix again and resubmit it? I actually ended up running both OTM and Combofix twice last time, as my machine froze up when Combofix was preparing its log (and I hadn't saved the OTM log prior to running Combofix). That may have screwed something up.

I'm fine with housekeeping ... I know we don't use Yahoo pager or Real Player ... Anything to keep this computer running smoothly.

Yes, the old Hotmail account has been deleted. It was so full of spam that it was probably best to just start over fresh!

Thanks again for all your help ... And on Christmas, too! :)
 
We'll remove the entries I mentioned:

Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
KillAll::
File::
DDS::
uRun: [Yahoo! Pager] 1
mRun: [TkBellExe] "realsched.exe" -osboot

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=-
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt . No log needed.
====================
Use Windows Explorer (Windows key + E) and follow My Computer> Double click on Local Drive> Programs> Right click on Real Player> Delete. Then find folder for Yahoo Pager and do the right click> Delete.
Exit Explorer.

Since we have handled any malware previously, you can Remove all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin

Let me know if you need more help.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
792
uber_beetle
uber_beetle
A
Microsoft breaks users' PCs again with latest Windows 11 update
Replies
19
Views
390
trparky
T
A
Windows 10 Enterprise and Education editions will soon enter end of life status
Replies
12
Views
243
Lounds
L

Latest posts

Back