Hi Cheryl,

The version of HijackThis that you ran is obsolete. Not to worry, we can take care of that.

ccstann:

This company that I am working for has shut me down, they say I have malaware

You are running Microsoft Security Essentials as well as Avast. I suggest that you remove one. Having two anti-virus applications can lead to conflicts and slowdowns as each is trying to scan the system at the same time and fighting for control over the situation. I suggest that you remove one of them.

Here are instructions for removing MSE, but it might be easier to remove Avast using their removal tool (see below)
http://www.recipester.org/Recipe:Uninstall_Microsoft_Security_Essentials_34215992

For Avast:
1. Use Add/Remove Programs first, but before doing so,  right-click the blue ball in system tray > program settings > troubleshooting > Place a checkmark next to disable self-defense.

2. Go to Add/Remove Programs and uninstall Avast!

3. Download the avast! removal tool:
http://www.avast.com/eng/avast-uninstall-utility.html
After downloading  aswClear.exe to your desktop
Start Windows in Safe Mode
Open (execute) the uninstall utility
If you installed avast! in a different folder than the default, browse for it. (Note: Be careful! The content of any folder you choose will be deleted!)
 Click REMOVE
Restart your computer

 Then please run the following scan:

1. DDS.txt
2. Attach.txt

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.

The company did not tell me what malware.  I am not sure how they determined this orginally, it must of been when I logged in.  But they kept sending me to different downloads to help get it removed (AVASTE, SuperANTIspyware, ESTE, nod32, a2Free).  They kept having me do more scans and then send hijackthis file log.  Not sure what they were seeing.   I have removed avast as insturcted.  Here are the two logs request from DDS

DDS (Ver_09-10-26.01) - NTFSx86 
Run by Cheryl  Stann at 17:21:06.25 on Thu 11/05/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.511.171 [GMT -5:00]

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated)   {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\wirelesscm.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Cheryl  Stann\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: H - No File
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {4E7BD74F-2B8D-469E-C8ED-EA2EFAD2ED61} - No File
TB: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus CX3200] c:\windows\system32\spool\drivers\w32x86\3\e_s10ic2.exe /a "c:\windows\system32\E_S83.tmp"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HelpCenter4.1] c:\program files\fastaccessdsl\helpcenter43\bin\sprtcmd.exe /P HelpCenter4.1
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
StartupFolder: c:\docume~1\cheryl~1\startm~1\programs\startup\ashava~1.lnk - c:\program files\alwil software\avast4\ashAvast.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\d-link dwa-552 xtreme n desktop adapter\wirelesscm.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: alpineaccess.com
Trusted Zone: citrix.com\www
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://a2fp2.alpineaccess.com/vdesk/terminal/urxvpn.cab#version=6030,2009,327,1607
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://a2fp2.alpineaccess.com/vdesk/terminal/f5tunsrv.cab#version=6030,2009,327,1558
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\docume~1\cheryl~1\locals~1\temp\ixp000.tmp\InstallerControl.cab
DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} - hxxps://www.webiqonline.com/WebIQ/bin/WebIQ.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253563001671
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} - hxxps://www.peryourhealth.com/crystalreportviewers10/ActiveXControls/ActiveXViewer.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} - hxxps://www.netchexonline.net/ActiveX/activexviewer.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://a2fp2.alpineaccess.com/vdesk/terminal/urxshost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://pc.mywebexpc.com/pc/mywebex/tool/syscheck/ieatgpc.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://a2fp2.alpineaccess.com/vdesk/terminal/urxhost.cab#version=6030,2009,327,1548
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [2009-3-27 33920]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2008-9-1 54432]
S3 aswArKrn;aswArKrn; [x]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2009-9-15 10752]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-12 14336]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2002-2-20 72576]

=============== Created Last 30 ================

2009-11-04 20:38:40 262144 ----a-w- C:\ntuser.dat
2009-11-04 20:37:01 0 d-----w- c:\program files\Yahoo!
2009-11-04 20:35:56 445128 ----a-w- c:\program files\msgr9us.exe
2009-11-04 18:17:01 4045528 ----a-w- c:\program files\mbam-setup.exe
2009-11-03 22:06:04 812344 ----a-w- c:\program files\HijackThisInstaller.exe
2009-11-01 07:03:23 0 d-----w- C:\c480155a1727e6313dc88dedc7
2009-10-31 17:51:20 0 d-----w- C:\5f4255c90e122689f6da5c443395155d
2009-10-30 16:54:54 0 d-----w- c:\program files\Microsoft
2009-10-30 16:54:33 0 d-----w- c:\program files\Windows Live SkyDrive
2009-10-30 16:54:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-10-30 16:53:47 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-30 16:46:34 0 d-----w- c:\program files\common files\Windows Live
2009-10-30 14:55:42 0 d-----w- C:\7d7ebd4ffbcdd762438432666a43
2009-10-29 14:55:07 0 d-----w- C:\be38b528563a582b1eca16891d682c
2009-10-27 21:06:48 0 d-----w- c:\docume~1\cheryl~1\applic~1\Error Fix
2009-10-27 20:57:45 0 d-----w- c:\program files\SUPERAntiSpyware
2009-10-27 20:57:45 0 d-----w- c:\docume~1\cheryl~1\applic~1\SUPERAntiSpyware.com
2009-10-27 20:57:14 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-10-27 20:56:49 7280672 ----a-w- c:\program files\SUPERAntiSpyware.exe
2009-10-27 19:57:54 0 d-----w- C:\0387bc1868297f1f3011d93b
2009-10-18 23:15:27 38786848 ----a-w- c:\program files\setupeng.exe
2009-10-18 20:41:11 4493736 ----a-w- c:\program files\mssefullinstall-x86fre-en-us-vista-win7.exe
2009-10-18 20:35:36 9092032 ----a-w- c:\program files\windows-kb890830-v3.0.exe
2009-10-18 20:06:21 812344 ----a-w- c:\program files\HJTInstall.exe
2009-10-18 19:07:26 864120 ----a-w- c:\program files\aswar.exe
2009-10-18 00:08:42 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-18 00:08:42 215920 ----a-w- c:\windows\system32\muweb.dll
2009-10-18 00:08:42 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-10-17 17:56:35 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-17 17:53:11 0 d-----w- c:\program files\Microsoft Security Essentials
2009-10-17 17:26:15 60462408 ----a-w- c:\program files\rescue_system-common-en.exe
2009-10-17 16:04:22 1008960535 ----a-w- c:\documents and settings\cheryl  stann\My Documents.zip
2009-10-17 14:00:52 308160 ----a-w- c:\program files\avast_home_setup.exe

==================== Find3M  ====================

2009-10-18 20:31:36 1202 ----a-w- c:\program files\aswar.log
2009-10-08 18:57:02 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 18:57:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 18:56:56 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36:27 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36:24 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 10:00:06 530083 ----a-w- C:\HC4DecommissionScheduler.exe
2008-08-23 20:10:05 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082320080824\index.dat
2009-03-31 19:30:53 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-03-31 19:30:53 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-03-31 19:30:53 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 17:21:32.03 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/18/2007 8:52:26 PM
System Uptime: 11/5/2009 6:12:26 PM (-1 hours ago)

Motherboard: Dell Computer Corp. |  |      
Processor:               Intel(R) Pentium(R) 4 CPU 2.40GHz | Microprocessor | 2386/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 91.579 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP943: 8/8/2009 5:24:21 PM - System Checkpoint
RP944: 8/9/2009 6:09:01 PM - System Checkpoint
RP945: 8/10/2009 12:40:51 PM - Installed Reg Tool
RP946: 8/11/2009 1:09:03 PM - System Checkpoint
RP947: 8/12/2009 2:56:51 PM - System Checkpoint
RP948: 8/13/2009 3:00:16 AM - Software Distribution Service 3.0
RP949: 8/14/2009 3:16:48 AM - System Checkpoint
RP950: 8/15/2009 3:00:15 AM - Software Distribution Service 3.0
RP951: 8/15/2009 3:22:58 AM - Printer Driver Microsoft XPS Document Writer Installed
RP952: 8/16/2009 3:00:15 AM - Software Distribution Service 3.0
RP953: 8/17/2009 3:26:28 AM - System Checkpoint
RP954: 8/18/2009 4:26:28 AM - System Checkpoint
RP955: 8/19/2009 5:26:27 AM - System Checkpoint
RP956: 8/20/2009 6:26:30 AM - System Checkpoint
RP957: 8/21/2009 7:26:31 AM - System Checkpoint
RP958: 8/22/2009 8:26:31 AM - System Checkpoint
RP959: 8/23/2009 9:26:33 AM - System Checkpoint
RP960: 8/24/2009 10:26:31 AM - System Checkpoint
RP961: 8/25/2009 11:26:35 AM - System Checkpoint
RP962: 8/26/2009 3:00:16 AM - Software Distribution Service 3.0
RP963: 8/27/2009 3:26:31 AM - System Checkpoint
RP964: 8/28/2009 3:26:38 AM - System Checkpoint
RP965: 8/29/2009 4:26:39 AM - System Checkpoint
RP966: 8/30/2009 5:26:38 AM - System Checkpoint
RP967: 8/31/2009 6:26:38 AM - System Checkpoint
RP968: 9/1/2009 7:26:38 AM - System Checkpoint
RP969: 9/2/2009 3:00:15 AM - Software Distribution Service 3.0
RP970: 9/3/2009 3:26:38 AM - System Checkpoint
RP971: 9/4/2009 3:26:43 AM - System Checkpoint
RP972: 9/5/2009 4:26:44 AM - System Checkpoint
RP973: 9/6/2009 5:26:43 AM - System Checkpoint
RP974: 9/7/2009 6:26:47 AM - System Checkpoint
RP975: 9/7/2009 2:07:12 PM - Removed Reg Tool
RP976: 9/8/2009 3:04:07 PM - System Checkpoint
RP977: 9/9/2009 3:11:15 PM - System Checkpoint
RP978: 9/10/2009 3:00:15 AM - Software Distribution Service 3.0
RP979: 9/11/2009 3:14:46 AM - System Checkpoint
RP980: 9/12/2009 4:14:45 AM - System Checkpoint
RP981: 9/13/2009 5:14:45 AM - System Checkpoint
RP982: 9/14/2009 6:14:45 AM - System Checkpoint
RP983: 9/15/2009 7:14:45 AM - System Checkpoint
RP984: 9/15/2009 9:31:17 AM - Installed Java(TM) 6 Update 15
RP985: 9/15/2009 4:10:10 PM - Installed Java(TM) 6 Update 16
RP986: 9/15/2009 4:48:14 PM - Installed Windows Media Player 11
RP987: 9/15/2009 4:50:23 PM - Installed Windows XP MSCompPackV1.
RP988: 9/15/2009 4:58:05 PM - Installed Microsoft Office Word Viewer 2003
RP989: 9/16/2009 2:03:42 PM - Removed MSN Toolbar
RP990: 9/16/2009 3:56:24 PM - Installed Citrix XenApp Web Plugin
RP991: 9/16/2009 4:36:54 PM - Installed SUPERAntiSpyware Free Edition
RP992: 9/17/2009 3:00:17 AM - Software Distribution Service 3.0
RP993: 9/17/2009 12:57:44 PM - Installed ESET NOD32 Antivirus
RP994: 9/17/2009 3:44:49 PM - Removed Adobe Reader 8.1.3
RP995: 9/17/2009 3:45:57 PM - Installed Adobe Reader 9.1.
RP996: 9/18/2009 5:20:42 PM - System Checkpoint
RP997: 9/19/2009 5:42:46 PM - System Checkpoint
RP998: 9/20/2009 6:42:46 PM - System Checkpoint
RP999: 9/21/2009 4:01:06 PM - Software Distribution Service 3.0
RP1000: 9/21/2009 4:15:18 PM - Software Distribution Service 3.0
RP1001: 9/22/2009 3:00:18 AM - Software Distribution Service 3.0
RP1002: 9/22/2009 9:51:15 AM - Software Distribution Service 3.0
RP1003: 9/22/2009 10:14:45 AM - Removed ESET NOD32 Antivirus
RP1004: 9/22/2009 10:16:09 AM - Removed SUPERAntiSpyware Free Edition
RP1005: 9/23/2009 3:00:16 AM - Software Distribution Service 3.0
RP1006: 9/24/2009 3:36:45 AM - System Checkpoint
RP1007: 9/25/2009 4:36:48 AM - System Checkpoint
RP1008: 9/26/2009 5:36:48 AM - System Checkpoint
RP1009: 9/27/2009 6:36:48 AM - System Checkpoint
RP1010: 9/28/2009 7:36:48 AM - System Checkpoint
RP1011: 9/29/2009 8:36:48 AM - System Checkpoint
RP1012: 9/30/2009 9:36:49 AM - System Checkpoint
RP1013: 10/1/2009 10:36:48 AM - System Checkpoint
RP1014: 10/2/2009 10:36:54 AM - System Checkpoint
RP1015: 10/3/2009 11:36:54 AM - System Checkpoint
RP1016: 10/4/2009 11:47:13 AM - System Checkpoint
RP1017: 10/5/2009 12:36:54 PM - System Checkpoint
RP1018: 10/6/2009 1:36:55 PM - System Checkpoint
RP1019: 10/7/2009 2:36:54 PM - System Checkpoint
RP1020: 10/8/2009 3:36:54 PM - System Checkpoint
RP1021: 10/9/2009 3:36:58 PM - System Checkpoint
RP1022: 10/10/2009 4:36:59 PM - System Checkpoint
RP1023: 10/11/2009 5:36:58 PM - System Checkpoint
RP1024: 10/12/2009 6:36:59 PM - System Checkpoint
RP1025: 10/13/2009 7:36:58 PM - System Checkpoint
RP1026: 10/14/2009 8:36:58 PM - System Checkpoint
RP1027: 10/15/2009 3:00:15 AM - Software Distribution Service 3.0
RP1028: 10/16/2009 3:30:42 AM - System Checkpoint
RP1029: 10/17/2009 3:35:12 AM - System Checkpoint
RP1030: 10/17/2009 11:38:12 AM - Cleaned registry with Windows Live OneCare safety scanner
RP1031: 10/17/2009 12:21:12 PM - Removed Citrix XenApp Web Plugin
RP1032: 10/17/2009 1:56:20 PM - Software Distribution Service 3.0
RP1033: 10/18/2009 2:10:55 AM - Software Distribution Service 3.0
RP1034: 10/18/2009 3:00:25 AM - Software Distribution Service 3.0
RP1035: 10/18/2009 1:59:51 PM - Software Distribution Service 3.0
RP1036: 10/19/2009 3:00:25 AM - Software Distribution Service 3.0
RP1037: 10/19/2009 8:05:34 PM - Software Distribution Service 3.0
RP1038: 10/20/2009 3:00:31 AM - Software Distribution Service 3.0
RP1039: 10/21/2009 3:54:50 AM - System Checkpoint
RP1040: 10/21/2009 3:57:48 PM - Software Distribution Service 3.0
RP1041: 10/22/2009 3:58:29 PM - Software Distribution Service 3.0
RP1042: 10/23/2009 3:57:49 PM - Software Distribution Service 3.0
RP1043: 10/24/2009 3:57:29 PM - Software Distribution Service 3.0
RP1044: 10/25/2009 1:43:49 AM - Software Distribution Service 3.0
RP1045: 10/25/2009 3:57:49 PM - Software Distribution Service 3.0
RP1046: 10/26/2009 3:58:07 PM - Software Distribution Service 3.0
RP1047: 10/27/2009 3:57:50 PM - Software Distribution Service 3.0
RP1048: 10/27/2009 4:57:43 PM - Installed SUPERAntiSpyware Free Edition
RP1049: 10/27/2009 5:06:18 PM - Installed Error Fix
RP1050: 10/27/2009 5:15:31 PM - Removed Error Fix
RP1051: 10/28/2009 5:53:41 PM - System Checkpoint
RP1052: 10/29/2009 10:55:04 AM - Software Distribution Service 3.0
RP1053: 10/30/2009 10:55:38 AM - Software Distribution Service 3.0
RP1054: 10/30/2009 12:46:14 PM - Software Distribution Service 3.0
RP1055: 10/31/2009 3:00:18 AM - Software Distribution Service 3.0
RP1056: 10/31/2009 1:51:16 PM - Software Distribution Service 3.0
RP1057: 11/1/2009 3:03:11 AM - Software Distribution Service 3.0
RP1058: 11/1/2009 2:51:42 PM - Software Distribution Service 3.0
RP1059: 11/2/2009 4:21:54 PM - System Checkpoint
RP1060: 11/3/2009 1:53:16 PM - Software Distribution Service 3.0
RP1061: 11/4/2009 4:00:20 AM - Software Distribution Service 3.0
RP1062: 11/4/2009 2:50:24 PM - Software Distribution Service 3.0
RP1063: 11/5/2009 3:25:32 PM - System Checkpoint
RP1064: 11/5/2009 6:06:57 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Acrobat.com
Adobe Acrobat Connect Add-in
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2
Adobe Shockwave Player 11.5
ArcSoft PhotoImpression
BCM V.92 56K Modem
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Classic PhoneTools
Critical Update for Windows Media Player 11 (KB959772)
D-Link DWA-552 Xtreme N Desktop Adapter
Dell Digital Jukebox Driver
Dell DJ Explorer
Dell ResourceCD
Dell Solution Center
EPSON Copy Utility
EPSON Photo Print
EPSON Printer Software
EPSON Smart Panel
EPSON TWAIN 5
EPSON User's Guide
FastAccess® DSL Help Center 4.4
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Instant Wireless USB Adapter
Intel(R) PRO Ethernet Adapter and Software
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 16
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
KODAK EASYSHARE Gallery Upload ActiveX Control
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Word Viewer 2003
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSVCRT
Musicmatch® Jukebox
NVIDIA Display Driver
OpenOffice.org 2.4
QuickTime
ScanToWeb
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
SoundMAX
Spelling Dictionaries Support For Adobe Reader 8
SUPERAntiSpyware Free Edition
TaxACT 2006
TaxACT 2007
TaxACT 2008
TaxACT 2008 Georgia
TaxACT Georgia 2007
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebFldrs XP
WebIQ Client Software
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Communications Platform
Windows Live Essentials
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows PowerShell(TM) 1.0 MUI pack
Windows Search 4.0
Windows XP Service Pack 3
WordPerfect Office 2002
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

11/5/2009 6:11:04 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
11/5/2009 6:11:04 PM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
11/5/2009 6:11:04 PM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
11/5/2009 6:11:04 PM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
11/5/2009 6:11:04 PM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
11/5/2009 6:10:58 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/5/2009 6:10:14 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/4/2009 4:22:10 AM, error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  Feature: On Access  Error Code: 0x80004005  Error description: Unspecified error   Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
11/4/2009 4:22:09 AM, error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  Feature: On Access  Error Code: 0x80004005  Error description: Unspecified error   Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
11/4/2009 4:22:09 AM, error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  Feature: On Access  Error Code: 0x80004005  Error description: Unspecified error   Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
11/4/2009 4:22:09 AM, error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  Feature: On Access  Error Code: 0x80004005  Error description: Unspecified error   Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
11/4/2009 4:22:09 AM, error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  Feature: On Access  Error Code: 0x80004005  Error description: Unspecified error   Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
11/4/2009 12:22:37 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
11/4/2009 12:22:37 PM, error: Service Control Manager [7000]  - The avast! Web Scanner service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
11/4/2009 12:21:21 PM, error: Service Control Manager [7022]  - The EpsonBidirectionalService service hung on starting.
11/4/2009 12:20:35 PM, error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  Feature: On Access  Error Code: 0x80004005  Error description: Unspecified error   Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
11/3/2009 11:07:31 AM, error: NetBT [4321]  - The name "WORKGROUP      :1d" could not be registered on the Interface with IP address 192.168.1.64. The machine with the IP address 192.168.1.65 did not allow the name to be claimed by this machine.
11/2/2009 1:46:16 PM, error: NetBT [4321]  - The name "GREG-55FBA8BA2B:0" could not be registered on the Interface with IP address 192.168.1.64. The machine with the IP address 192.168.1.65 did not allow the name to be claimed by this machine.
11/2/2009 1:40:24 PM, error: Service Control Manager [7034]  - The PC Tools Security Service service terminated unexpectedly.  It has done this 1 time(s).
11/2/2009 1:31:20 PM, error: Service Control Manager [7000]  - The SABProcEnum service failed to start due to the following error:  The system cannot find the file specified.
10/30/2009 4:31:28 PM, error: MRxSmb [8003]  - The master browser has received a server announcement from the computer CHERYL-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1278F1CB-A46A-487E. The master browser is stopping or an election is being forced.

==== End Of File ===========================

Please download ATF Cleaner by Atribune. This program is for XP, Vista, and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select All Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program. Please download to your desktop Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked,
  Click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Notes)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report into your next reply.
  

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process; if asked to restart the computer, please do so immediately.

If you encounter this message:
"c:\program files\malwarebytes' Anti-Malware\mbamext.dll
Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5"
Click on ignore mbamext.dll * If you are unable to download or install MBAM on your computer, see if you can use a friend's or family member's computer to download MBAM. Use the update link mentioned above to manually update. Once downloaded, rename the program installer "mbam-setup.exe" file to something else like "lookinhere.exe". Copy the installer file and the update file to a CD or flash drive. Transfer the files to the infected computer. Install the "lookinhere.exe" file, then run the update so that you will have the current definitions. After that, run a full system scan and select to have the program REMOVE whatever it finds.

**If you need to re-install MBAM but encounter issue in re-installing, try using the MBAM Cleanup Utility by downloading it from HERE

Sorry it took so long to get back to you DELL.com locked me out for 124 hours vice the 24 hours.  I have had a good log file from Malawarebytes before but they had said I still was infected.  Are you sure I am not infected now?

Cheryl

Malwarebytes' Anti-Malware 1.41
Database version: 3110
Windows 5.1.2600 Service Pack 3

11/6/2009 3:40:20 PM
mbam-log-2009-11-06 (15-40-20).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 185557
Time elapsed: 1 hour(s), 14 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Your MBAM database is at 3110. Please update it. It should be at least 3140.

Run a new scan so that you can post the log in your next reply.

You have Viewpoint installed. Viewpoint developed a behavioral targeting product in 2006. Viewpoint is associated with a program called viewmgr.exe and the ViewPoint Media Player.
Viewpoint is bundled with AOL, AOL Instant Messenger, Adobe Atmosphere, Netscape 7, etc and sometimes not mentioned in the license agreement. Hardware manufacturers pre-install some of these applications.
ViewPoint Toolbar will redirect your search queries and also transmits non personally identifiable information back to their servers. The Viewpoint Toolbar is listed is also classified as a threat in the CounterSpy Threat Library because it hijacks your search queries and also transmits non personally identifiable information back to their servers.
Viewpoint Manager is a media player often bundled with AIM software. Viewpoint Manager is a useless add on.
Because Viewpoint's software will track your web surfing and tailor advertisements based on the web pages you are visiting, I suggest you remove the program.
** Note: Removing Viewpoint Media Player may cause the program that bundled it to not function as intended. For AOL and AIM it is needed to use their 3D icons known as Super Buddies and for customized themes, etc.
If you wish to remove Viewpoint, end process on ViewManager in Task Manager.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

• Viewpoint
• Viewpoint Manager
• Viewpoint Media Player
• Viewpoint Toolbar
• Viewpoint Experience Technology

Then remove the Viewpoint folder in your Program Files.

Run Disk Cleanup in each user's profile: Click "Start > Programs > Accessories > System Tools > Disk Cleanup" Please make sure only the following are checked:

-- Downloaded Program Files

-- Temporary Internet Files

-- Recycle Bin

-- Temporary Files

Click "OK" and Disk Cleanup will delete those files for you.

Your outdated versions of Java make you vulnerable to infection.

Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 6.
• Scroll down to where it says Java SE Runtime Environment (JRE) 6 Update 17 .
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
NOTE: As always during installations, beware of any pre-checked option to install a toolbar. If you do not want it, UNcheck it.
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• I see these in your log:
• J2SE Runtime Environment 5.0 Update 3
  J2SE Runtime Environment 5.0 Update 6
  Java(TM) 6 Update 16
  Java(TM) 6 Update 2
  Java(TM) 6 Update 3
  Java(TM) 6 Update 4
  Java(TM) 6 Update 5
  Java(TM) 6 Update 7
  Java(TM) SE Runtime Environment 6 Update 1
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each of the Java versions.
  Close Add/Remove.

* In Windows Explorer, navigate to C:\Program Files\Java =this folder. Delete any subfolders.
* Do NOT delete C:\Program Files\JavaVM =this folder, if found!

• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u17-windows-i586.exe to install the newest version.

Delete the downloaded installation file after completing the above procedure and reboot if not prompted to do so.

Finally, please run an online virus scan by Kaspersky from HERE.

1. At the main page. Press on "Accept". After reading the contents.
2. At the next window Select Update. Allow the Database to update.
Note: If prompted to run or update your Java, then follow the prompts to do so. Kaspersky requires Java to run.
3. Once the Database has finished, under the Scan icon Select My Computer to start the scan. The scan may take a few minutes to complete.
4. Select Scan Report.
5. If any threats were found they will appear in the report
6. Select "Save error report as"
Then in the file name just type in kaspersky
Under "save as type" select text .txt
Save it to your Desktop.

Copy and post the results of the Kaspersky Online scan. If no threats were found then report that as well. Don't forget to include your latest log from MBAM.

If those scans do not find anything, ask your company exactly WHAT malware was found and WHERE it was found. Refer them to this topic so they can review the logs as well. They are welcome to reply here if they'd like to.

updated MBAM, removed ViewPoint Media Player.  That is all that I had.  Removed the folder as well.  Did the diskcleanup and the Java stuff.  I am having trouble with the Kaspersky.  I didn't stay around for when the scan finished figureing that the report would be there when I got back to save it.  But I did it twice and it wasn't.  Can you help me with this issue.  I am now scaning with MBAM to send the log again.  Cheryl

Here is the MBAM log.  Still don't seem to be able to get the kaspersky report.  I am trying again.

Malwarebytes' Anti-Malware 1.41
Database version: 3141
Windows 5.1.2600 Service Pack 3

11/11/2009 12:40:14 PM
mbam-log-2009-11-11 (12-40-14).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 184621
Time elapsed: 2 hour(s), 10 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

If you followed the instructions above for Kaspersky, I'm not sure why you did not get a report.

Try F-Secure instead. That one has roorkit detection as well.

 F-Secure: http://support.f-secure.com/enu/home/ols.shtml

Follow the directions on the F-Secure page for proper Installation.

* You may receive an alert on the address bar at this point to install the ActiveX control.
* Click on that alert and then click "Install ActiveX component".
* Read the license agreement and click "Accept".
* Click "Custom Scan" and be sure the following are checked:

• Scan whole System


• Scan all files
• Scan whole system for rootkits
• Scan whole system for spyware
• Scan inside archives
• Use advanced heuristics

* When the scan completes, click the "I want to decide item by item" button.
* For each item found, Select "Disinfect" and click "Next". * When done, click the "Show Report" button, then copy and paste the entire report into your next reply. If no infection was found let me know.

Her is the F-secure report from the scan.  I am still trying to do the Kaspersky one

Scanning Report

Wednesday, November 11, 2009 14:05:28 - 18:08:21

Computer name: GREG-55FBA8BA2B
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\

3 malware found

 

TrackingCookie.2o7 (spyware)

• System (Disinfected)

TrackingCookie.Doubleclick (spyware)

• System (Disinfected)

TrackingCookie.Yieldmanager (spyware)

• System (Disinfected)

Statistics

Scanned:

• Files: 394206
• System: 4132
• Not scanned: 211

Actions:

• Disinfected: 3
• Renamed: 0
• Deleted: 0
• Not cleaned: 0
• Submitted: 0

Files not scanned:

• C:\PAGEFILE.SYS
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_B4.DAT
• C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
• C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
• C:\WINDOWS\SYSTEM32\CONFIG\SAM
• C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
• C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
• C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
• C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
• C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
• C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
• C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
• C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
• C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC12.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC15.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC16.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC17.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC18.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC20.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC19.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC21.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC22.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC23.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC24.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC27.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC25.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC28.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC31.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC32.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC33.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC35.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC39.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC38.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC37.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC40.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC41.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC42.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC43.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC44.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC45.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC46.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC47.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC49.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC50.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC53.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC55.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC56.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC57.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC58.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC60.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC59.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC61.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC62.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC64.BAK
• C:\RECYCLER\S-1-5-21-823518204-1060284298-682003330-1003\DC9.BAK
• C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
• C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT.LOG
• C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
• C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
• C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT.LOG
• C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
• C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
• C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
• C:\DOCUMENTS AND SETTINGS\GREG STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{C13F095D-FCCB-41CE-A3EE-7F9ADB6D1A8E}\MICROSOFT\OUTLOOK EXPRESS\SENT ITEMS.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\NTUSER.DAT
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\NTUSER.DAT.LOG
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\AARP.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\AL.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\AIRLINE AND HOTEL.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\ALPINE.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\ARISE.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\AT&T.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\BUY.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\BCBS CHECKS.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\BOA.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\BUYING HOME.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\CAR.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\CHRIS.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\CG.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\CLOSING FERNANDINA.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\CLOUD10.DBX
• My Documents/Outlook Express/BCBS checks.dbx
• My Documents/Outlook Express/BOA.dbx
• My Documents/Outlook Express/Buy.dbx
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\COLLEGE.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\COMPUTERSDELL.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\CONSUMER REPORTS.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\CREDIT CARD POINTS.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\DELETED ITEMS.DBX
• My Documents/Outlook Express/Buying home.dbx
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\DOGS.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\FAMILY.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\ELECTION.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\FEEDBACK.DBX
• My Documents/Outlook Express/Closing Fernandina.dbx
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\FERS RETIREMENT.DBX
• My Documents/Outlook Express/Cloud10.dbx
• My Documents/Outlook Express/College.dbx
• My Documents/Outlook Express/ComputersDELL.dbx
• My Documents/Outlook Express/Consumer reports.dbx
• My Documents/Outlook Express/Credit Card Points.dbx
• My Documents/Outlook Express/Cruise.dbx
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\FOSTERING.DBX
• My Documents/Outlook Express/Deleted Items.dbx
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\HEALTH.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\INBOX.DBX
• My Documents/Outlook Express/DJ and Dani.dbx
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\JOBS.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\M&TD.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\MIA.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\MEDICARE.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\MOVE.DBX
• My Documents/Outlook Express/GA.dbx
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\NEW FOR SALES.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\NTI.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\NFL.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\PEPPERTREE.DBX
• My Documents/Outlook Express/M&TD.dbx
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\RETIREMENT.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\PS.DBX
• My Documents/Outlook Express/MEDICARE.dbx
• My Documents/Outlook Express/Mia.dbx
• My Documents/Outlook Express/Mike.dbx
• My Documents/Outlook Express/Move.dbx
• My Documents/Outlook Express/NC.dbx
• My Documents/Outlook Express/New for Sales.dbx
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\SELLING HOME.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\SCHOLARSHIPS.DBX
• My Documents/Outlook Express/Peppertree.dbx
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\SENT ITEMS.DBX
• My Documents/Outlook Express/Rentals.dbx
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\SOCIAL SECRUITY.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\SIMILIAR HOMES.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\SOFTWARE.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\SUPPLEMENTS ORDERED.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\SOLD.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\SURVEYS.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\THINGS NEEDED.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\TX.DBX
• My Documents/Outlook Express/RR.dbx
• My Documents/Outlook Express/Scholarships.dbx
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\VILLAGES.DBX
• My Documents/Outlook Express/Selling home.dbx
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\VILLAS.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\VITAMINS AND MINERALS.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\VOT.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\WLS.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\MY DOCUMENTS\OUTLOOK EXPRESS\WORKING SOLUTIONS.DBX
• My Documents/Outlook Express/Sent Items.dbx
• My Documents/Outlook Express/Showings.dbx
• My Documents/Outlook Express/Similiar homes.dbx
• My Documents/Outlook Express/Social Secruity.dbx
• My Documents/Outlook Express/TN.dbx
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\TEMP\FML5F1.TMP
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\TEMP\FML66D.TMP
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\TEMP\FML5EF.TMP
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\TEMP\HSPERFDATA_CHERYL STANN\3284
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\TEMP\HSPERFDATA_CHERYL STANN\2516
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\20062007 TAXES.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\AR.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\ALPINE.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\ARISE.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\BCBS CHECKS.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\AT&T.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\BOA.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\BUYING HOME.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\CLOSING BRUNSWICK.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\CHRIS.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\CG.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\COLLEGE.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\CLOUD10.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\CLOSING FERNANDINA.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\CRUISE.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\CREDIT CARD POINTS.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\CONSUMER REPORTS.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\FAMILY.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\FERS RETIREMENT.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\FEEDBACK.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\FOSTERING.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\GA.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\INBOX.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\JH.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\JOBS.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\MIA.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\MEDICARE.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\NC.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\NTI.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\NEW FOR SALES.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\RETIREMENT.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\SCHOLARSHIPS.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\SELLING HOME.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\SOFTWARE.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\SIMILIAR HOMES.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\TN.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\SOLD.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\VOT.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\VYSTAR.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\WLS.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\WORKING SOLUTIONS.DBX
• C:\DOCUMENTS AND SETTINGS\CHERYL STANN\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{4A83BA0C-169A-497E-BCAB-772C6416134A}\MICROSOFT\OUTLOOK EXPRESS\XMAS.DBX
• C:\Documents and Settings\Cheryl Stann\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-02-2009 - 12-29-40.SBU\backup.db
• C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\SEARCH\DATA\TEMP\USGTHRSVC\PERFLIB_PERFDATA_678.DAT
• C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSS.LOG
• C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSSTMP.LOG
• C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\TMP.EDB
• C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\WINDOWS.EDB
• C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\IMPSERVICEBCF43643-A118-4432-AEDE-D861FCBCFCDE.LOCK
• C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\CACHEMANAGER\MPSFC.BIN

Options

Scanning engines:

Scanning options:

• Scan all files
• Scan inside archives
• Use advanced heuristics

Copyright © 1998-2009 Product support | Send virus sample to F-Secure

F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

Those were just cookies -- no big deal. I would suggest that you contact the people that told you that you have malware and ask them to elaborate on what prompted them to make a diagnosis.

We can run a more powerful tool, but I see no need to at this point, unless the business that shut you down can give me more information. We have found no malware with all the scans we have run.

As long as you appear to be clean, if everything is still running well....

Please flush the XP System Restore Points: (Using XP, you must be logged in as Administrator to do this.)

Go to Start>Run and type msconfig Press enter.

When msconfig opens, click the Launch System Restore Button.

On the next page, click the System Restore Settings Link on the left.

Check the box labeled Turn Off System Restore.

Reboot. Go back in and turn System Restore ON. A new Restore Point will be created.

Here is my standard list of simple steps that you can take to reduce the chance of infection in the future.

If you have used Malwarebytes' Anti-Malware as part of your cleaning procedures, keep it updated and use it to scan every so often for malware, or upgrade to the paid version for realtime scanning and auto updating.

The following suggestions are general prevention and are not customized for your computer. You may have already taken some of these steps, and depending on your current security, you may not need to implement all of these:

1. Visit Microsoft Update: Make sure that you have all the Critical Updates recommended for your operating system, Office, and IE. The first defense against infection is a properly patched OS from Microsoft Update at update.microsoft.com. More info HERE.

2. Please use a firewall and realtime anti-virus. Keep the anti-virus software and firewall software up to date.

3.You might consider installing Mozilla / Firefox.
http://www.mozilla.com/en-US/

4. Do not use file sharing. Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple. File sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.

5. Before using or purchasing any Spyware/Malware protection/removal program, always check the following Rogue/Suspect Spyware Lists. http://www.spywarewarrior.com/rogue_anti-spyware.htm http://www.malwarebytes.org/database.php

6. If you have not already done so, you might want to install CCleaner and run it in each user's profile: http://www.ccleaner.com/ ** UNcheck the option to install the Yahoo toolbar that is checked by default for the Standard version, or download the toolbar-free versions (Slim or Basic) when given the option for those.

7.Web Of Trust , uses colored alerts to warn about risky websites warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

• Red for Warning = STOP
• Yellow for Use Caution
• Green for Safe
• Grey for Unknown

There is a Web Of Trust version for Firefox as well.

8. You might consider installing SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
It will:
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
Block spyware/tracking cookies in Internet Explorer and Mozilla Firefox.
Restrict the actions of potentially unwanted sites in Internet Explorer.
Tutorial here:http://www.bleepingcomputer.com/forums/tutorial49.html
Periodically check for updates

9. Here are some helpful articles:
"How did I get infected?"
http://www.bleepingcomputer.com/forums/topic2520.html

"I'm not pulling your leg, honest"
by Sandi Hardmeier
http://www.microsoft.com/windows/IE/community/columns/pulling.mspx

If you receive any additional information on this issue, please let me know so we can pursue the matter.