Hi! I originally posted this in the general forum & was asked to post here instead...so here goes (Original thread is here: http://www.malwarebytes.org/forums/index.p...amp;#entry29403 if you would like to see existing posts & responses.)

I am new to the forums, but have been running MBAM for a while now without any problems. However a couple of weeks ago the scan reported a trojan.extension.exploit and when MBAM attempts to remove it an error box pops up that says it encountered an error & MBAM will be closed. I believe this first occurred right after I updated to the new version of MBAM. The troublesome file is a screenshot jpeg file that has been on my computer quite some time & never was indicated by MBAM as a Trojan on previous scans. I just updated MBAM yesterday & ran another scan. Here is the log file without attempting to remove the trojan:

Malwarebytes' Anti-Malware 1.28
Database version: 1224
Windows 5.0.2195 Service Pack 3

9/30/2008 9:56:14 AM
mbam-log-2008-09-30 (09-56-06).txt

Scan type: Full Scan (C:\|)
Objects scanned: 111539
Time elapsed: 20 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\User\Local Settings\Temp\C--Documents and Settings-User-My Documents-My Pictures-Hello-d2vasquez-from d2vasquez-http www.scrapbookbytes.com - X-CART. Powerful PHP shopping cart software - Microsoft Internet Explorer 3 7 2006 10 28 10 PM.jpg (Trojan.Extension.Exploit) -> No action taken.

I am also unable to manually delete, open, rename, move, upload this file.

Here is the log of my Panda Scan: (I did a quick scan, what that right?)
;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-10-01 09:32:08
PROTECTIONS: 2
MALWARE: 3
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
Symantec Antivirus Corporate Edition 7.6 No Yes
Norton Antivirus Edition 7.5 No No
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\y209ih86.default\cookies.txt[.atdmt.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\y209ih86.default\cookies.txt[.com.com/]
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\y209ih86.default\cookies.txt[.gostats.com/]
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location ][xs5T

;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description ][xs5T

;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================

And here is my HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:59 AM, on 10/1/2008
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\MsgSys.EXE
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\atiptaxx.exe
C:\WINNT\System32\CTHELPER.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\NavNT\vptray.exe
C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
C:\Program Files\Motive\AsstCommon\motmon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\WINNT\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Lifeline\bin\mpbtn.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.abmarketing.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
O4 - HKLM\..\Run: [MotiveMonitor] "C:\Program Files\Motive\AsstCommon\motmon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [DLA] C:\WINNT\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - .DEFAULT Startup: Camio Viewer 2.0.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe (User 'Default user')
O4 - .DEFAULT User Startup: Camio Viewer 2.0.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe (User 'Default user')
O4 - Global Startup: Digital Lifeline.lnk = C:\Program Files\Digital Lifeline\bin\mpbtn.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.abweb (HKLM)
O15 - Trusted Zone: http://*.abweb1 (HKLM)
O15 - Trusted Zone: http://*.abweb2 (HKLM)
O15 - Trusted Zone: http://*.abweb3 (HKLM)
O15 - Trusted Zone: http://*.abwebauth (HKLM)
O15 - Trusted Zone: http://*.abwebqa (HKLM)
O15 - Trusted Zone: http://*.abwebstage (HKLM)
O15 - Trusted Zone: http://*.abc.corp.anheuser-busch.com (HKLM)
O15 - Trusted Zone: http://*.botweb (HKLM)
O15 - Trusted Zone: http://*.botweb1 (HKLM)
O15 - Trusted Zone: http://*.botweb2 (HKLM)
O15 - Trusted Zone: http://*.botweb3 (HKLM)
O15 - Trusted Zone: http://*.botwebauth (HKLM)
O15 - Trusted Zone: http://*.botwebqa (HKLM)
O15 - Trusted Zone: http://*.botwebqa1 (HKLM)
O15 - Trusted Zone: http://*.botwebqa2 (HKLM)
O15 - Trusted Zone: http://*.ciapp (HKLM)
O15 - Trusted Zone: http://*.ciapp1 (HKLM)
O15 - Trusted Zone: http://*.ciapp2 (HKLM)
O15 - Trusted Zone: http://*.ciappqa (HKLM)
O15 - Trusted Zone: http://*.ciappqa1 (HKLM)
O15 - Trusted Zone: http://*.ciappqa2 (HKLM)
O15 - Trusted Zone: http://*.slabcappp01 (HKLM)
O15 - Trusted Zone: http://*.slabcappp02 (HKLM)
O15 - Trusted Zone: http://*.slabcappt01 (HKLM)
O15 - Trusted Zone: http://*.slabcappt02 (HKLM)
O15 - Trusted Zone: http://*.slabcnodep01 (HKLM)
O15 - Trusted Zone: http://*.slabcnodep02 (HKLM)
O15 - Trusted Zone: http://*.slabcweb01 (HKLM)
O15 - Trusted Zone: http://*.slabcweb02 (HKLM)
O15 - Trusted Zone: http://*.slabcweb03 (HKLM)
O15 - Trusted Zone: http://*.slabcweb40 (HKLM)
O15 - Trusted Zone: http://*.slabcweb41 (HKLM)
O15 - Trusted Zone: http://*.slabcwebt01 (HKLM)
O15 - Trusted Zone: http://*.slabcwebt02 (HKLM)
O15 - Trusted Zone: http://*.slabwebd01 (HKLM)
O15 - Trusted Zone: http://*.slenawebt01 (HKLM)
O15 - Trusted Zone: http://*.slstgweb01 (HKLM)
O15 - Trusted Zone: http://*.sshdevweb01 (HKLM)
O15 - Trusted Zone: http://*.sshdevweb02 (HKLM)
O15 - Trusted Zone: http://*.sshdevwebl1 (HKLM)
O15 - Trusted Zone: http://*.stl-clu08 (HKLM)
O15 - Trusted Zone: http://*.stlabcapp13 (HKLM)
O15 - Trusted Zone: http://*.stlabcfil008 (HKLM)
O15 - Trusted Zone: http://*.stlabcfil009 (HKLM)
O15 - Trusted Zone: http://*.stlabcweb001 (HKLM)
O15 - Trusted Zone: http://*.stlbrewweb001 (HKLM)
O15 - Trusted Zone: http://*.stlbrewweb002 (HKLM)
O15 - Trusted Zone: http://*.stlbrewweb003 (HKLM)
O15 - Trusted Zone: http://*.stlcengweb001 (HKLM)
O15 - Trusted Zone: http://*.stloperweb003 (HKLM)
O15 - Trusted IP range: http://10.32.11.135 (HKLM)
O15 - Trusted IP range: http://10.32.11.175 (HKLM)
O15 - Trusted IP range: http://10.32.11.178 (HKLM)
O15 - Trusted IP range: http://10.32.26.40 (HKLM)
O15 - Trusted IP range: http://10.32.26.21 (HKLM)
O15 - Trusted IP range: http://10.32.26.41 (HKLM)
O15 - Trusted IP range: http://10.32.26.22 (HKLM)
O15 - Trusted IP range: http://10.32.26.42 (HKLM)
O15 - Trusted IP range: http://10.33.20.127 (HKLM)
O15 - Trusted IP range: http://10.32.11.136 (HKLM)
O15 - Trusted IP range: http://10.33.20.126 (HKLM)
O15 - Trusted IP range: http://10.32.11.125 (HKLM)
O15 - Trusted IP range: http://10.32.11.126 (HKLM)
O15 - Trusted IP range: http://10.32.11.127 (HKLM)
O15 - Trusted IP range: http://10.32.26.30 (HKLM)
O15 - Trusted IP range: http://10.32.26.31 (HKLM)
O15 - Trusted IP range: http://10.32.26.32 (HKLM)
O15 - Trusted IP range: http://10.32.11.155 (HKLM)
O15 - Trusted IP range: http://10.32.11.156 (HKLM)
O15 - Trusted IP range: http://10.32.11.157 (HKLM)
O15 - Trusted IP range: http://10.32.11.137 (HKLM)
O15 - Trusted IP range: http://10.33.24.42 (HKLM)
O15 - Trusted IP range: http://172.21.89.10 (HKLM)
O15 - Trusted IP range: http://172.21.89.15 (HKLM)
O15 - Trusted IP range: http://172.21.89.16 (HKLM)
O15 - Trusted IP range: http://10.33.20.141 (HKLM)
O15 - Trusted IP range: http://10.33.20.153 (HKLM)
O15 - Trusted IP range: http://10.33.20.151 (HKLM)
O15 - Trusted IP range: http://10.33.20.152 (HKLM)
O15 - Trusted IP range: http://10.33.20.168 (HKLM)
O15 - Trusted IP range: http://10.33.20.169 (HKLM)
O15 - Trusted IP range: http://10.32.11.139 (HKLM)
O15 - Trusted IP range: http://10.33.20.170 (HKLM)
O15 - Trusted IP range: http://151.145.25.99 (HKLM)
O15 - Trusted IP range: http://10.32.11.138 (HKLM)
O15 - Trusted IP range: http://172.21.207.120 (HKLM)
O15 - Trusted IP range: http://172.21.207.105 (HKLM)
O15 - Trusted IP range: http://172.21.207.106 (HKLM)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1222874598875
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Digital Home 8\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

--
End of file - 12311 bytes


I haven't been experiencing any problems with how my computer is running. I just discovered this while doing a routine MBAM scan. Any help/advice is appreciated! If I need to do anything more or have done anything incorrectly, please let me know.

Thanks!

Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***
Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please post back the following on your next reply:

C:\ComboFix.txt
New HijackThis log.

I will do as you instruct as soon as I get home from work.

One question though, this machine is running Windows 2000 Professional but the instructions for installing Recovery Console are for XP - Can I install the Recovery Console in Windows 2000? Sorry if this is a dumb question, I just don't want to make anything worse instead of better.

The recovery console for Windows 2000 is different, and you should be running Service Pack 4 on your system.

Please wait for 1972vet to return before proceeding in case he has different instructions for you.

Greetings levers...sorry for this delayed response. As the site was having some server problems, it seems upon fixing the issue some email notifications may have gotten turned sideways. I didn't receive a notification of your reply.

I don't think you'll find what you need on the microsoft link provided on that web page from BleepingComputer regarding the installation of the recovery console. As most users these days are online with either XP or Vista, the installation of the recovery console instructions for win2k in that article may be an oversight either on the part of the cf developer, or whoever created the instruction page at the BC web site...I will get in contact with the combofix developer (sUBs) to inquire. This may be a misunderstanding on my part or it may be something he may want to consider to bring about some modification of the online instructions for the combofix usage regarding Windows 2000 users.

You can read This Article, if needed, to learn how to start the recovery console in Windows 2000...and you can read This Article to learn how to create a set of boot disks for Windows 2000.

After you've installed the recovery console, please continue with the previously provided instructions for running the combofix program posting the requested logs. Thanks!

Thanks so much...I will get started on all that as soon as possible...it may not be until this weekend though as the next few days are very hectic for me & computer time will be limited. Shall I also go ahead & update to Service Pack 4 (which Advanced Setup said I should be running) before running ComboFix?

Thanks for your help & patience!

While the system is infected, it's not a good idea to install any Windows Updates. I think "AdvancedSetup" was making reference to the service pack regarding which download might be available on that Microsoft link provided in the instruction...but I took a look to be certain and there isn't anything included there for Windows 2000.

I've brought this up in a discussion thread (elsewhere) with the combofix developer to see if there are some other online instructions regarding the installation of the recovery console for Windows 2000 users that need to be addressed. Meanwhile, please use the guidance provided in those two links I provided earlier to install your recovery console. Thanks!

OK, I got Recovery Console installed, boot disks made & the requested scans run. Here are the logs you requested & I will await further instructions:

ComboFix Log:
ComboFix 08-09-30.03 - user 10/04/2008 19:02:32.1 - FAT32x86
Microsoft Windows 2000 Professional 5.0.2195.3.1252.1.1033.18.297 [GMT -6:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\system\msvbvm60.dll
C:\WINNT\system32\AutoRun.inf
C:\WINNT\Web\default.htt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MCHINJDRV
-------\Service_IAS


((((((((((((((((((((((((( Files Created from 2008-09-05 to 2008-10-05 )))))))))))))))))))))))))))))))
.

2008-10-01 09:27 . 08-10-01 09:27 <DIR> d-------- C:\Program Files\Panda Security
2008-10-01 09:27 . 08-06-19 17:24 28,544 --a------ C:\WINNT\system32\drivers\pavboot.sys
2008-10-01 09:24 . 08-07-18 22:10 33,992 --a------ C:\WINNT\system32\wucltui.dll.mui
2008-10-01 09:24 . 08-07-18 22:09 25,800 --a------ C:\WINNT\system32\wuaucpl.cpl.mui
2008-10-01 09:24 . 08-07-18 22:09 25,800 --a------ C:\WINNT\system32\wuapi.dll.mui
2008-10-01 09:24 . 08-07-18 22:08 20,680 --a------ C:\WINNT\system32\wuaueng.dll.mui
2008-10-01 08:17 . 08-10-01 08:17 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-01 08:17 . 08-10-01 08:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-30 21:42 . 08-09-30 21:42 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-30 21:42 . 08-09-30 21:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-30 21:42 . 08-09-30 21:42 <DIR> d-------- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
2008-09-30 21:42 . 08-09-30 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-30 21:27 . 08-09-30 21:27 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-09-30 16:34 . 08-09-30 16:34 <DIR> d-------- C:\Program Files\CCleaner
2008-09-12 16:49 . 08-10-03 09:10 832,956 ---h----- C:\WINNT\ShellIconCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-10 06:04 38,528 ----a-w C:\WINNT\system32\drivers\mbamswissarmy.sys
2008-09-10 06:03 17,200 ----a-w C:\WINNT\system32\drivers\mbam.sys
2008-08-19 17:55 --------- d-----w C:\Program Files\Trend Micro
2008-08-19 08:33 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-19 08:33 --------- d-----w C:\Documents and Settings\User\Application Data\Malwarebytes
2008-08-19 08:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-19 08:15 --------- d-----w C:\Program Files\Enigma Software Group
2008-08-09 07:10 --------- d-----w C:\Program Files\PowerStrip
2008-08-09 07:00 --------- d-----w C:\Documents and Settings\User\Application Data\ATI
2008-08-09 06:56 --------- d-----w C:\Program Files\ATI Technologies
2008-07-19 04:10 94,920 ----a-w C:\WINNT\system32\dllcache\cdm.dll
2008-07-19 04:10 94,920 ----a-w C:\WINNT\system32\cdm.dll
2008-07-19 04:10 53,448 ----a-w C:\WINNT\system32\wuauclt.exe
2008-07-19 04:10 53,448 ----a-w C:\WINNT\system32\dllcache\wuauclt.exe
2008-07-19 04:10 45,768 ----a-w C:\WINNT\system32\wups2.dll
2008-07-19 04:10 36,552 ----a-w C:\WINNT\system32\wups.dll
2008-07-19 04:09 563,912 ----a-w C:\WINNT\system32\wuapi.dll
2008-07-19 04:09 325,832 ----a-w C:\WINNT\system32\wucltui.dll
2008-07-19 04:09 1,811,656 ----a-w C:\WINNT\system32\wuaueng.dll
2008-07-19 04:09 1,811,656 ----a-w C:\WINNT\system32\dllcache\wuaueng.dll
2002-08-27 18:04 58,871 ----a-w C:\Program Files\viewsonicinstruct_2k.pdf
2002-08-13 10:24 169 ----a-w C:\Program Files\INSTALL.LOG
2002-07-23 07:37 271 ---h--w C:\Program Files\desktop.ini
2002-07-23 07:37 21,952 ---h--w C:\Program Files\folder.htt
2001-08-07 23:32 122,880 ----a-w C:\WINNT\inf\Agfa\message.exe
2001-05-08 18:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
2007-08-06 18:07 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-07-18 20:54 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [07-09-04 16:40 6856704]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [06-03-30 16:45 313472]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [08-10-01 23:44 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINNT\UpdReg.EXE" [00-05-11 01:00 90112]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [01-10-04 01:00 28672]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [02-01-23 12:09 675840]
"vptray"="C:\Program Files\NavNT\vptray.exe" [01-09-24 07:59 73728]
"SMS Application Launcher"="C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE" [02-05-01 05:05 73584]
"MotiveMonitor"="C:\Program Files\Motive\AsstCommon\motmon.exe" [02-09-10 13:42 139264]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [07-09-25 01:11 132496]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [06-06-13 22:58 167936]
"DLA"="C:\WINNT\System32\DLA\DLACTRLW.EXE" [06-06-13 05:20 127036]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [08-05-13 21:12 190024]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [08-07-12 11:04 734968]
"Synchronization Manager"="mobsync.exe" [01-05-08 12:00 111376 C:\WINNT\system32\mobsync.exe]
"AtiPTA"="atiptaxx.exe" [02-02-14 12:42 315392 C:\WINNT\system32\atiptaxx.exe]
"WINDVDPatch"="CTHELPER.EXE" [02-02-07 18:01 40960 C:\WINNT\system32\CTHELPER.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [01-05-08 07:00 186640]

C:\Documents and Settings\administrator\Start Menu\Programs\Startup\
Camio Viewer 2.0.lnk - C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe [2002-09-11 102912]

C:\Documents and Settings\SMSCliSvcAcct&\Start Menu\Programs\Startup\
Camio Viewer 2.0.lnk - C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe [2002-09-11 102912]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
Camio Viewer 2.0.lnk - C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe [2002-09-11 102912]

C:\Documents and Settings\9A81~1\Start Menu\Programs\Startup\
Camio Viewer 2.0.lnk - C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe [2002-09-11 102912]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Lifeline.lnk - C:\Program Files\Digital Lifeline\bin\mpbtn.exe [2002-09-20 176128]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-08-12 113664]
Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\CineTray.exe [2006-05-26 114688]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [08-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
08-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau]
02-07-22 14:05 139024 C:\WINNT\system32\NWPROVAU.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll
"SENTINEL"= snti386.dll
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OKI LPR Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OKI LPR Utility.lnk
backup=C:\WINNT\pss\OKI LPR Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Camio Viewer 2.0.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Camio Viewer 2.0.lnk
backup=C:\WINNT\pss\Camio Viewer 2.0.lnkStartup

R0 pavboot;pavboot;C:\WINNT\System32\drivers\pavboot.sys [08-06-19 17:24 28544]
R1 cdudf;cdudf;C:\WINNT\System32\drivers\cdudf.sys [02-01-23 12:19 354855]
R2 PStrip;PStrip;C:\WINNT\System32\drivers\pstrip.sys [07-07-14 19:37 27992]
R3 portmon2;Cyber20x Driver;C:\WINNT\System32\DRIVERS\portmon2.sys [01-07-22 16:02 7966]
S2 Par1284;Par1284;C:\Program Files\Tekprint Encad\Program\Par1284.sys [ ]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINNT\System32\drivers\mbamswissarmy.sys [08-09-10 00:04 38528]
S3 scsiscan;SCSI Scanner Driver;C:\WINNT\System32\DRIVERS\scsiscan.sys [99-09-25 10:36 10576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\y209ih86.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-04 19:09:18
Windows 5.0.2195 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINNT\system32\winlogon.exe
-> C:\WINNT\System32\NavLogon.dll
.
Completion time: 2008-10-04 19:10:29 - machine was rebooted [user]
ComboFix-quarantined-files.txt 2008-10-05 01:10:26

Pre-Run: 1,426,276,352 bytes free
Post-Run: 2,001,141,760 bytes free

157


HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:59 PM, on 10/4/2008
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\MsgSys.EXE
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\System32\atiptaxx.exe
C:\WINNT\System32\CTHELPER.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\NavNT\vptray.exe
C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
C:\Program Files\Motive\AsstCommon\motmon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\WINNT\System32\DLA\DLACTRLW.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Lifeline\bin\mpbtn.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.abmarketing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
O4 - HKLM\..\Run: [MotiveMonitor] "C:\Program Files\Motive\AsstCommon\motmon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [DLA] C:\WINNT\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - .DEFAULT Startup: Camio Viewer 2.0.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe (User 'Default user')
O4 - .DEFAULT User Startup: Camio Viewer 2.0.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe (User 'Default user')
O4 - Global Startup: Digital Lifeline.lnk = C:\Program Files\Digital Lifeline\bin\mpbtn.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.abweb (HKLM)
O15 - Trusted Zone: http://*.abweb1 (HKLM)
O15 - Trusted Zone: http://*.abweb2 (HKLM)
O15 - Trusted Zone: http://*.abweb3 (HKLM)
O15 - Trusted Zone: http://*.abwebauth (HKLM)
O15 - Trusted Zone: http://*.abwebqa (HKLM)
O15 - Trusted Zone: http://*.abwebstage (HKLM)
O15 - Trusted Zone: http://*.abc.corp.anheuser-busch.com (HKLM)
O15 - Trusted Zone: http://*.botweb (HKLM)
O15 - Trusted Zone: http://*.botweb1 (HKLM)
O15 - Trusted Zone: http://*.botweb2 (HKLM)
O15 - Trusted Zone: http://*.botweb3 (HKLM)
O15 - Trusted Zone: http://*.botwebauth (HKLM)
O15 - Trusted Zone: http://*.botwebqa (HKLM)
O15 - Trusted Zone: http://*.botwebqa1 (HKLM)
O15 - Trusted Zone: http://*.botwebqa2 (HKLM)
O15 - Trusted Zone: http://*.ciapp (HKLM)
O15 - Trusted Zone: http://*.ciapp1 (HKLM)
O15 - Trusted Zone: http://*.ciapp2 (HKLM)
O15 - Trusted Zone: http://*.ciappqa (HKLM)
O15 - Trusted Zone: http://*.ciappqa1 (HKLM)
O15 - Trusted Zone: http://*.ciappqa2 (HKLM)
O15 - Trusted Zone: http://*.slabcappp01 (HKLM)
O15 - Trusted Zone: http://*.slabcappp02 (HKLM)
O15 - Trusted Zone: http://*.slabcappt01 (HKLM)
O15 - Trusted Zone: http://*.slabcappt02 (HKLM)
O15 - Trusted Zone: http://*.slabcnodep01 (HKLM)
O15 - Trusted Zone: http://*.slabcnodep02 (HKLM)
O15 - Trusted Zone: http://*.slabcweb01 (HKLM)
O15 - Trusted Zone: http://*.slabcweb02 (HKLM)
O15 - Trusted Zone: http://*.slabcweb03 (HKLM)
O15 - Trusted Zone: http://*.slabcweb40 (HKLM)
O15 - Trusted Zone: http://*.slabcweb41 (HKLM)
O15 - Trusted Zone: http://*.slabcwebt01 (HKLM)
O15 - Trusted Zone: http://*.slabcwebt02 (HKLM)
O15 - Trusted Zone: http://*.slabwebd01 (HKLM)
O15 - Trusted Zone: http://*.slenawebt01 (HKLM)
O15 - Trusted Zone: http://*.slstgweb01 (HKLM)
O15 - Trusted Zone: http://*.sshdevweb01 (HKLM)
O15 - Trusted Zone: http://*.sshdevweb02 (HKLM)
O15 - Trusted Zone: http://*.sshdevwebl1 (HKLM)
O15 - Trusted Zone: http://*.stl-clu08 (HKLM)
O15 - Trusted Zone: http://*.stlabcapp13 (HKLM)
O15 - Trusted Zone: http://*.stlabcfil008 (HKLM)
O15 - Trusted Zone: http://*.stlabcfil009 (HKLM)
O15 - Trusted Zone: http://*.stlabcweb001 (HKLM)
O15 - Trusted Zone: http://*.stlbrewweb001 (HKLM)
O15 - Trusted Zone: http://*.stlbrewweb002 (HKLM)
O15 - Trusted Zone: http://*.stlbrewweb003 (HKLM)
O15 - Trusted Zone: http://*.stlcengweb001 (HKLM)
O15 - Trusted Zone: http://*.stloperweb003 (HKLM)
O15 - Trusted IP range: http://10.32.11.135 (HKLM)
O15 - Trusted IP range: http://10.32.11.175 (HKLM)
O15 - Trusted IP range: http://10.32.11.178 (HKLM)
O15 - Trusted IP range: http://10.32.26.40 (HKLM)
O15 - Trusted IP range: http://10.32.26.21 (HKLM)
O15 - Trusted IP range: http://10.32.26.41 (HKLM)
O15 - Trusted IP range: http://10.32.26.22 (HKLM)
O15 - Trusted IP range: http://10.32.26.42 (HKLM)
O15 - Trusted IP range: http://10.33.20.127 (HKLM)
O15 - Trusted IP range: http://10.32.11.136 (HKLM)
O15 - Trusted IP range: http://10.33.20.126 (HKLM)
O15 - Trusted IP range: http://10.32.11.125 (HKLM)
O15 - Trusted IP range: http://10.32.11.126 (HKLM)
O15 - Trusted IP range: http://10.32.11.127 (HKLM)
O15 - Trusted IP range: http://10.32.26.30 (HKLM)
O15 - Trusted IP range: http://10.32.26.31 (HKLM)
O15 - Trusted IP range: http://10.32.26.32 (HKLM)
O15 - Trusted IP range: http://10.32.11.155 (HKLM)
O15 - Trusted IP range: http://10.32.11.156 (HKLM)
O15 - Trusted IP range: http://10.32.11.157 (HKLM)
O15 - Trusted IP range: http://10.32.11.137 (HKLM)
O15 - Trusted IP range: http://10.33.24.42 (HKLM)
O15 - Trusted IP range: http://172.21.89.10 (HKLM)
O15 - Trusted IP range: http://172.21.89.15 (HKLM)
O15 - Trusted IP range: http://172.21.89.16 (HKLM)
O15 - Trusted IP range: http://10.33.20.141 (HKLM)
O15 - Trusted IP range: http://10.33.20.153 (HKLM)
O15 - Trusted IP range: http://10.33.20.151 (HKLM)
O15 - Trusted IP range: http://10.33.20.152 (HKLM)
O15 - Trusted IP range: http://10.33.20.168 (HKLM)
O15 - Trusted IP range: http://10.33.20.169 (HKLM)
O15 - Trusted IP range: http://10.32.11.139 (HKLM)
O15 - Trusted IP range: http://10.33.20.170 (HKLM)
O15 - Trusted IP range: http://151.145.25.99 (HKLM)
O15 - Trusted IP range: http://10.32.11.138 (HKLM)
O15 - Trusted IP range: http://172.21.207.120 (HKLM)
O15 - Trusted IP range: http://172.21.207.105 (HKLM)
O15 - Trusted IP range: http://172.21.207.106 (HKLM)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1222874598875
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Digital Home 8\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

--
End of file - 12869 bytes

Sorry for this late reply but once more, I didn't receive an email notification for your last post. We're still trying to determine what we can do to remedy this...back to business:

OK, things are looking better. I should advise you that the MessengerPlus! 3 application has been well known to have caused users some heartburn over the past few years when the sponsor software is installed along with it. If you know with certainty that you did not install the sponsor's software then you should be fine...but, if you don't you should uninstall the software and upon reinstallation, be careful not to allow the sponsor software to install packaged with the rest of your installation files for the MessengerPlus! 3 program.

Next, I noticed two other applications you have installed that are out of date and vulnerable as a result. Your Java, and your Adobe Acrobat. You should uninstall both and install the latest versions...please note though, that for Windows 2000, you must have the sp4 installed for acrobat v9 so you can download the file but don't install it until we finish up here and after you have installed the appropriate service pack. Click Here for adobe, and click Here for Java...Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7
The Java SE Runtime Environment (JRE) allows end-users to run Java applications."

Next, please run HijackThis again and check the box next to these entries:
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

Check the box next to every one of the "O15" entries

Now close all windows except for hijackthis (that includes this browser window)...then click the Fix Checked button.

Reboot the computer and post back a fresh HijackThis log. Please advise how the system behaves for you now. Thanks!

I don't seem to be getting email updates of replies either, but I will just keep checking back as often as possible throughout the day.

I specifically did NOT install the sponsor's software with MessengerPlus! 3, so I should be OK there. I fixed the items you indicated in HijackThis, rebooted & here is the new logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:54 AM, on 10/7/2008
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\MsgSys.EXE
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\atiptaxx.exe
C:\WINNT\System32\CTHELPER.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\NavNT\vptray.exe
C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
C:\Program Files\Motive\AsstCommon\motmon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\WINNT\System32\DLA\DLACTRLW.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Lifeline\bin\mpbtn.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.abmarketing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
O4 - HKLM\..\Run: [MotiveMonitor] "C:\Program Files\Motive\AsstCommon\motmon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [DLA] C:\WINNT\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - .DEFAULT Startup: Camio Viewer 2.0.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe (User 'Default user')
O4 - .DEFAULT User Startup: Camio Viewer 2.0.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe (User 'Default user')
O4 - Global Startup: Digital Lifeline.lnk = C:\Program Files\Digital Lifeline\bin\mpbtn.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1222874598875
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Digital Home 8\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

--
End of file - 8328 bytes


After this was completed I also updated MBAM & ran a quick scan which came out clean! I wasn't having any problems with the system before other than the trojan showing up on the MBAM scans - but that seems to be gone now & the system still seems to be performing fine, so I think we are making good progress. I will update Java & download the Acrobat update tonight when I get home from work so I am ready to proceed & will wait for further instructions - Thanks so much again for all your help!

OK, when trying to install the Java update it advised updating to Windows 2000 Service Pack 4 first also, so I did not install it. I do have both the Java & Acrobat updates downloaded & ready to install though.

This log looks clean. Your next step would be to uninstall the outdated software. Immediately after, visit the Windows Update site and install all Critical updates the scan presents. Once you've completed installing your newest updates, you should of course reboot...and at this point I would seriously consider performing a defrag of the system before installing your updated Java and Acrobat applications. Post back a fresh HijackThis log and advise how the system is performing for you. Thanks!

I've had a family medical emergency I have to deal with, but I will finish the rest of this just as soon as I am able & will post the HijackThis log after. I just wanted to update you so you didn't think I had simply abandoned this...I'll get back to it as soon as is possible. Thanks!

Understood...take what time you need with your family.

Due to the lack of feedback this Topic is closed to prevent others from posting here.

It's understood you need time away for family. When time permits you can reopen this topic by sending a Private Message to any one of the moderating team members. Please include a link to this thread with your request.

This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

OK, I finally got all the updates done - sorry for the long delay. My system has been running fine & all scans coming up clean. Here is my latest HiJack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:14 PM, on 11/6/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\atiptaxx.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\NavNT\vptray.exe
C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
C:\Program Files\Motive\AsstCommon\motmon.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\WINNT\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Digital Lifeline\bin\mpbtn.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abmarketing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
O4 - HKLM\..\Run: [MotiveMonitor] "C:\Program Files\Motive\AsstCommon\motmon.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [DLA] C:\WINNT\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINNT\system32\cmd.exe /C "C:\DOCUME~1\User\LOCALS~1\Temp\MsgPlusUninst.bat"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - .DEFAULT Startup: Camio Viewer 2.0.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe (User 'Default user')
O4 - .DEFAULT User Startup: Camio Viewer 2.0.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe (User 'Default user')
O4 - Global Startup: Digital Lifeline.lnk = C:\Program Files\Digital Lifeline\bin\mpbtn.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1225988059562
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Digital Home 8\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

--
End of file - 8276 bytes

This log looks fine. Java however, has been updated again. Uninstall what you have, and download the latest version Here. Scroll down just a bit to the first download link where it says "Java SE Runtime Environment (JRE) 6 Update 10".

Post back a fresh HijackThis log and let us know how the system performs for you now. Thanks!

OK, did that & here is the new log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:14 AM, on 11/7/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\atiptaxx.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\NavNT\vptray.exe
C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
C:\Program Files\Motive\AsstCommon\motmon.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\WINNT\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\Digital Lifeline\bin\mpbtn.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abmarketing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
O4 - HKLM\..\Run: [MotiveMonitor] "C:\Program Files\Motive\AsstCommon\motmon.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [DLA] C:\WINNT\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - .DEFAULT Startup: Camio Viewer 2.0.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe (User 'Default user')
O4 - .DEFAULT User Startup: Camio Viewer 2.0.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe (User 'Default user')
O4 - Global Startup: Digital Lifeline.lnk = C:\Program Files\Digital Lifeline\bin\mpbtn.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1225988059562
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Digital Home 8\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

--
End of file - 8406 bytes


All still running fine & scanning clean too.
Thanks!

Excellent...you're good to go.

Click start-->run...then copy and paste the Bold text below into the run box and click "OK":

ComboFix /u

Performing this function will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again for you automatically.

Below is pretty much a standard blurb I offer to users I've assisted...pick from it what you feel applies to your situation but be sure to read the "How did I get infected..." link at the bottom.

To assist in the prevention of spyware infections:

Immunize your browser by installing Spywareblaster. What does it do?

• Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
• Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
• Restricts the actions of potentially unwanted sites in Internet Explorer.

Keep your anti-virus and spyware definitions up to date. Be sure to scan often.

Below you can choose from several of the freeware Firewalls available on the public domain. Even though you may have a Firewall already installed, keep this list handy should you choose not to renew your subscription for whatever reason.

You should always have at least (but not more than ) one of these types of third party firewalls running on board:
Kerio Personal Firewall
Zone Alarm
Outpost Free
Comodo

Install the free security tool "Secunia PSI" to help protect your system against software vulnerabilities. The free utility scans your system's software applications and offers a one button "Download "Solution" feature that updates the exploited software AND provides other related information/patching if warranted.

Stay updated with the most recent Windows patches as well...using Microsoft's Windows Update. Make it easy on yourself, and set this feature to Automatic.

Using an alternate browser can reduce your chance of certain infections installing themselves. We recommend installing Mozilla Firefox. If you don't already have "Firefox", please consider installing and using this browser for surfing.

If you still wish to use Internet Explorer, please make sure you install SpywareBlaster (from above) to protect you from most ActiveX infections.

Become familiar with the MalwareBytes anti-malware application. Use it often especially if you begin to notice the system performance behavior is not what it should be. Learn more about the program Here where you can also request assistance if you have some concerns about the programs findings.

There is a licensed version that provides real time protection and other automatic features. You can use the free version as well (not a trial). It provides the same cleanup function but without the active guard protection and other automated functions.

Run CCleaner often. The Yahoo Toolbar is included by default during the installation...if you DO NOT WANT IT, be sure to remove the check from the "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser" option during installation setup.

Or if you just want to run your on board Disk Cleanup ("Start--> Programs-->Accessories-->System Tools-->Disk Cleanup" ), just open the utility and check off the following:
Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files. Don't forget to defrag the system.

So how did I get infected in the first place?
Regards, and Happy Surfing!

This issue appears resolved and the thread is closed to prevent others from posting here.
Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.