Awesome . MBAM is the best program I have ever seen in terms of protection. Its scanning engine is unrivaled. I highly recommend it to anyone.

Now, let's see what else is hiding:


Next, lets download ComboFix.exe. This will give me a better view to the files running, those that are hidden, and also those in the registry..Please download from one of these webpages .

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
Combofix -> Anti-malware Tools -> Downloads


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.

Double-click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes to continue scanning for malware.

When finished, it shall produce a log for you. Please include the ComboFix.txt in your reply.

Here is the SUPERAntiSpyware Log you requested:

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!
Generated 10/17/2009 at 10:04 PM
Application Version : 4.29.1004
Core Rules Database Version : 4144
Trace Rules Database Version: 2075
Scan type : Complete Scan
Total Scan Time : 00:45:12
Memory items scanned : 445
Memory threats detected : 0
Registry items scanned : 4975
Registry threats detected : 0
File items scanned : 55409
File threats detected : 15
Adware.Tracking Cookie
C:\Documents and Settings\Missy\Cookies\missy@advertising[1].txt
C:\Documents and Settings\Missy\Cookies\missy@fastclick[2].txt
C:\Documents and Settings\Missy\Cookies\missy@specificclick[2].txt
C:\Documents and Settings\Missy\Cookies\missy@serving-sys[2].txt
C:\Documents and Settings\Missy\Cookies\missy@zedo[1].txt
C:\Documents and Settings\Missy\Cookies\missy@ads.bleepingcomputer[2].txt
C:\Documents and Settings\Missy\Cookies\missy@bs.serving-sys[1].txt
C:\Documents and Settings\Missy\Cookies\missy@atdmt[1].txt
C:\Documents and Settings\Missy\Cookies\missy@collective-media[1].txt
C:\Documents and Settings\Missy\Cookies\missy@msnservices.112.2o7[1].txt
C:\Documents and Settings\Missy\Cookies\missy@doubleclick[1].txt
C:\Documents and Settings\Missy\Cookies\missy@invitemedia[1].txt
C:\Documents and Settings\Missy\Cookies\missy@ad.yieldmanager[1].txt
C:\Documents and Settings\Missy\Cookies\missy@burstnet[2].txt
C:\Documents and Settings\Missy\Cookies\missy@tribalfusion[2].txt

Perfect. Just cookies We're making progress.

Here is the ComboFix Log:

ComboFix 09-10-16.09 - Missy 10/17/2009 22:49.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.192 [GMT -4:00]
Running from: c:\documents and settings\Missy\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Application Data\020000005c5962f7684C.manifest
c:\documents and settings\Administrator\Application Data\020000005c5962f7684O.manifest
c:\documents and settings\Administrator\Application Data\020000005c5962f7684P.manifest
c:\documents and settings\Administrator\Application Data\020000005c5962f7684S.manifest
c:\documents and settings\Missy\Application Data\020000005c5962f7670C.manifest
c:\documents and settings\Missy\Application Data\020000005c5962f7670O.manifest
c:\documents and settings\Missy\Application Data\020000005c5962f7670P.manifest
c:\documents and settings\Missy\Application Data\020000005c5962f7670S.manifest
c:\documents and settings\Missy\Application Data\020000005c5962f7684C.manifest
c:\documents and settings\Missy\Application Data\020000005c5962f7684O.manifest
c:\documents and settings\Missy\Application Data\020000005c5962f7684P.manifest
c:\documents and settings\Missy\Application Data\020000005c5962f7684S.manifest
c:\windows\Installer\31230dc0.msp
c:\windows\Installer\31230dc1.msp
c:\windows\Installer\31230dc2.msp
c:\windows\Installer\31230dc3.msp
c:\windows\Installer\31230dc4.msp
c:\windows\Installer\31230dc5.msp
c:\windows\Installer\31230dc6.msp
c:\windows\Installer\31230dc7.msp
c:\windows\Installer\31230dc8.msp
c:\windows\system32\1bRoZ.vbs
c:\windows\system32\1gqB13rU0Qnhg.vbs
c:\windows\system32\cH42c.vbs
c:\windows\system32\DE55CA5C49.dll
c:\windows\system32\f2Psb.vbs
c:\windows\system32\fJiFrYVw90iMuVV.vbs
c:\windows\system32\FkRtF.vbs
c:\windows\system32\FRamh.vbs
c:\windows\system32\h9p3tPtYeLGX4.vbs
c:\windows\system32\hpbdf0U.vbs
c:\windows\system32\Ia45w.vbs
c:\windows\system32\N1sbVlTp5O35Q.vbs
c:\windows\system32\Ofe5RZWm6QNWj.vbs
c:\windows\system32\Olhn9MgfFiWrx.vbs
c:\windows\system32\pY3j7.vbs
c:\windows\system32\q7RxIx8.vbs
c:\windows\system32\QxRDvpbOY9rm5g8.vbs
c:\windows\system32\syoepk_lib0.dll
c:\windows\system32\V28rWAxrR404WB9.vbs
c:\windows\system32\Z7CEwiy1cklPZ.vbs
c:\windows\system32\ZwEDSnMBQveBI.vbs
.
((((((((((((((((((((((((( Files Created from 2009-09-18 to 2009-10-18 )))))))))))))))))))))))))))))))
.
2009-10-17 17:43 . 2009-10-17 17:49 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-17 17:43 . 2009-10-17 17:43 -------- d-----w- c:\windows\LastGood
2009-10-17 14:30 . 2009-10-17 14:30 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-10-07 01:22 . 2009-10-07 01:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-10-05 09:37 . 2009-10-05 10:23 -------- d-----w- c:\documents and settings\Missy\DoctorWeb
2009-10-05 02:25 . 2009-10-05 02:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-10-04 20:56 . 2009-10-04 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-04 20:55 . 2009-10-18 01:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-04 20:55 . 2009-10-04 20:55 -------- d-----w- c:\documents and settings\Missy\Application Data\SUPERAntiSpyware.com
2009-10-04 20:55 . 2009-10-04 20:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-03 15:32 . 2009-10-03 15:33 -------- d-----w- c:\windows\system32\NtmsData
2009-10-03 00:57 . 2009-10-03 00:57 -------- d-----w- c:\program files\Trend Micro
2009-10-02 21:14 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-01 23:11 . 2009-10-12 23:19 -------- d-----w- c:\program files\Payroll 2009
2009-10-01 02:48 . 2009-10-01 02:48 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2009-10-01 02:48 . 2008-08-19 13:46 1848608 ----a-w- c:\windows\system32\acXMLParser.dll
2009-10-01 02:48 . 2008-08-19 13:46 3523872 ----a-w- c:\windows\system32\cdintf300.dll
2009-10-01 02:48 . 2009-10-01 02:48 -------- d-----w- c:\documents and settings\Missy\Application Data\Intuit
2009-10-01 02:47 . 2009-10-01 02:47 -------- d-----w- c:\program files\Common Files\Intuit
2009-10-01 02:47 . 2009-10-01 03:20 -------- d-----w- c:\program files\Quicken
2009-10-01 02:46 . 2009-10-01 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2009-09-29 15:34 . 2008-04-13 18:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-09-29 15:34 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-09-29 15:33 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-09-29 15:33 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-09-28 22:22 . 2002-08-14 04:08 264704 ----a-w- c:\windows\system32\MaggiUninstall60.exe
2009-09-28 22:21 . 1999-03-23 13:12 299520 ----a-w- c:\windows\uninst.exe
2009-09-28 16:17 . 2009-09-28 16:17 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-09-28 14:48 . 2009-09-28 14:48 -------- d-----w- c:\documents and settings\Missy\Local Settings\Application Data\TechSmith
2009-09-28 02:12 . 2008-10-16 18:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-09-28 02:12 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-26 18:15 . 2008-07-10 18:56 107864 ----a-w- c:\windows\system32\tsccvid.dll
2009-09-26 18:15 . 2009-09-26 18:15 -------- d-----w- c:\windows\system32\QuickTime
2009-09-26 18:14 . 2009-09-26 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2009-09-26 18:14 . 2009-09-26 18:14 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2009-09-26 18:14 . 2009-09-26 18:14 -------- d-----w- c:\program files\TechSmith
2009-09-26 15:06 . 2009-09-26 15:06 -------- d-----w- c:\program files\Microsoft.NET
2009-09-26 15:06 . 2009-09-26 15:06 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-09-26 14:59 . 2009-09-26 14:59 -------- d-----w- c:\documents and settings\Missy\Local Settings\Application Data\Microsoft Help
2009-09-26 14:58 . 2009-10-17 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-25 22:22 . 2007-10-03 05:05 126976 ------w- c:\windows\system32\BrfxD05a.dll
2009-09-25 22:22 . 2003-11-28 22:57 0 ----a-w- c:\windows\brdfxspd.dat
2009-09-25 22:22 . 2007-12-14 02:16 5120 ------w- c:\windows\system32\BrDctF2L.dll
2009-09-25 22:22 . 2007-12-14 02:16 3072 ------w- c:\windows\system32\BrDctF2S.dll
2009-09-25 22:22 . 2006-12-28 17:39 176128 ------w- c:\windows\system32\BroSNMP.dll
2009-09-25 22:22 . 2007-12-14 02:16 73728 ------w- c:\windows\system32\BrDctF2.dll
2009-09-25 22:03 . 2009-09-25 22:03 -------- d-----w- c:\documents and settings\Missy\Application Data\InstallShield
2009-09-25 20:18 . 2009-09-25 20:26 -------- d-----w- c:\documents and settings\Missy\Application Data\Brother CreativeCenter
2009-09-25 20:18 . 2009-09-25 20:26 -------- d-----w- c:\program files\Brother CreativeCenter
2009-09-25 20:18 . 2009-09-25 20:18 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-09-25 16:08 . 2009-09-25 16:08 -------- d-----w- c:\program files\Windows Defender
2009-09-24 20:59 . 2009-09-24 20:59 -------- d-----w- c:\program files\Adobe Media Player
2009-09-23 19:34 . 2009-09-23 19:34 -------- d-----w- c:\documents and settings\Missy\Application Data\TuneUp Software
2009-09-23 19:32 . 2009-10-17 14:31 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-09-23 19:32 . 2009-09-23 19:32 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-09-23 14:35 . 2009-09-23 14:35 -------- d-----w- c:\program files\PhotoCardMaker
2009-09-22 14:48 . 2009-09-22 14:48 -------- d-----w- c:\documents and settings\Missy\Application Data\FastStone
2009-09-21 12:57 . 2009-09-21 12:57 -------- d-----w- c:\documents and settings\Missy\Local Settings\Application Data\Identities
2009-09-20 15:31 . 2009-09-20 23:22 -------- d-----w- c:\documents and settings\Missy\Application Data\DJ Nitrogen
2009-09-20 15:31 . 2009-09-20 15:31 -------- d-----w- c:\program files\DJ Nitrogen
2009-09-20 15:03 . 2009-09-20 15:03 -------- d-----w- c:\documents and settings\Missy\Local Settings\Application Data\Help
2009-09-20 15:03 . 2009-09-20 15:03 -------- d-sh--w- c:\windows\ftpcache
2009-09-20 15:03 . 2009-09-20 15:03 -------- d-----w- c:\program files\Photo Watermark Professional
2009-09-20 15:00 . 2009-09-20 15:00 -------- d-----w- c:\program files\7-Zip
2009-09-19 21:08 . 2009-09-19 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\FunGames
2009-09-19 20:14 . 2009-09-19 20:14 -------- d-----w- c:\program files\AceMoney
2009-09-19 20:13 . 2009-09-19 20:13 -------- d-----w- c:\program files\Family Budget Planner
2009-09-19 20:12 . 2009-09-19 20:12 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-09-19 20:12 . 2009-09-19 20:12 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-19 20:05 . 2009-09-19 20:06 -------- d-----w- C:\GO-BUDGET 4
2009-09-19 20:04 . 2009-09-19 20:04 -------- d-----w- c:\documents and settings\Missy\Local Settings\Application Data\WDSetup
2009-09-19 19:50 . 2009-09-19 19:50 -------- d-----w- c:\program files\simpleDBudget
2009-09-19 19:47 . 2009-09-19 19:47 -------- d-----w- c:\program files\CBE
2009-09-19 04:24 . 2009-09-19 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Protexis
2009-09-18 13:25 . 2009-09-18 13:25 -------- d-----w- c:\program files\Avery Dennison
2009-09-18 13:25 . 2009-09-18 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Avery
2009-09-18 13:19 . 1998-12-09 00:53 212480 ------w- c:\windows\pcdlib32.dll
2009-09-18 13:19 . 2009-09-18 13:19 -------- d-----w- c:\program files\Serif
2009-09-18 13:18 . 2009-09-18 13:18 189828 ----a-w- c:\windows\Photo Pos Pro Uninstaller.exe
2009-09-18 13:16 . 2009-09-18 13:16 -------- d-----w- c:\program files\Common Files\Thraex Software
2009-09-18 13:16 . 2009-09-18 13:18 -------- d-----w- c:\program files\Photo Pos Pro
2009-09-18 13:01 . 2009-09-18 13:01 -------- d-----w- c:\documents and settings\Missy\Application Data\Malwarebytes
2009-09-18 13:01 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-18 13:01 . 2009-09-18 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-18 13:01 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-18 13:01 . 2009-09-18 13:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-18 12:52 . 2009-09-18 12:52 -------- d-----w- c:\program files\FastStone Image Viewer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-17 22:16 . 2009-04-09 09:45 141856 ----a-w- c:\documents and settings\Missy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-12 23:16 . 2009-04-11 01:57 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-01 02:48 . 2009-03-14 21:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-30 22:12 . 2009-05-30 12:55 -------- d-----w- c:\documents and settings\Missy\Application Data\FrostWire
2009-09-25 22:22 . 2009-09-15 19:22 50 ----a-w- c:\windows\system32\bridf08a.dat
2009-09-25 22:22 . 2009-09-15 19:21 -------- d-----w- c:\program files\Brother
2009-09-16 15:37 . 2009-09-16 15:37 -------- d-----w- c:\program files\MSXML 4.0
2009-09-16 15:22 . 2009-09-16 15:22 -------- d-----w- c:\documents and settings\Missy\Application Data\Alpha Software
2009-09-16 13:07 . 2009-09-16 13:07 -------- d-----w- c:\documents and settings\Missy\Application Data\RapidTyping
2009-09-16 13:07 . 2009-09-16 13:07 -------- d-----w- c:\program files\RapidTyping
2009-09-16 13:07 . 2009-09-16 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\RapidTyping
2009-09-15 23:22 . 2009-09-15 23:22 -------- d-----r- c:\documents and settings\Missy\Application Data\Brother
2009-09-15 19:19 . 2009-09-15 19:19 -------- d-----w- c:\program files\Nuance
2009-09-15 19:18 . 2009-09-15 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-09-15 19:18 . 2009-09-15 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-09-15 19:17 . 2009-09-15 19:17 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-09-15 19:17 . 2009-03-14 21:04 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-15 19:17 . 2009-09-15 19:17 -------- d-----w- c:\program files\ScanSoft
2009-09-15 19:13 . 2009-09-15 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-22 15:10 . 2009-08-22 15:10 -------- d-----w- c:\program files\MSBuild
2009-08-22 15:08 . 2009-08-22 15:08 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 02:09 . 2009-05-24 23:27 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 23:52 . 2009-08-04 23:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13 . 2004-08-04 12:00 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 13:58 . 2008-09-17 11:34 626824 ----a-w- c:\windows\system32\PosIpLiB.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2006-10-26 434528]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "c:\documents and settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Cpqset"=c:\program files\HPQ\Default Settings\cpqset.exe
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" /Spoil /RemAdvDef /Migration32
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe"
"Media Codec Update Service"=c:\program files\Essentials Codec Pack\WECPUpdate.exe -s
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe"
"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" -launchedbylogin
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ControlCenter3"=c:\program files\Brother\ControlCenter3\brctrcen.exe /autorun
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Brother\\Brmfl08g\\FAXRX.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/24/2009 7:27 PM 108289]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/18/2009 9:01 AM 269648]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [9/18/2009 9:01 AM 19160]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - FGRIQUOD
*Deregistered* - fgriquod
.
Contents of the 'Scheduled Tasks' folder
2009-10-12 c:\windows\Tasks\Malwarebytes' Scheduled Update for Missy.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-18 18:53]
2009-10-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
2009-10-17 c:\windows\Tasks\User_Feed_Synchronization-{3DC60784-7E2F-492A-937B-D7DC505202A4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 22:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
Trusted Zone: brother.com\www
Trusted Zone: paypal.com\www
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader57.cab
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-10-17 22:54
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

c:\windows\TEMP\TMP0000011C384D449AA5B5D18E 524288 bytes executable
scan completed successfully
hidden files: 1
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1468)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-10-18 22:57
ComboFix-quarantined-files.txt 2009-10-18 02:56
Pre-Run: 33,629,224,960 bytes free
Post-Run: 33,723,113,472 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect
278 --- E O F --- 2009-10-17 15:35

Also, just another little quick note...this computer used to only have one account "Missy" which was the administrator's account. After rebooting the computer and doing scans in safe mode over the past week or so, I realize that it now has two seperate accounts: Administrator and Missy. It doesn't give me this option when I actually turn my computer on...it doesn't have a login screen or anything...it just automatically goes into Missy.

I am not sure if this information helps, but I thought I would share it, because I think something could possibly be on the Administrator's account and running, without my knowledge.

Again, thanks so much for your help.

Thanksgiving,

Don't worry. If there is junk on the Administrator account it will be picked up since we are scanning the entire drive.

Next, Please visit Virustotal

• Click the Browse.. button
• Navigate to the file c:\windows\uninst.exe
  Click the Open button
• Click the Send button
• Do the same for c:\windows\system32\bridf08a.dat
• Copy and paste the URL's to each of the results into a new reply in this thread please.

If VirusTotal is busy please use Jotti
========================

Also,Download and scan with CCleaner
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free Basic or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.

In the Applications Tab:
• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.