WinBlueSoft Affected - Log included

and here is PART TWO because it's still too long...

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/hws/sb/dell/en/side.html
uSearch Page = hxxp://www.google.com/hws/sb/dell/en/side.html
uStart Page = hxxp://espn.go.com/
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.21.0\gears.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [Creative Live! Cam Manager] "c:\program files\creative\creative live! cam\live! cam manager\CTLCMgr.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "c:\users\jordan\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [CTDVDDET] "c:\program files\creative\sound blaster audigy 2\dvdaudio\CTDVDDET.EXE"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 14\pccguide.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [CTSysVol] c:\program files\creative\sound blaster audigy 2\surround mixer\CTSysVol.exe /r
mRun: [CTPerformanceUtility] c:\program files\creative\sound blaster audigy 2\sb performance utility\CTPowUti.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [AsioReg] REGSVR32 /S CTASIO.DLL
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\jordan\appdata\roaming\micros~1\windows\startm~1\programs\startup\mlbtvn~1.lnk - c:\programdata\autobahn\mlb-nexdef-autobahn.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hotsyn~2.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uPolicies-system: NoDispBackgroundPage = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: NoDispBackgroundPage = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.21.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B2} - {C9CCBB35-D123-4a31-AFFC-9B2933132116}
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842}
Trusted Zone: aol.com\free
Trusted Zone: marlinleasing.com\webmail
Trusted Zone: turbotax.com
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15015/CTSUEng.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} - hxxp://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146283802457
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} - hxxp://www.espysoft.net/tsweb/msrdp.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} - hxxp://www.gomusic.ru/cabs/xdownloader.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R3 CTMSFSYN;Creative SoundFont Synth;c:\windows\system32\drivers\ctmsfsyn.sys [2007-11-21 159104]
R3 NETw2v32;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2007-8-13 2599936]
S3 C0100Afx;Provides a software interface to control audio effects of VC0100 camera.;c:\windows\system32\drivers\C0100Afx.sys [2008-11-22 141376]
S3 C0100Aud;Provides a software interface to control noise cancellation of VC0100 camera.;c:\windows\system32\drivers\C0100Aud.sys [2008-11-22 93440]
S3 C0100Aul;Provides a software interface to control audio formats of VC0100 camera.;c:\windows\system32\drivers\C0100Aul.sys [2008-11-22 5120]
S3 C0100Dev;Creative Camera VC0100 Driver;c:\windows\system32\drivers\C0100Dev.sys [2008-11-22 239936]
S3 C0100Vfx;Creative Camera VC0100 Video VFX Driver;c:\windows\system32\drivers\C0100Vfx.sys [2008-11-22 7168]

PART THREE:

=============== Created Last 30 ================

2009-06-09 13:59 2,957 a------- c:\windows\21621worm59z9.bin
2009-06-07 23:04 --ds---- C:\Combo-Fix
2009-06-07 23:04 318,976 a------- c:\windows\system32\CF29271.exe
2009-06-07 22:54 318,976 a------- c:\windows\system32\CF27223.exe
2009-06-06 23:13 --d----- c:\program files\iPod
2009-06-06 22:18 318,976 a------- c:\windows\system32\CF403.exe
2009-06-06 10:20 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-06-04 22:30 --d----- c:\users\jordan\DoctorWeb
2009-06-04 22:10 161,792 a------- c:\windows\SWREG.exe
2009-06-04 22:10 154,624 a------- c:\windows\PEV.exe
2009-06-04 22:10 98,816 a------- c:\windows\sed.exe
2009-06-04 22:10 --ds---- C:\ComboFix
2009-06-04 22:10 318,976 a------- c:\windows\system32\CF16105.exe
2009-06-03 12:02 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-03 12:02 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-03 12:02 --d----- c:\programdata\Malwarebytes
2009-06-03 12:02 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-03 12:02 --d----- c:\progra~2\Malwarebytes
2009-06-03 00:52 11 a------- C:\AuResult.ini
2009-06-02 23:57 14,912 a------- c:\windows\64c1thzef91455.ocx
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-29 13:36 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts
2009-05-26 15:51 4,621 a------- c:\windows\69d5steaz3955.cpl
2009-05-23 23:38 16,477 a------- c:\windows\4859v9r58z.cpl
2009-05-22 18:00 16,450 a------- c:\windows\system32\27759vi5z924b.exe
2009-05-21 09:09 6,340 a------- c:\windows\3915spyz59.bin
2009-05-17 23:00 3,293 a------- c:\windows\system32\362dbac5door9829z.dll
2009-05-16 23:45 16,149 a------- c:\windows\system32\4c759pywarz865.dll
2009-05-16 21:29 18,020 a------- c:\windows\system32\255astea92869z.exe
2009-05-16 14:52 16,418 a------- c:\windows\7952hacktzol53d.bin
2009-05-14 16:20 13,550 a------- c:\windows\system32\6accdownlza9e51122.exe
2009-05-14 01:45 14,114 a------- c:\windows\269backdo5z2554.cpl
2009-05-13 22:50 --d----- c:\program files\PopCap Games

==================== Find3M ====================

2009-06-06 23:01 51,200 a------- c:\windows\inf\infpub.dat
2009-06-06 23:01 86,016 a------- c:\windows\inf\infstor.dat
2009-06-06 23:01 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-02 23:57 8,726 a------- c:\windows\system32\922bvi51z94.exe
2009-05-09 23:35 7,818 a------- c:\windows\59395hzeat20313.exe
2009-05-07 21:43 6,031 a------- c:\windows\system32\65595hief193z.dll
2009-05-07 05:25 5,592 a------- c:\windows\system32\29a6thief2z925.exe
2009-05-06 00:37 8,541 a------- c:\windows\system32\4be9addwaze96805.bin
2009-05-05 13:29 4,641 a------- c:\windows\183289py532z.bin
2009-05-05 08:05 4,162 a------- c:\windows\91545vir5s5eaz.dll
2009-05-02 16:46 7,625 a------- c:\windows\534c9zeal2849.dll
2009-05-02 10:03 13,339 a------- c:\windows\6f3fsparze1959.bin
2009-04-25 16:37 17,538 a------- c:\windows\system32\645a9d5ware26z3.exe
2009-04-23 12:16 10,996 a------- c:\windows\19819h5cktooz268.exe
2009-04-22 10:08 155,648 a------- c:\windows\system32\Phanfare Screensaver.scr
2009-04-21 20:49 16,576 a------- c:\windows\13z51no9-a-virus322.exe
2009-04-20 17:21 16,977 a------- c:\windows\system32\13938tr9z355.exe
2009-04-18 04:10 2,995 a------- c:\windows\14b6s9yware31z35.exe
2009-04-14 12:31 2,546 a------- c:\windows\29549wozm2f1.dll
2009-04-10 14:02 3,568 a------- c:\windows\system32\25105trzj9e2.exe
2009-04-07 00:36 4,852 a------- c:\windows\5485vi974z.dll
2009-04-06 17:28 18,031 a------- c:\windows\system32\2721zno5-a-vi9us46d.bin
2009-04-06 15:35 14,132 a------- c:\windows\system32\3z799s5ambot697.exe
2009-04-05 02:08 5,019 a------- c:\windows\3195notza5virus540.dll
2009-04-03 20:00 4,471 a------- c:\windows\system32\2df6spars55z59.bin
2009-04-02 01:35 5,609 a------- c:\windows\system32\56547vzrus679.bin
2009-03-26 02:44 11,080 a------- c:\windows\system32\1dd0za9kdo5r119.dll
2009-03-24 20:57 3,414 a------- c:\windows\system32\93153hazktool50.bin
2009-03-24 14:08 12,256 a------- c:\windows\7e75backdoo93z59.exe
2009-03-23 01:51 12,372 a------- c:\windows\system32\588cth95f119z.bin
2009-03-18 19:45 5,637 a------- c:\windows\28531hack9ool4z3.exe
2009-03-18 07:23 14,972 a------- c:\windows\system32\5z7at95eat22530.exe
2009-03-17 02:13 18,151 a------- c:\windows\system32\114hac9tool1z5.bin
2009-03-16 23:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 23:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-16 23:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-15 11:25 6,150 a------- c:\windows\37z9thief151.dll
2008-10-12 18:21 174 a--sh--- c:\program files\desktop.ini
2008-10-12 18:05 665,600 a------- c:\windows\inf\drvindex.dat
2008-03-06 02:01 32 a------- c:\programdata\ezsid.dat
2008-03-06 02:01 32 a------- c:\progra~2\ezsid.dat
2008-03-01 14:05 420,632 a------- c:\users\jordan\ipodwizard-v1.3-release.zip
2008-02-09 03:00 35,567,445 a------- c:\users\jordan\Second_Life_1-18-5-3_Setup.exe
2007-07-03 00:12 40,161,344 a------- c:\users\jordan\SBAXVSD_PCDRV_LB_2_12_0002.exe
2007-07-01 18:46 318,904 a------- c:\users\jordan\wmpfirefoxplugin.exe
2007-06-29 00:57 3,330,344 a------- c:\users\jordan\R140031.EXE
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2006-01-05 00:14 251 a------- c:\program files\wt3d.ini
2006-02-21 01:00 160,325 a--sh--- c:\windows\resources\themes\damek ultrablue\irunin.dat
2006-01-15 02:05 56 a--shr-- c:\windows\system32\7D50F8E2F4.sys
2006-01-15 02:05 3,766 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 23:43:09.87 ===============

• Now open a new notepad file.
  
• Input this into the notepad file:
  

  
  Windows Registry Editor Version 5.00
  
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
  "EnableLUA"=dword:00000000
  
  

  
  
• Save this as fix.reg, save it to your desktop.
  
• Double click fix.reg to run it.
  
• Select yes to the registry merge prompt.
  

Now try running Combofix once you have done that, now the UAC shouldn't interfere.

OK. Fan fix.reg and it succeeded. Disabled my virus protect and ran combo-fix. It updated itself first and then proceed to backup the registry but once again has hung at "attempting to create a new system restore point" and it's been sittiing there for 15 minutes now. Is it still running or is it hanging? There is no txt file that I can find so I am assuming it's not completed yet.

Note that I did NOT run this in safe mode AND I did NOT restart my laptop once I fan fix.reg. Should I try again with those changes?

Please do the following:



1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE or HERE.

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

Note: This tool was posted specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Now, start The Avenger program by clicking on its icon on your desktop.

• Leave the script box empty.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

3. Please copy/paste the content of c:\avenger.txt into your reply.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.

Try Combofix in safe mode, something might be interfering.

Ran Combo-Fix in safe mode and it hung right after it backed up my registry. It sat there at "Combofix is about to run" until I just closed it. I did it twice.

Also - I am unable to run iTunes all of a sudden. I am getting a Visual C++ Runtime error saying that the application has requested Runtime to terminate it in an unusual way. So I clck OK and iTunes closes. Could this be related? This JUST started happening yesterday - two weeks after the virus first appeared and about a week since it's apparently been gone from my machine.

Thank you.

The malware is pretty mess, it makes loads of files, over 100 of them.
The C++ errors could be because you need the VB runtime package installed.

Is Combofix located on your Desktop? if not, move it to your Desktop, otherwise this command won't work.

Let me know.

YES. When I downloaded it, I saved it to my desktop as Combo-Fix.

Okay, lets try this.
Go to Start > Run. In the run box, copy and paste this in:

"%userprofile%\Desktop\Combo-Fix.exe" /killall

Hit enter.
Will it run now?

I am using Vista. There is no RUN command at the start menu.

Let me know where to put the command. SHould I do it in Safe mode still?

To open run in Vista click and hold the Windows Logo Key+R. Now input that above command and see if it runs.

Well...disaster struck. I ran the command and Combo-Fix started and then gave me the blue screen of death before my computer auto-rebooted. I tried again in safe mode and the program just hung like it has many times before. My machine is really messed up, isn't it....