Inactive Intermittent Freezing...Requested Scan logs.....

MBAM log, changing the name worked....

Malwarebytes' Anti-Malware 1.43
Database version: 3484
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

1/2/2010 10:09:43 PM
mbam-log-2010-01-02 (22-09-43).txt

Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 130711
Time elapsed: 42 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

Lol, ok, you don't want me to do all the same scans for Windows 7? I started the SAS scan; don't worry I won't mind if I don't have to go through that any more, lol.

 

I'm already on it. I have SAS done, working on MalwareBytes'; with the nam change not as much trouble but may need to do some scans in safe mode.

 

Alrighty, to start we have the SAS log file, MBAM would not complete a scan it kept freezing, even with the name change and in safe mode. However MBAM did scan as far as my D drive (data only) and found no malware on the C drive which is the most imporotant one. GMER stated that it has found no system modifications, so there is also no file for that one. So, after the SAS log will be the new HJT log. I think you were right to think we really didn't need to scan it. You're awesome for stickig with me through all of this, thanks, if you lived closer I'd invite you over for some lazagne which I was also doing today, lol. Without any further ado, logs::

SAS:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/02/2010 at 10:45 PM

Application Version : 4.32.1000

Core Rules Database Version : 4379
Trace Rules Database Version: 1978

Scan type : Complete Scan
Total Scan Time : 00:14:47

Memory items scanned : 152
Memory threats detected : 0
Registry items scanned : 4850
Registry threats detected : 0
File items scanned : 31468
File threats detected : 24

Adware.Tracking Cookie
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\shannon@atdmt[1].txt
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\Low\shannon@pointroll[2].txt
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\Low\shannon@ad.wsod[2].txt
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\Low\shannon@server.iad.liveperson[2].txt
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\Low\shannon@interclick[2].txt
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\Low\shannon@tribalfusion[2].txt
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\Low\shannon@microsoftwindows.112.2o7[1].txt
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\Low\shannon@invitemedia[1].txt
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\Low\shannon@ads.infinisource[3].txt
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\Low\shannon@statse.webtrendslive[2].txt
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\Low\shannon@collective-media[1].txt
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\Low\shannon@ads.infinisource[2].txt
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\Low\shannon@ad.yieldmanager[1].txt
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\Low\shannon@ads.pointroll[1].txt
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\Low\shannon@atdmt[1].txt
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\Low\shannon@doubleclick[1].txt
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\Low\shannon@fastclick[1].txt
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\Low\shannon@msnportal.112.2o7[1].txt
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\Low\shannon@server.iad.liveperson[3].txt
E:\Documents and Settings\Shannon\Cookies\shannon@invitemedia[2].txt
E:\Documents and Settings\Shannon\Cookies\shannon@tribalfusion[1].txt
E:\Documents and Settings\Shannon\Cookies\shannon@revsci[2].txt
E:\Documents and Settings\Shannon\Cookies\shannon@ads.infinisource[1].txt
E:\Documents and Settings\Shannon\Cookies\shannon@pointroll[2].txt


HJT::

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:28 PM, on 1/2/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
C:\Users\Shannon\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKCU\..\Run: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5485 bytes