Need help getting rid of win32trojanspy (Resolved)

The ones in post #9 are fine, it has been updated on those links :bigthumb:
 
New logs

Man! The Active scan took 5 hours!! See enclosed logs as requested.

ComboFix 09-08-10.06 - HP_Administrator 08/13/2009 16:07.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.400 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\kb913800.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.

30044-07-10 10:13 . 30044-07-10 10:13 3120 ----a-w- c:\windows\system32\JJ59.DLL
2009-08-13 05:11 . 2009-08-13 05:11 -------- d-----w- c:\windows\ServicePackFiles
2009-08-13 02:08 . 2009-08-13 02:08 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-13 02:06 . 2009-08-13 02:06 -------- d-----w- c:\program files\Common Files\Java
2009-08-10 15:25 . 2009-08-10 15:25 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-08-10 15:24 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 15:24 . 2009-08-10 15:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 15:24 . 2009-08-10 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-10 15:24 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-09 21:38 . 2009-08-09 21:58 -------- d-----w- C:\rsit
2009-08-07 01:52 . 2009-08-07 01:52 -------- d-----w- c:\program files\ERUNT
2009-08-06 16:14 . 2009-08-06 16:14 -------- d-----w- c:\program files\Trend Micro
2009-08-06 02:33 . 2009-08-06 02:33 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-06 02:33 . 2009-08-06 02:33 -------- d-----w- c:\program files\MSBuild
2009-08-06 02:33 . 2009-08-06 02:33 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 02:32 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-06 02:32 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-06 02:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-06 02:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-06 02:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-06 02:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-06 02:32 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-06 02:32 . 2009-08-06 02:33 -------- d-----w- C:\d525fd5878f5e118a9e1d518496e
2009-08-06 02:32 . 2009-08-06 02:40 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-06 02:20 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-06 00:29 . 2009-08-06 00:29 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-06 00:29 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-06 00:28 . 2009-08-06 00:28 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-06 00:28 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-08-06 00:28 . 2009-08-06 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-06 00:28 . 2009-08-06 00:28 -------- d-----w- c:\program files\Lavasoft
2009-08-05 17:28 . 2009-08-06 02:51 -------- d-----w- c:\program files\Enigma Software Group
2009-08-04 03:47 . 2009-08-04 03:47 -------- d-----w- c:\program files\Electric Quilt Company
2009-08-02 00:22 . 2009-08-02 00:22 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Canon
2009-08-02 00:22 . 2009-08-02 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PhotoStitch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 14:27 . 2008-01-10 03:58 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-12 23:12 . 2006-03-07 06:12 -------- d-----w- c:\program files\Java
2009-08-12 23:08 . 2006-03-07 06:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-12 19:10 . 2006-06-17 02:25 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\U3
2009-08-12 04:35 . 2006-05-09 01:37 -------- d-----w- c:\program files\DesignPro
2009-08-10 22:42 . 2006-03-07 06:44 154120 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-09 20:52 . 2007-06-14 02:40 -------- d-----w- c:\program files\Motherboard Monitor 5
2009-08-09 20:52 . 2006-03-07 06:54 -------- d-----w- c:\program files\Microsoft Works
2009-08-05 09:11 . 2004-08-09 21:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2004-08-09 21:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-08-09 21:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 04:32 . 2009-02-20 04:57 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-05 22:40 . 2009-02-20 04:57 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-29 16:12 . 2004-08-09 21:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-09 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-09 21:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 18:36 . 2004-08-09 21:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2004-08-09 21:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2004-08-09 21:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2004-08-09 21:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2004-08-09 21:00 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2004-08-09 21:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2004-08-09 21:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2004-08-09 21:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2004-08-09 21:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2004-08-09 21:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2004-08-09 21:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2004-08-09 21:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-22 11:49 . 2004-08-09 21:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-09 21:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-09 21:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-09 21:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-16 14:55 . 2004-08-09 21:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-09 21:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-13 19:30 . 2009-05-10 16:59 164 ----a-w- c:\windows\install.dat
2009-06-13 05:09 . 2009-06-13 05:09 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-12 11:50 . 2004-08-09 21:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 11:50 . 2004-08-10 04:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2004-08-09 21:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2008-05-10 17:56 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42 . 2004-08-09 21:00 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:24 . 2004-08-09 21:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-21 18:33 . 2008-11-23 18:14 410984 ----a-w- c:\windows\system32\deploytk.dll
2006-04-12 01:47 . 2006-04-12 01:47 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-08-10_22.59.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-13 23:02 . 2009-08-13 23:02 16384 c:\windows\Temp\Perflib_Perfdata_8bc.dat
- 2006-03-07 06:09 . 2007-11-30 11:18 26488 c:\windows\system32\spupdsvc.exe
+ 2006-03-07 06:09 . 2007-07-27 17:41 26488 c:\windows\system32\spupdsvc.exe
- 2007-05-25 05:40 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll
+ 2007-05-25 05:40 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2008-05-10 17:57 . 2009-06-12 11:50 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2008-05-10 17:56 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe
- 2008-05-10 17:57 . 2007-07-06 12:46 48640 c:\windows\system32\dllcache\mqupgrd.dll
+ 2008-05-10 17:57 . 2009-06-25 18:36 48640 c:\windows\system32\dllcache\mqupgrd.dll
- 2008-05-10 17:57 . 2007-07-06 12:46 95744 c:\windows\system32\dllcache\mqsec.dll
+ 2008-05-10 17:57 . 2009-06-25 18:36 95744 c:\windows\system32\dllcache\mqsec.dll
+ 2008-05-10 17:57 . 2009-06-25 18:36 16896 c:\windows\system32\dllcache\mqise.dll
- 2008-05-10 17:57 . 2007-07-06 12:46 16896 c:\windows\system32\dllcache\mqise.dll
- 2008-05-10 17:57 . 2007-07-06 12:46 47104 c:\windows\system32\dllcache\mqdscli.dll
+ 2008-05-10 17:57 . 2009-06-25 18:36 47104 c:\windows\system32\dllcache\mqdscli.dll
- 2008-05-10 17:57 . 2004-08-09 21:00 19968 c:\windows\system32\dllcache\mqbkup.exe
+ 2008-05-10 17:57 . 2009-06-22 11:49 19968 c:\windows\system32\dllcache\mqbkup.exe
+ 2008-05-10 17:57 . 2009-06-22 11:48 91776 c:\windows\system32\dllcache\mqac.sys
- 2008-05-10 17:57 . 2004-08-09 21:00 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2008-05-10 17:57 . 2009-06-10 14:21 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2008-05-10 17:57 . 2009-07-17 18:55 58880 c:\windows\system32\dllcache\atl.dll
- 2008-05-10 17:57 . 2004-08-09 21:00 58880 c:\windows\system32\dllcache\atl.dll
- 2005-08-30 21:02 . 2009-08-10 22:57 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-08-30 21:02 . 2009-08-13 23:02 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-30 13:51 . 2009-08-10 22:57 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-30 13:51 . 2009-08-13 23:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-08-30 13:51 . 2009-08-10 22:57 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-08-30 13:51 . 2009-08-13 23:02 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-05-03 03:12 . 2009-08-13 05:16 23040 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-05-03 03:12 . 2009-07-24 20:54 23040 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-05-03 03:12 . 2009-08-13 05:16 27136 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-05-03 03:12 . 2009-07-24 20:54 27136 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-05-03 03:12 . 2009-07-24 20:54 11264 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-05-03 03:12 . 2009-08-13 05:16 11264 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-05-03 03:12 . 2009-08-13 05:16 12288 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-05-03 03:12 . 2009-07-24 20:54 12288 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-05-10 17:57 . 2004-08-09 21:00 4608 c:\windows\system32\dllcache\mqsvc.exe
+ 2008-05-10 17:57 . 2009-06-22 11:49 4608 c:\windows\system32\dllcache\mqsvc.exe
- 2006-05-03 03:12 . 2009-07-24 20:54 4096 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-05-03 03:12 . 2009-08-13 05:16 4096 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-08-11 15:49 . 2009-08-11 15:49 8192 c:\windows\ERDNT\subs(2)\Users(2)\00000004(2)\UsrClass.dat
+ 2009-08-11 15:49 . 2009-08-11 15:49 8192 c:\windows\ERDNT\subs(2)\Users(2)\00000002(2)\UsrClass.dat
+ 2004-08-09 21:00 . 2009-06-25 18:36 169472 c:\windows\system32\Setup\msmqocm.dll
+ 2004-08-09 21:00 . 2009-07-14 06:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2008-05-10 17:56 . 2009-06-10 06:32 132096 c:\windows\system32\dllcache\wkssvc.dll
- 2008-05-10 17:56 . 2006-08-17 12:28 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2008-05-10 17:57 . 2009-08-05 09:11 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2004-08-09 21:00 . 2009-06-05 07:42 655872 c:\windows\system32\dllcache\mstscax.dll
+ 2008-05-10 17:57 . 2009-06-25 18:36 169472 c:\windows\system32\dllcache\msmqocm.dll
- 2008-05-10 17:57 . 2007-07-06 12:46 471552 c:\windows\system32\dllcache\mqutil.dll
+ 2008-05-10 17:57 . 2009-06-25 18:36 471552 c:\windows\system32\dllcache\mqutil.dll
+ 2008-05-10 17:57 . 2009-06-25 18:36 186880 c:\windows\system32\dllcache\mqtrig.dll
- 2008-05-10 17:57 . 2004-08-09 21:00 186880 c:\windows\system32\dllcache\mqtrig.dll
+ 2008-05-10 17:57 . 2009-06-22 11:49 117248 c:\windows\system32\dllcache\mqtgsvc.exe
- 2008-05-10 17:57 . 2004-08-09 21:00 117248 c:\windows\system32\dllcache\mqtgsvc.exe
+ 2008-05-10 17:57 . 2009-06-25 18:36 517120 c:\windows\system32\dllcache\mqsnap.dll
+ 2008-05-10 17:57 . 2009-06-25 18:36 123392 c:\windows\system32\dllcache\mqrtdep.dll
- 2008-05-10 17:57 . 2004-08-09 21:00 123392 c:\windows\system32\dllcache\mqrtdep.dll
- 2008-05-10 17:57 . 2007-07-06 12:46 177152 c:\windows\system32\dllcache\mqrt.dll
+ 2008-05-10 17:57 . 2009-06-25 18:36 177152 c:\windows\system32\dllcache\mqrt.dll
+ 2008-05-10 17:57 . 2009-06-25 18:36 661504 c:\windows\system32\dllcache\mqqm.dll
+ 2008-05-10 17:57 . 2009-06-25 18:36 225280 c:\windows\system32\dllcache\mqoa.dll
- 2008-05-10 17:57 . 2004-08-09 21:00 225280 c:\windows\system32\dllcache\mqoa.dll
- 2008-05-10 17:57 . 2007-07-06 12:46 138240 c:\windows\system32\dllcache\mqad.dll
+ 2008-05-10 17:57 . 2009-06-25 18:36 138240 c:\windows\system32\dllcache\mqad.dll
- 2006-05-03 03:12 . 2009-07-24 20:54 409600 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-05-03 03:12 . 2009-08-13 05:16 409600 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-05-03 03:12 . 2009-08-13 05:16 286720 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-05-03 03:12 . 2009-07-24 20:54 286720 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2006-05-03 03:12 . 2009-08-13 05:16 249856 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-05-03 03:12 . 2009-07-24 20:54 249856 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-05-03 03:12 . 2009-07-24 20:54 794624 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-05-03 03:12 . 2009-08-13 05:16 794624 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-05-03 03:12 . 2009-07-24 20:54 135168 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2006-05-03 03:12 . 2009-08-13 05:16 135168 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-05-11 15:49 . 2008-05-11 15:49 464272 c:\windows\Installer\$PatchCache$\Managed\9040210900063D11C8EF10054038389C\11.0.8173\OWC11PIA.DLL
+ 2003-07-15 10:18 . 2003-07-15 10:18 141360 c:\windows\Installer\$PatchCache$\Managed\9040210900063D11C8EF10054038389C\11.0.5614\ATP.DLL
+ 2009-08-11 15:49 . 2009-08-11 15:49 180224 c:\windows\ERDNT\subs(2)\Users(2)\00000006(2)\UsrClass.dat
+ 2009-08-11 15:49 . 2009-08-11 15:49 241664 c:\windows\ERDNT\subs(2)\Users(2)\00000003(2)\ntuser.dat
+ 2009-08-11 15:49 . 2009-08-11 15:49 241664 c:\windows\ERDNT\subs(2)\Users(2)\00000001(2)\NTUSER.DAT
+ 2009-08-13 05:15 . 2009-08-13 05:15 477056 c:\windows\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
+ 2009-02-18 05:10 . 2009-08-13 02:09 4433484 c:\windows\system32\Restore\rstrlog.dat
+ 2008-05-10 17:57 . 2009-07-10 13:42 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2009-08-05 09:11 . 2009-08-05 09:11 5518848 c:\windows\Installer\aa68b9.msp
+ 2009-07-01 20:21 . 2009-07-01 20:21 8891904 c:\windows\Installer\aa68a5.msp
+ 2007-05-10 20:45 . 2007-05-10 20:45 8069464 c:\windows\Installer\$PatchCache$\Managed\9040210900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
+ 2009-08-11 15:49 . 2009-08-11 15:49 6053888 c:\windows\ERDNT\subs(2)\Users(2)\00000005(2)\ntuser.dat
+ 2004-08-09 21:00 . 2009-07-14 06:43 10841088 c:\windows\system32\wmp.dll
+ 2006-04-19 04:50 . 2009-07-30 00:49 24281536 c:\windows\system32\MRT.exe
+ 2004-08-09 21:00 . 2009-07-14 06:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2009-07-01 20:19 . 2009-07-01 20:19 10607104 c:\windows\Installer\aa68a6.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "c:\program files\AGI\common\agcutils.dll" [2009-08-13 43520]

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{647B16D8-AD7B-4983-82D7-82A270FC9E6D}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}]
2009-08-13 23:02 43520 ----a-w- c:\program files\AGI\common\agcutils.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-04-06 20:26 238968 ----a-w- c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AlwaysReady Power Message APP"="c:\windows\ARPWRMSG.EXE" [2005-08-03 77312]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-07 180269]
"UserFaultCheck"="c:\windows\system32\dumprep.exe" [2004-08-09 10752]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-05-13 6345840]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-6 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-09 03:51 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\3d1dcc16cfc2205.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TermService"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"Netlogon"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Fax"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=2 (0x2)
"CiSvc"=3 (0x3)
"CCALib8"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/5/2009 5:29 PM 64160]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [8/9/2008 2:42 PM 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/19/2009 9:57 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/19/2009 9:57 PM 108552]
R2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [12/8/2008 9:38 PM 10240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/19/2009 9:57 PM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 7:49 AM 1029456]
R2 MSSQL$MVE_INSTANCE;SQL Server (MVE_INSTANCE);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [12/26/2008 5:17 PM 1205760]
R3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [4/12/2006 3:58 PM 15576]
S1 3d1dcc16cfc2205;3d1dcc16cfc2205;c:\windows\system32\DRIVERS\3d1dcc16cfc2205.sys --> c:\windows\system32\DRIVERS\3d1dcc16cfc2205.sys [?]
S2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon --> c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [?]
S3 efipsk;efipsk;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\efipsk.sys --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\efipsk.sys [?]
S3 PCD5SRVC{085326CB-51A3560A-05010003};PCD5SRVC{085326CB-51A3560A-05010003} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [11/21/2005 10:27 AM 21120]
S3 SysProtDrv.sys;SysProtDrv.sys;\??\c:\documents and settings\HP_Administrator\Desktop\SysProt\SysProtDrv.sys --> c:\documents and settings\HP_Administrator\Desktop\SysProt\SysProtDrv.sys [?]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [3/6/2006 11:27 PM 468768]
S4 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [8/14/2007 9:33 PM 388936]
.
Contents of the 'Scheduled Tasks' folder

2009-08-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ul5m7iml.default\
FF - prefs.js: browser.startup.homepage - hxxp://netscape.aol.com/
FF - prefs.js: keyword.URL - hxxp://wstb.search.imgag.com/?c=&sbs=1&sc=&f=web&vernum=3.1.3.7504&uid=&did={f8d4a70c-98e2-4081-901d-01bf93043ede}&q=
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ul5m7iml.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ul5m7iml.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 16:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCD5SRVC{085326CB-51A3560A-05010003}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1080)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-08-13 16:22
ComboFix-quarantined-files.txt 2009-08-13 23:22
ComboFix2.txt 2009-08-12 16:07
ComboFix3.txt 2009-08-11 16:14
ComboFix4.txt 2009-08-10 23:14

Pre-Run: 196,236,001,280 bytes free
Post-Run: 196,221,538,304 bytes free

361 --- E O F --- 2009-08-13 05:16


;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-08-13 21:08:15
PROTECTIONS: 1
MALWARE: 22
SUSPECTS: 3
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free 8.5 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00024402 Exploit/iFrame HackTools No 0 Yes No C:\Bob's Backup\Profiles\default\ka7wcxhu.slt\Mail\Local Folders\Trash[~0000006.~]
00024402 Exploit/iFrame HackTools No 0 Yes No C:\Bob's Backup2\Owner\Application Data\Mozilla\Profiles\default\ka7wcxhu.slt\Mail\Local Folders\Trash[~0000006.~]
00029926 Dialer.Gen Dialers No 0 No No C:\Program Files\PaperPort 9 Deluxe CD\Other\PagisConverter\ENGLISH\data1.cab[convproc.exe]
00051983 adware/sbsoft Adware No 0 Yes No hkey_classes_root\toolband.toolbandobj.1
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt
00145466 Cookie/Advertising TrackingCookie No 0 Yes No C:\Bob's Backup2\Owner\Application Data\Mozilla\Profiles\default\ka7wcxhu.slt\cookies.txt[servedby.advertising.com/]
00155988 adware/fastlook Adware No 0 Yes No hkey_local_machine\software\classes\toolband.toolbandobj.1
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Bob's Backup2\Owner\Application Data\Mozilla\Profiles\default\ka7wcxhu.slt\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Profiles\default\a0q6hzm4.slt\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Profiles\default\a0q6hzm4.slt\cookies.txt[.com.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Bob's Backup\Profiles\default\ka7wcxhu.slt\cookies.txt[counter.hitslink.com/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Bob's Backup2\Owner\Application Data\Mozilla\Profiles\default\ka7wcxhu.slt\cookies.txt[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Bob's Backup2\Owner\Application Data\Mozilla\Profiles\default\ka7wcxhu.slt\cookies.txt[server.iad.liveperson.net/hc/63235071]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Bob's Backup2\Owner\Application Data\Mozilla\Profiles\default\ka7wcxhu.slt\cookies.txt[server.iad.liveperson.net/hc/63235071]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Bob's Backup2\Owner\Application Data\Mozilla\Profiles\default\ka7wcxhu.slt\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Bob's Backup\Profiles\default\ka7wcxhu.slt\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Bob's Backup2\Owner\Application Data\Mozilla\Profiles\default\ka7wcxhu.slt\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Bob's Backup2\Owner\Application Data\Mozilla\Profiles\default\ka7wcxhu.slt\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Bob's Backup\Profiles\default\ka7wcxhu.slt\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Bob's Backup2\Owner\Application Data\Mozilla\Profiles\default\ka7wcxhu.slt\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Bob's Backup\Profiles\default\ka7wcxhu.slt\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Bob's Backup\Profiles\default\ka7wcxhu.slt\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Bob's Backup\Profiles\default\ka7wcxhu.slt\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Bob's Backup\Profiles\default\ka7wcxhu.slt\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Bob's Backup2\Owner\Application Data\Mozilla\Profiles\default\ka7wcxhu.slt\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Bob's Backup\Profiles\default\ka7wcxhu.slt\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.pointroll[2].txt
00172825 Joke/Stress Jokes No 0 Yes No C:\Documents and Settings\HP_Administrator\My Documents\Uploads\misc\stress~11.exe
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Bob's Backup2\Owner\Application Data\Mozilla\Profiles\default\ka7wcxhu.slt\cookies.txt[.bravenet.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Bob's Backup2\Owner\Application Data\Mozilla\Profiles\default\ka7wcxhu.slt\cookies.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Bob's Backup2\Owner\Application Data\Mozilla\Profiles\default\ka7wcxhu.slt\cookies.txt[.did-it.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Profiles\default\a0q6hzm4.slt\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Bob's Backup2\Owner\Application Data\Mozilla\Profiles\default\ka7wcxhu.slt\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Bob's Backup\Profiles\default\ka7wcxhu.slt\cookies.txt[.atwola.com/]
00373274 W32/Nurech.A.worm Virus No 1 Yes No C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Profiles\default\a0q6hzm4.slt\Mail\incoming.verizon.net\Inbox[Postcard.exe]
00377802 Spyware/PeoplePC Spyware No 0 Yes No C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL
00487624 Trj/Banker.LNO Virus/Trojan No 1 Yes No C:\hp\recovery\wizard\SWR_Wizard.exe
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP183\A0032050.sys
00967264 Trj/Agent.MFH Virus/Trojan No 0 Yes No C:\My Download Files\Games\penguinpuzzlesetup.exe
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP183\A0032108.sys
03983016 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\Updates from HP\9972322\Program\Interop.SHDocVw.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No C:\My Download Files\Screensavers\flower scrsvr.exe
No C:\My Download Files\Utilities\LeakTest.exe
No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP183\A0029974.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
108738 HIGH MS06-004
;===================================================================================================================================================================================
 
There is nothing much to worry about in that Active Scan log, just some leftovers we can remove in the final clear up.
You should empty you E-mail client folders though, there look to be some infected items in there.


----------------------------------------------------------------------------------------
Step 1

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total

Please visit Virustotal
Copy/paste the the following file path into the window
c:\windows\system32\JJ59.DLL
Click Submit/Send File

When the scan has finished, you can copy the URL from the browser address window and paste it in your reply.

If Virustotal is too busy please try Jotti


----------------------------------------------------------------------------------------
Step 2

Malwarebytes' Anti-Malware
Let's have a fresh scan with MBAM since it's been a couple of days

  • Start MalwareBytes AntiMalware
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update
  • When the update is complete, select the Scanner tab
  • Select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

----------------------------------------------------------------------------------------
Step 3

Download and Run Registry Search
Download (LINK >>>) Registry Search (<<< LINK) to your desktop.
  • Right click on the compressed RegSearch folder, and choose "Extract All". In the box that pops open, click "Next", then "Next" again, and then "Finish". You now have another RegSearch folder on your desktop.
  • Open the new folder, and double click on regsearch.exe
  • In the top window copy/paste the following line/s
    • 3d1dcc16cfc2205
      efipsk
  • Click OK and Registry Search will scan your registry for the file(s), and a Notepad box will open with a report.
  • Please save the text file at you desktop and call it found-entries.
Paste the results in your reply

----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
  • Virus Total Log
  • MalwareBytes Log
  • Registry Search Log
  • How are things running now ?
 
Requested Logs

Sorry for the delay, school has started and I am teaching all day. I can only follow up in the evenings.

http://www.virustotal.com/analisis/...1fc67231cd01b9379f160d0616209c067c-1250301820


Malwarebytes' Anti-Malware 1.40
Database version: 2628
Windows 5.1.2600 Service Pack 2

8/14/2009 9:21:29 PM
mbam-log-2009-08-14 (21-21-29).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 279133
Time elapsed: 1 hour(s), 36 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 8/14/2009 9:28:34 PM for strings:
; '3d1dcc16cfc2205'
; 'efipsk'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\3d1dcc16cfc2205.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\3d1dcc16cfc2205.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\3d1dcc16cfc2205]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\3d1dcc16cfc2205]
; Contents of value:
; system32\DRIVERS\3d1dcc16cfc2205.sys
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,33,00,64,00,31,00,64,00,63,00,63,\
00,31,00,36,00,63,00,66,00,63,00,32,00,32,00,30,00,35,00,2e,00,73,00,79,00,\
73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\3d1dcc16cfc2205.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\3d1dcc16cfc2205.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EFIPSK]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\3d1dcc16cfc2205]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\3d1dcc16cfc2205]
; Contents of value:
; system32\DRIVERS\3d1dcc16cfc2205.sys
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,33,00,64,00,31,00,64,00,63,00,63,\
00,31,00,36,00,63,00,66,00,63,00,32,00,32,00,30,00,35,00,2e,00,73,00,79,00,\
73,00,00,00
"DisplayName"="3d1dcc16cfc2205"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\3d1dcc16cfc2205\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\efipsk]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\efipsk]
; Contents of value:
; \??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\efipsk.sys
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,44,00,4f,00,43,00,\
55,00,4d,00,45,00,7e,00,31,00,5c,00,48,00,50,00,5f,00,41,00,44,00,4d,00,7e,\
00,31,00,5c,00,4c,00,4f,00,43,00,41,00,4c,00,53,00,7e,00,31,00,5c,00,54,00,\
65,00,6d,00,70,00,5c,00,65,00,66,00,69,00,70,00,73,00,6b,00,2e,00,73,00,79,\
00,73,00,00,00
"DisplayName"="efipsk"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\efipsk\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\3d1dcc16cfc2205.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\3d1dcc16cfc2205.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_EFIPSK]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\3d1dcc16cfc2205]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\3d1dcc16cfc2205]
; Contents of value:
; system32\DRIVERS\3d1dcc16cfc2205.sys
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,33,00,64,00,31,00,64,00,63,00,63,\
00,31,00,36,00,63,00,66,00,63,00,32,00,32,00,30,00,35,00,2e,00,73,00,79,00,\
73,00,00,00
"DisplayName"="3d1dcc16cfc2205"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\3d1dcc16cfc2205\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\efipsk]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\efipsk]
; Contents of value:
; \??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\efipsk.sys
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,44,00,4f,00,43,00,\
55,00,4d,00,45,00,7e,00,31,00,5c,00,48,00,50,00,5f,00,41,00,44,00,4d,00,7e,\
00,31,00,5c,00,4c,00,4f,00,43,00,41,00,4c,00,53,00,7e,00,31,00,5c,00,54,00,\
65,00,6d,00,70,00,5c,00,65,00,66,00,69,00,70,00,73,00,6b,00,2e,00,73,00,79,\
00,73,00,00,00
"DisplayName"="efipsk"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\efipsk\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\3d1dcc16cfc2205.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\3d1dcc16cfc2205.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EFIPSK]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\3d1dcc16cfc2205]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\3d1dcc16cfc2205]
; Contents of value:
; system32\DRIVERS\3d1dcc16cfc2205.sys
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,33,00,64,00,31,00,64,00,63,00,63,\
00,31,00,36,00,63,00,66,00,63,00,32,00,32,00,30,00,35,00,2e,00,73,00,79,00,\
73,00,00,00
"DisplayName"="3d1dcc16cfc2205"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\3d1dcc16cfc2205\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\efipsk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\efipsk]
; Contents of value:
; \??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\efipsk.sys
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,44,00,4f,00,43,00,\
55,00,4d,00,45,00,7e,00,31,00,5c,00,48,00,50,00,5f,00,41,00,44,00,4d,00,7e,\
00,31,00,5c,00,4c,00,4f,00,43,00,41,00,4c,00,53,00,7e,00,31,00,5c,00,54,00,\
65,00,6d,00,70,00,5c,00,65,00,66,00,69,00,70,00,73,00,6b,00,2e,00,73,00,79,\
00,73,00,00,00
"DisplayName"="efipsk"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\efipsk\Security]

; End Of The Log...


Am I looking better? Things seem to be working OK, although still slow.
 
Rose92 said:
Am I looking better? Things seem to be working OK, although still slow.
Click to expand...

There are still a few items that shouldn't be there, but it doesn't look like anything is active.




Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    KillAll::
Driver::
3d1dcc16cfc2205
efipsk
Registry::
[-hkey _classes_root\toolband.toolbandobj.1]
[-hkey_local_machine\software\classes\toolband.toolbandobj.1]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\3d1dcc16cfc2205.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\3d1dcc16cfc2205.sys]
ADS::
  • Save this as CFScript.txt and place it on your desktop.


    CFScriptb.gif


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
 
Back at you

Question:

Am I safe enough to pay bills and do patient insurance billing for my husband yet?


ComboFix 09-08-10.06 - HP_Administrator 08/15/2009 9:28.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.432 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EFIPSK
-------\Service_3d1dcc16cfc2205
-------\Service_efipsk


((((((((((((((((((((((((( Files Created from 2009-07-15 to 2009-08-15 )))))))))))))))))))))))))))))))
.

30044-07-10 10:13 . 30044-07-10 10:13 3120 ----a-w- c:\windows\system32\JJ59.DLL
2009-08-13 23:40 . 2008-06-20 00:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-08-13 23:40 . 2009-08-13 23:40 -------- d-----w- c:\program files\Panda Security
2009-08-13 05:11 . 2009-08-13 05:11 -------- d-----w- c:\windows\ServicePackFiles
2009-08-13 02:08 . 2009-08-13 02:08 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-13 02:06 . 2009-08-13 02:06 -------- d-----w- c:\program files\Common Files\Java
2009-08-10 15:25 . 2009-08-10 15:25 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-08-10 15:24 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 15:24 . 2009-08-10 15:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 15:24 . 2009-08-10 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-10 15:24 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-09 21:38 . 2009-08-09 21:58 -------- d-----w- C:\rsit
2009-08-07 01:52 . 2009-08-07 01:52 -------- d-----w- c:\program files\ERUNT
2009-08-06 16:14 . 2009-08-06 16:14 -------- d-----w- c:\program files\Trend Micro
2009-08-06 02:33 . 2009-08-06 02:33 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-06 02:33 . 2009-08-06 02:33 -------- d-----w- c:\program files\MSBuild
2009-08-06 02:33 . 2009-08-06 02:33 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 02:32 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-06 02:32 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-06 02:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-06 02:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-06 02:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-06 02:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-06 02:32 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-06 02:32 . 2009-08-06 02:33 -------- d-----w- C:\d525fd5878f5e118a9e1d518496e
2009-08-06 02:32 . 2009-08-06 02:40 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-06 02:20 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-06 00:29 . 2009-08-06 00:29 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-06 00:29 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-06 00:28 . 2009-08-06 00:28 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-06 00:28 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-08-06 00:28 . 2009-08-06 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-06 00:28 . 2009-08-06 00:28 -------- d-----w- c:\program files\Lavasoft
2009-08-05 17:28 . 2009-08-06 02:51 -------- d-----w- c:\program files\Enigma Software Group
2009-08-04 03:47 . 2009-08-04 03:47 -------- d-----w- c:\program files\Electric Quilt Company
2009-08-02 00:22 . 2009-08-02 00:22 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Canon
2009-08-02 00:22 . 2009-08-02 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PhotoStitch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-15 04:51 . 2008-01-10 03:58 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-12 23:12 . 2006-03-07 06:12 -------- d-----w- c:\program files\Java
2009-08-12 23:08 . 2006-03-07 06:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-12 19:10 . 2006-06-17 02:25 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\U3
2009-08-12 04:35 . 2006-05-09 01:37 -------- d-----w- c:\program files\DesignPro
2009-08-10 22:42 . 2006-03-07 06:44 154120 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-09 20:52 . 2007-06-14 02:40 -------- d-----w- c:\program files\Motherboard Monitor 5
2009-08-09 20:52 . 2006-03-07 06:54 -------- d-----w- c:\program files\Microsoft Works
2009-08-05 09:11 . 2004-08-09 21:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2004-08-09 21:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-08-09 21:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 04:32 . 2009-02-20 04:57 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-05 22:40 . 2009-02-20 04:57 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-29 16:12 . 2004-08-09 21:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-09 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-09 21:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 18:36 . 2004-08-09 21:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2004-08-09 21:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2004-08-09 21:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2004-08-09 21:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2004-08-09 21:00 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2004-08-09 21:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2004-08-09 21:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2004-08-09 21:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2004-08-09 21:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2004-08-09 21:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2004-08-09 21:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2004-08-09 21:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-22 11:49 . 2004-08-09 21:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-09 21:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-09 21:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-09 21:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-16 14:55 . 2004-08-09 21:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-09 21:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-13 19:30 . 2009-05-10 16:59 164 ----a-w- c:\windows\install.dat
2009-06-13 05:09 . 2009-06-13 05:09 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-12 11:50 . 2004-08-09 21:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 11:50 . 2004-08-10 04:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2004-08-09 21:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2008-05-10 17:56 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42 . 2004-08-09 21:00 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:24 . 2004-08-09 21:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-21 18:33 . 2008-11-23 18:14 410984 ----a-w- c:\windows\system32\deploytk.dll
2006-04-12 01:47 . 2006-04-12 01:47 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot_2009-08-13_23.17.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-08-30 21:02 . 2009-08-15 16:42 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-30 21:02 . 2009-08-13 23:02 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-08-30 13:51 . 2009-08-15 16:42 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-08-30 13:51 . 2009-08-13 23:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-30 13:51 . 2009-08-15 16:42 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-08-30 13:51 . 2009-08-13 23:02 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-08-15 16:41 . 2009-08-15 16:41 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-15 16:41 . 2009-08-15 16:41 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-15 16:41 . 2009-08-15 16:41 180224 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-15 16:41 . 2009-08-15 16:41 241664 c:\windows\ERDNT\subs\Users\00000003\ntuser.dat
+ 2009-08-15 16:41 . 2009-08-15 16:41 241664 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-04-17 15:59 . 2009-04-17 15:59 128256 c:\windows\Downloaded Program Files\as2stubie.dll
+ 2009-08-15 16:41 . 2009-08-15 16:41 6053888 c:\windows\ERDNT\subs\Users\00000005\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "c:\program files\AGI\common\agcutils.dll" [2009-08-15 43520]

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{647B16D8-AD7B-4983-82D7-82A270FC9E6D}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}]
2009-08-15 16:43 43520 ----a-w- c:\program files\AGI\common\agcutils.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-04-06 20:26 238968 ----a-w- c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AlwaysReady Power Message APP"="c:\windows\ARPWRMSG.EXE" [2005-08-03 77312]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-07 180269]
"UserFaultCheck"="c:\windows\system32\dumprep.exe" [2004-08-09 10752]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-05-13 6345840]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-6 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-09 03:51 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TermService"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"Netlogon"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Fax"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=2 (0x2)
"CiSvc"=3 (0x3)
"CCALib8"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/5/2009 5:29 PM 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [8/13/2009 4:40 PM 28544]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [8/9/2008 2:42 PM 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/19/2009 9:57 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/19/2009 9:57 PM 108552]
R2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [12/8/2008 9:38 PM 10240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/19/2009 9:57 PM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 7:49 AM 1029456]
R2 MSSQL$MVE_INSTANCE;SQL Server (MVE_INSTANCE);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [12/26/2008 5:17 PM 1205760]
R3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [4/12/2006 3:58 PM 15576]
S2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon --> c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [?]
S3 PCD5SRVC{085326CB-51A3560A-05010003};PCD5SRVC{085326CB-51A3560A-05010003} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [11/21/2005 10:27 AM 21120]
S3 SysProtDrv.sys;SysProtDrv.sys;\??\c:\documents and settings\HP_Administrator\Desktop\SysProt\SysProtDrv.sys --> c:\documents and settings\HP_Administrator\Desktop\SysProt\SysProtDrv.sys [?]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [3/6/2006 11:27 PM 468768]
S4 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [8/14/2007 9:33 PM 388936]
.
Contents of the 'Scheduled Tasks' folder

2009-08-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ul5m7iml.default\
FF - prefs.js: browser.startup.homepage - hxxp://netscape.aol.com/
FF - prefs.js: keyword.URL - hxxp://wstb.search.imgag.com/?c=&sbs=1&sc=&f=web&vernum=3.1.3.7504&uid=&did={f8d4a70c-98e2-4081-901d-01bf93043ede}&q=
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ul5m7iml.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ul5m7iml.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-15 09:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCD5SRVC{085326CB-51A3560A-05010003}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1080)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3972)
c:\windows\system32\WININET.dll
c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\arservice.exe
c:\windows\ehome\ehrecvr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Webroot\Spy Sweeper\SSU.exe
.
**************************************************************************
.
Completion time: 2009-08-15 9:59 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-15 16:59
ComboFix2.txt 2009-08-13 23:22
ComboFix3.txt 2009-08-12 16:07
ComboFix4.txt 2009-08-11 16:14
ComboFix5.txt 2009-08-15 16:26

Pre-Run: 195,918,823,424 bytes free
Post-Run: 195,831,529,472 bytes free

312 --- E O F --- 2009-08-13 05:16
:)
 
Rose92 said:
Am I safe enough to pay bills and do patient insurance billing for my husband yet?
Click to expand...

As safe as you ever will be :)


Congratulations your logs look clean :)

Let's see if I can help you keep it that way

First lets tidy up



Uninstall Combofix
  • This will clear your System Volume Information restore points and remove all the infected files that were quarantined
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    • CF_Cleanup.png



OTCleanup
Please download OTCleanup from HERE
Click the OTC.exe icon and then click the CleanUp button.
If you get any pop ups asking if it is OK let the program proceed. At the end the program will ask to let it reboot the computer. Let it do so.
Let me know if there were any problems with OT CleanIt




You can also delete any logs we have produced, and empty your Recycle bin.

----------------------------------------------------------- -----------------------------------------------------------

The following is some info to help you stay safe and clean.


You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

  • AntiSpyware is not the same thing as Antivirus.
    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
    Most of the programs in this list have a free (for Home Users ) and paid versions,
    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  • MalwareBytes Anti-malware <<< A New and effective program
  • a-squared Free <<< A good "realtime" or "on demand" scanner
  • superantispyware <<< A good "realtime" or "on demand" scanner

Prevention

  • These programs don't detect malware, they help stop it getting on your machine in the first place.
    Each does a different job, so you can have more than one
  • Winpatrol
    • An excellent startup manager and then some !!
    • Notifies you if programs are added to startup
    • Allows delayed startup
    • A must have addition
  • SpywareBlaster 4.0
    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
  • SpywareGuard 2.2
    • SpywareGuard provides real-time protection against spyware.
    • Not required if you have other "realtime" antispyware or Winpatrol
  • ZonedOut
    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
  • MVPS HOSTS
    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    • For information on how to download and install, please read this tutorial by WinHelp2002.
    • Not required if you are using other host file protections

Internet Browsers

  • Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
    Using a different web browser can help stop malware getting on your machine.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.
    If you are still using IE6 then either update, or get one of the following.
    • FireFox
      • With many addons available that make customization easy this is a very popular choice
      • NoScript and AdBlockPlus addons are essential
    • Opera
      • Another popular alternative
    • Netscape
      • Another popular alternative
      • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

  • Temporary Internet Files are mainly the files that are downloaded when you open a web page.
    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
    It is a good idea to empty the Temporary Internet Files folder on a regular basis.

    Tracking Cookies are files that websites use to monitor which sites you visit and how often.
    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

    Both of these can be cleaned manually, but a quicker option is to use a program
  • ATF Cleaner
    • Free and very simple to use
  • CCleaner
    • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'
 
Yeah!!

Thank you, thank you, thank you! I will follow your instructions for keeping safe. However, I noticed you have no recommendations for which anti-virus or firewall to install. Is my AVG Free OK or should I pay for one? Is the Windows firewall OK or should I go back to Zone Alarm? I do online banking and confidential patient medical insurance for my husband's practice. One more question: at the beginning I told you I was never successful at installing SP3 over a year ago, do you have any suggestions where I can go to get help with that?

Now I will be visiting the donation station..............

Keep well and keep saving all us web crawlers out there
 
Is my AVG Free OK or should I pay for one?
Click to expand...
A paid AV is wise if you need the computer, because you normally get support in the price.
However, the free AV's I list below are very good

Paid AV list
Kaspersky
ESET NOD32

Free AV list ( Home users only)
Avast
Avira AntiVir


Is the Windows firewall OK or should I go back to Zone Alarm?
Click to expand...

Firewall

  • I try to avoid recommending firewalls, I feel they are a very personal choice ( amount of alerts versus level of security )
    But here is some info for you
    A third party firewall is much safer than the Windows basic firewall , as it stops malware that does get on your PC from contacting "home"
    Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.
    It is recommended to have only one Firewall active.
  • Online Armor
  • Outpost Firewall
  • Kerio Personal Firewall

One more question: at the beginning I told you I was never successful at installing SP3 over a year ago, do you have any suggestions where I can go to get help with that?
Click to expand...
Give it another try now, and if you still have problems visit one of the following "Tech" sites.

http://www.techsupportforum.com/
http://www.bleepingcomputer.com/forums/
http://forums.whatthetech.com/forums.html

All the forums above have good support for software/OS problems, and I'm sure they will be able to help.
They all know me, so tell them I've given you the "All Clean"
 
You must log in or register to reply here.
Back
Top