BleepingComputer.com: Possible malware infection, please tell me how to proceed

I had been streaming videos from a site that I recently learned has had problems with malware. My Avira antivirus is not updating and something is preventing me from installing the current Java version. I am concerned that I may have a malware infection on my machine. Could someone please help me?

I have a Dell Inspiron B130 laptop running Windows XP.

---------
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by Alison at 20:23:17 on 2011-05-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.30 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Alison Maltby-Duggan\Desktop\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {44226DFF-747E-4edc-B30C-78752E50CD0C} - {44226DFF-747E-4edc-B30C-78752E50CD0C} - c:\program files\ati multimedia\tv\EXPLBAR.DLL
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: {F552DDE6-2090-4bf4-B924-6141E87789A5} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\alison maltby-duggan\application data\mozilla\firefox\profiles\618vqoqj.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytie&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\alison maltby-duggan\application data\mozilla\firefox\profiles\618vqoqj.default\extensions\{85c5b796-eda5-4353-b26e-a5d181ad9cd0}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\alison maltby-duggan\application data\mozilla\firefox\profiles\618vqoqj.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-8 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-8 61960]
S0 Partizan;Partizan;c:\windows\system32\drivers\partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S1 MpKsl452f65eb;MpKsl452f65eb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5294fa07-4737-441e-b288-cf0e61d22049}\mpksl452f65eb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5294fa07-4737-441e-b288-cf0e61d22049}\MpKsl452f65eb.sys [?]
S1 MpKsl61259936;MpKsl61259936;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5294fa07-4737-441e-b288-cf0e61d22049}\mpksl61259936.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5294fa07-4737-441e-b288-cf0e61d22049}\MpKsl61259936.sys [?]
S1 MpKslc9a5fc98;MpKslc9a5fc98;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ba9ceb5c-f5af-4ac1-8217-34c232c35256}\mpkslc9a5fc98.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ba9ceb5c-f5af-4ac1-8217-34c232c35256}\MpKslc9a5fc98.sys [?]
S1 MpKsld046f590;MpKsld046f590;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{979efdb2-0297-455b-a4a8-d6bd0f8d3c83}\mpksld046f590.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{979efdb2-0297-455b-a4a8-d6bd0f8d3c83}\MpKsld046f590.sys [?]
S1 MpKsld80605c4;MpKsld80605c4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7c440334-cb17-4230-a2fe-058cdda95d22}\mpksld80605c4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7c440334-cb17-4230-a2fe-058cdda95d22}\MpKsld80605c4.sys [?]
S1 MpKslfd7aeef2;MpKslfd7aeef2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{44262745-b6d2-47ba-bdcc-d97940cecac4}\mpkslfd7aeef2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{44262745-b6d2-47ba-bdcc-d97940cecac4}\MpKslfd7aeef2.sys [?]
S3 atinysxx;ATI USB 2.0 TV Audio Crossbar;c:\windows\system32\drivers\atinysxx.sys [2007-11-21 79360]
S3 atinyvxx;ATI TV WONDER USB2.0 Video & Audio;c:\windows\system32\drivers\atinyvxx.sys [2007-11-21 174592]
S3 ATITUNEP2;ATI TV WONDER USB2.0 TV Tuner;c:\windows\system32\drivers\atinyuxx.sys [2007-11-21 64512]
S3 ATIUTD;ATI TV WONDER USB2.0 Device Driver;c:\windows\system32\drivers\ATIUTD.sys [2007-11-21 38912]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2006-10-1 24416]
S3 TTDec;ATI TV WONDER USB2.0 Teletext Decoder;c:\windows\system32\drivers\atinyttx.sys [2007-11-21 13824]
.
=============== Created Last 30 ================
.
2011-05-09 02:20:28 -------- dc----w- c:\windows\system32\NtmsData
2011-05-08 23:20:14 -------- dc----w- c:\documents and settings\alison maltby-duggan\application data\Avira
2011-05-08 22:51:01 61960 -c--a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-08 22:50:54 -------- dc----w- c:\program files\Avira
2011-05-08 22:50:54 -------- dc----w- c:\documents and settings\all users\application data\Avira
2011-05-06 19:39:59 781272 -c--a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-06 19:39:57 1874904 -c--a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-06 19:39:54 89048 -c--a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-06 19:39:54 465880 -c--a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-06 19:39:54 15832 -c--a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-06 19:39:52 1892184 -c--a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-06 19:39:49 142296 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-06 19:39:48 1974616 -c--a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-04-30 14:31:30 -------- dc----w- c:\documents and settings\alison maltby-duggan\application data\Malwarebytes
2011-04-30 14:25:42 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-30 14:25:36 -------- dc----w- c:\documents and settings\all users\application data\Malwarebytes
2011-04-30 14:25:26 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-04-27 03:47:14 -------- dc----w- c:\documents and settings\alison maltby-duggan\application data\ZoomBrowser EX
2011-04-27 03:42:53 -------- dc----w- c:\documents and settings\alison maltby-duggan\application data\CANON INC
2011-04-27 03:41:20 5632 -c--a-w- c:\windows\system32\ptpusb.dll
2011-04-27 03:41:19 159232 -c--a-w- c:\windows\system32\ptpusd.dll
2011-04-27 01:56:23 -------- dc----w- c:\documents and settings\all users\application data\ZoomBrowser
2011-04-27 01:48:36 -------- dc----w- c:\windows\system32\XPSViewer
2011-04-27 01:47:01 27648 -c--a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-04-27 01:46:20 14048 -c----w- c:\windows\system32\spmsg2.dll
2011-04-27 01:29:25 -------- dc----w- c:\program files\common files\Canon
2011-04-26 00:11:48 -------- dc----w- c:\program files\CCleaner
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 -c--a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 -c--a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 -c--a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 -c--a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 -c--a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 -c--a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 -c--a-w- c:\windows\system32\html.iec
.
============= FINISH: 20:25:51.85 ===============

Hello and

My name is patndoris. I will be glad to take a look at your log and help you with solving any malware problems. It will be very helpful if you follow these guidelines:

• Malware logs are often lengthy and can take a lot of time to research and interpret. Please be patient while I review your logs.
  
• Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  
• Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  
• Please follow my instructions carefully and in the order they are posted. You may also find it helpful to print out the instructions you receive.
  
• Please do not run any scans or install/uninstall any applications or delete anything without being directed to do so.
  
• Remember, absence of symptoms does not mean the infection is all gone. Please stick with me till you're given the "all clear".
  
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  
• Please reply within 3 days. If I do not hear back from you in that time frame, I will post a reminder for you. Topics with no reply in 4 days are closed!

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Hi Patndoris!
Thanks for helping me. Since my first post I ran Malware Bytes and found that part of my problem was related to a Proxy problem. Since running Combo Fix I believe my computer may have gotten a tiny bit faster. I'm not fully sure though.

Here is my Combo Fix log
____
ComboFix 11-05-27.02 - Alison 05/28/2011 21:39:20.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.118 [GMT -4:00]
Running from: c:\documents and settings\Alison Maltby-Duggan\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Alison Maltby-Duggan\WINDOWS
c:\windows\downloader.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-29 )))))))))))))))))))))))))))))))
.
.
2011-05-27 23:29 . 2011-05-18 16:37 6962000 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{B566A6C2-FC12-468A-A6BC-425E1D7DC764}\mpengine.dll
2011-05-25 00:53 . 2011-05-25 00:54 -------- dc----w- c:\program files\Malware Bytes
2011-05-24 21:04 . 2011-05-24 21:04 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-22 21:55 . 2011-05-22 21:57 -------- dc----w- C:\c1d607e7b40933763f59
2011-05-22 20:55 . 2011-05-22 20:55 -------- dc----w- c:\program files\Common Files\Java
2011-05-22 20:51 . 2011-05-22 20:51 73728 -c--a-w- c:\windows\system32\javacpl.cpl
2011-05-22 14:26 . 2011-05-22 14:26 -------- dc----w- c:\documents and settings\Alison Maltby-Duggan\Local Settings\Application Data\ESET
2011-05-22 14:26 . 2011-05-22 14:26 -------- dc----w- c:\documents and settings\Alison Maltby-Duggan\Application Data\ESET
2011-05-22 14:24 . 2011-05-22 14:24 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2011-05-22 14:22 . 2011-05-22 14:22 -------- dc----w- c:\program files\ESET
2011-05-22 14:22 . 2011-05-22 14:22 -------- dc----w- c:\documents and settings\All Users\Application Data\ESET
2011-05-21 23:03 . 2011-05-21 23:03 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-05-21 23:02 . 2011-05-21 23:02 -------- dcsh--w- c:\documents and settings\Administrator\IETldCache
2011-05-09 02:20 . 2011-05-09 20:14 -------- dc----w- c:\windows\system32\NtmsData
2011-05-06 19:39 . 2011-05-06 19:39 781272 -c--a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-06 19:39 . 2011-05-06 19:39 1874904 -c--a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-06 19:39 . 2011-05-06 19:39 89048 -c--a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-06 19:39 . 2011-05-06 19:39 465880 -c--a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-06 19:39 . 2011-05-06 19:39 15832 -c--a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-06 19:39 . 2011-05-06 19:39 1892184 -c--a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-06 19:39 . 2011-05-06 19:39 142296 -c--a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-06 19:39 . 2011-05-06 19:39 1974616 -c--a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-04-30 14:31 . 2011-04-30 14:31 -------- dc----w- c:\documents and settings\Alison Maltby-Duggan\Application Data\Malwarebytes
2011-04-30 14:25 . 2010-12-20 22:09 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-30 14:25 . 2011-04-30 14:25 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-30 14:25 . 2010-12-20 22:08 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-22 20:51 . 2010-07-11 03:46 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-05-18 16:37 . 2006-08-25 22:54 6962000 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-03-07 05:33 . 2004-08-10 18:02 692736 -c--a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-10 17:51 420864 -c--a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2009-04-17 12:26 1857920 -c--a-w- c:\windows\system32\win32k.sys
2011-05-06 19:39 . 2011-05-06 19:39 142296 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 -c--a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=APTRRNTm.dll
"wave"=APTRRNTm.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2006-01-14 00:36 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 17:12 253672 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-07-19 17:50 2403568 -c--a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 22:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" /startup
"ModemOnHold"=c:\program files\NetWaiting\NetWaiting.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"<NO NAME>"=
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
"Dell QuickSet"=c:\program files\Dell\QuickSet\quickset.exe
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"eTrustPPAP"="c:\program files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
"RegRun WinBait"=c:\windows\winbait.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [12/21/2010 3:04 PM 115008]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [1/12/2011 4:41 PM 810144]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S1 MpKsl452f65eb;MpKsl452f65eb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5294FA07-4737-441E-B288-CF0E61D22049}\MpKsl452f65eb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5294FA07-4737-441E-B288-CF0E61D22049}\MpKsl452f65eb.sys [?]
S1 MpKsl61259936;MpKsl61259936;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5294FA07-4737-441E-B288-CF0E61D22049}\MpKsl61259936.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5294FA07-4737-441E-B288-CF0E61D22049}\MpKsl61259936.sys [?]
S1 MpKslc9a5fc98;MpKslc9a5fc98;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA9CEB5C-F5AF-4AC1-8217-34C232C35256}\MpKslc9a5fc98.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA9CEB5C-F5AF-4AC1-8217-34C232C35256}\MpKslc9a5fc98.sys [?]
S1 MpKsld046f590;MpKsld046f590;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{979EFDB2-0297-455B-A4A8-D6BD0F8D3C83}\MpKsld046f590.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{979EFDB2-0297-455B-A4A8-D6BD0F8D3C83}\MpKsld046f590.sys [?]
S1 MpKsld80605c4;MpKsld80605c4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C440334-CB17-4230-A2FE-058CDDA95D22}\MpKsld80605c4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C440334-CB17-4230-A2FE-058CDDA95D22}\MpKsld80605c4.sys [?]
S1 MpKslfd7aeef2;MpKslfd7aeef2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{44262745-B6D2-47BA-BDCC-D97940CECAC4}\MpKslfd7aeef2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{44262745-B6D2-47BA-BDCC-D97940CECAC4}\MpKslfd7aeef2.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2011 2:54 AM 136176]
S3 atinysxx;ATI USB 2.0 TV Audio Crossbar;c:\windows\system32\drivers\atinysxx.sys [11/21/2007 6:46 PM 79360]
S3 atinyvxx;ATI TV WONDER USB2.0 Video & Audio;c:\windows\system32\drivers\atinyvxx.sys [11/21/2007 6:46 PM 174592]
S3 ATITUNEP2;ATI TV WONDER USB2.0 TV Tuner;c:\windows\system32\drivers\atinyuxx.sys [11/21/2007 6:46 PM 64512]
S3 ATIUTD;ATI TV WONDER USB2.0 Device Driver;c:\windows\system32\drivers\ATIUTD.sys [11/21/2007 6:46 PM 38912]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2011 2:54 AM 136176]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [10/1/2006 11:32 AM 24416]
S3 TTDec;ATI TV WONDER USB2.0 Teletext Decoder;c:\windows\system32\drivers\atinyttx.sys [11/21/2007 6:46 PM 13824]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 16:34]
.
2011-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-06 06:54]
.
2011-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-06 06:54]
.
2011-05-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{925157CF-3092-44CE-BE20-16EE68764EAF}: NameServer = 198.153.192.1,198.153.194.1
FF - ProfilePath - c:\documents and settings\Alison Maltby-Duggan\Application Data\Mozilla\Firefox\Profiles\618vqoqj.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytie&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{F552DDE6-2090-4bf4-B924-6141E87789A5} - (no file)
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-28 21:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1380)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\documents and settings\Alison Maltby-Duggan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Alison Maltby-Duggan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\Alison Maltby-Duggan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2011-05-28 21:51:21
ComboFix-quarantined-files.txt 2011-05-29 01:51
.
Pre-Run: 13,889,728,512 bytes free
Post-Run: 14,006,988,800 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 5E9AD27E972C0BE5FFF4C13A34F6C07C

I'm glad to hear things are running better, and that proxy was probably the biggest part of what I saw in your original logs. I'm glad you were able to take care of it already. Let's do a little updating and run an online scan as a double check to be sure everything is ok now.



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 25 and save it to your desktop.
  
• Scroll down to where it says JDK 6 Update 25 (JDK or JRE)
  
• Click the Download JRE button to the right
  
• Select the Windows platform from the dropdown menu.
  
• Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u25 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
  
• Click on the link to download Windows Offline Installation and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u25-windows-i586-p.exe to install the newest version.

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
    
  • Next, click on the Delete Files button
    
  • There are two options in the window to clear the cache - Leave BOTH Checked
    Applications and Applets
    Trace and Log Files
    
    
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    
  • Click OK to leave the Temporary Files Window
    
  • Click OK to leave the Java Control Panel.

Download ATF Cleaner by Atribune.
Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  
• Click the Empty Selected button.
  
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  
• Click the Empty Selected button.
  
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.


This scan make take awhile depending on how many items are on the computer. You may want to run it at a time you won't be needing the machine. It should be run from IE and I'd recommend not doing anything else while it's running.

http://www.eset.eu/online-scanner
Go here to run an online scannner from ESET.
Click the green ESET Online Scanner button.
Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
Click on the Start button next to it.
You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
A new window will appear asking "Do you want to install this software?"".
Answer Yes to download and install the ActiveX controls that allows the scan to run.
Click Start.
Uncheck Remove found threats.
Click Scan to begin.
If offered the option to get information or buy software. Just close the window.
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic.

Are you having any problems with the last set of instructions?

Reminder: Topics with no reply in 4 days are closed!

Sorry about that. My sister had spilled orange juice on my laptop yesterday, so I was drying it. Thankfully it appears that everything is working. The scans didn't show anything. Is it safe for me to assume that my laptop is free from malware.

Glad to hear your computer survived the beverage spill without issue

The following will implement some cleanup procedures as well as reset System Restore points:

• Click Start > Run
  
• Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
• 

If there are any remaining tools or logs on your desktop you can right-click and delete them. I would advise keeping Malwarebytes as it is a program you'll want to run regularly.



Great job! Your logs appear to be malware free and you do not appear to be experiencing any malware related problems.


Please follow these simple steps in order to keep your computer malware free and secure:

Visit Microsoft's Windows Update Site Frequently
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Use and Update your AntiVirus Software
It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this. Simply using a Firewall in its default configuration can lower your risk greatly.

Use only one antivirus and one firewall on your machine
Having more than one anti-virus program and one firewall on your machine, even if only one is running, can cause conflicts and slowdowns in the performance of the machine.

If you need more information on free anti-virus or firewall options please let me know and I will give you some recommendations.

Make your Internet Explorer more secure
This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
5. Change the Download signed ActiveX controls to Prompt
6. Change the Download unsigned ActiveX controls to Disable
7. Change the Initialize and script ActiveX controls not marked as safe to Disable
8. Change the Installation of desktop items to Prompt
9. Change the Launching programs and files in an IFRAME to Prompt
10. Change the Navigate sub-frames across different domains to Prompt
11. When all these settings have been made, click on the OK button.
12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
13. Next press the Apply button and then the OK to exit the Internet Properties page.

Keep your Java, Adobe Reader and Adobe Flash Up to Date
Older versions of these programs can contain security vulnerabilities. It is very important to keep them updated.

Update and Run Malwarebytes Anti-Malware
Scan your computer with this program on a regular basis just as you would an antivirus software making sure you update definitions each time you scan.

To simplify making sure you have the latest version of many of your security programs and applications, you may want to consider:
Secunia's Personal Software Inspector (PSI). It is a free utility that scans your computer for installed applications and checks to see if they have the latest security patches and updates. If it finds any applications with possible security issues, links and/or instructions are provided for the necessariy updates.

Filehippo's Update Checker. It is free utilitiy that scan your computer for installed software, checks the versions and then sends this information to see if there are any newer releases. Available software updates are displayed and you can decide which ones to download and install. Among many other types of programs, they includes a number of the Anti-Spyware, Firewall/Security and Anti-Virus programs that have been recommended (though not all of them). Note: Definition files should be updated from within the programs themselves. The Update Checker look for newer versions of the software program, not definition files.

I would suggest you read:
Tony Klein's excellent article: How I got Infected in the First Place
PC Safety and Security--What Do I Need?
How to Prevent Malware

Good luck & Happy surfing!

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.