Brower redirecting virus, possible rootkit

[DPD]

Probably infected on 1/14/2010 when I visited an unfamiliar web site.
The infection highjacked my browser, causing it to redirect to web sites with links to various advertisers.
Since 1/14/2010, Norton Anti-Virus has blocked or removed the following risks: backdoor.trojan, js.securitytoolfraud.b, Trojan.fakeAV!gen, backdoor.tidserv!inf
Once infected, I disabled the connection to the Internet, except to download various repair and diagnostic software. I also disconnected a 250gb external harddrive, and have not reconnected it since.
I am only a computer novice, but got direction from reading the Computer Hope forum.

I downloaded the following software on the following dates/times:
MBAM: January 15, 2010, 9:12:02 AM
OTL: January 15, 2010, 8:01:18 PM
GMER: January 15, 2010, 8:06:15 PM
ComboFix: January 15, 2010, 8:13:57 PM
HJT: January 15, 2010, 11:01:32 PM
SpyBot: January 15, 2010, 11:04:49 PM
SafeModeFixer: January 16, 2010, 3:11:30 PM
Radix: January 17, 2010, 10:12:18 AM
SAS: January 17, 2010, 10:14:08 AM

After I downloaded and ran MBAM, it quarantined and deleted two infections in the registry. I have the log but have posted a more recent log.
After I downloaded GMER and tried to run it, but it would freeze. I tried to boot into Safe Mode, but couldn’t. I downloaded SafeModeFixer and ran it, but still couldn’t boot into safe mode.
I then ran ComboFixer without the recovery console installed (so it wouldn’t automatically make any significant changes?). I was then able to boot into safe mode and I ran GMER.

The browser is no longer redirecting to highjacking web pages, but I don’t know how to ensure that no latent malware remains on my computer, and what anti-malware process I should follow to reconnect the external hard drive. Any help will be greatly appreciated.


Posted logs in chronological order generated, most recent log for each program:
ComboFixer
MBAM
HJT


ComboFix 10-01-15.01 - Dennis D 01/16/2010  16:41:42.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2815.2331 [GMT -8:00]
Running from: c:\documents and settings\------\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\236.tmp
C:\23F.tmp
C:\248.tmp
C:\24F.tmp
C:\255.tmp
C:\25D.tmp
C:\263.tmp
C:\26B.tmp
C:\271.tmp
C:\2B4.tmp
C:\320.tmp
C:\328.tmp
C:\32C.tmp
C:\32D.tmp
C:\332.tmp
C:\33A.tmp
C:\342.tmp
C:\343.tmp
C:\345.tmp
C:\349.tmp
C:\34A.tmp
C:\351.tmp
C:\353.tmp
C:\356.tmp
C:\359.tmp
C:\35B.tmp
C:\361.tmp
C:\366.tmp
C:\36B.tmp
C:\370.tmp
C:\375.tmp
C:\378.tmp
C:\37A.tmp
C:\37F.tmp
C:\384.tmp
C:\389.tmp
C:\38C.tmp
C:\38E.tmp
C:\393.tmp
C:\395.tmp
C:\398.tmp
C:\39E.tmp
C:\3A1.tmp
C:\3A4.tmp
C:\3A6.tmp
C:\3A9.tmp
C:\3AC.tmp
C:\3AF.tmp
C:\3B2.tmp
C:\3B5.tmp
C:\3BC.tmp
C:\3BE.tmp
C:\3C3.tmp
C:\3C4.tmp
C:\3C6.tmp
C:\3C9.tmp
C:\3CB.tmp
C:\3D2.tmp
C:\3D3.tmp
C:\3D8.tmp
C:\3DA.tmp
C:\3DB.tmp
C:\3DC.tmp
C:\3DD.tmp
C:\3E3.tmp
C:\3E7.tmp
C:\3E8.tmp
C:\3E9.tmp
C:\3EC.tmp
C:\3EF.tmp
C:\3F0.tmp
C:\3F1.tmp
C:\3F2.tmp
C:\3F5.tmp
C:\3F6.tmp
C:\3F9.tmp
C:\3FA.tmp
C:\3FB.tmp
C:\401.tmp
C:\405.tmp
C:\406.tmp
C:\407.tmp
C:\40B.tmp
C:\40C.tmp
C:\40D.tmp
C:\411.tmp
C:\413.tmp
C:\416.tmp
C:\418.tmp
C:\41B.tmp
C:\41C.tmp
C:\41D.tmp
C:\41E.tmp
C:\421.tmp
C:\422.tmp
C:\423.tmp
C:\424.tmp
C:\427.tmp
C:\429.tmp
C:\42B.tmp
C:\42D.tmp
C:\42E.tmp
C:\430.tmp
C:\434.tmp
C:\435.tmp
C:\438.tmp
C:\439.tmp
C:\43A.tmp
C:\43C.tmp
C:\43F.tmp
C:\440.tmp
C:\445.tmp
C:\449.tmp
C:\44B.tmp
C:\450.tmp
C:\451.tmp
C:\456.tmp
C:\459.tmp
C:\45A.tmp
C:\45D.tmp
C:\45E.tmp
C:\464.tmp
C:\46C.tmp
C:\46D.tmp
C:\46E.tmp
C:\473.tmp
C:\474.tmp
C:\47A.tmp
C:\47E.tmp
C:\486.tmp
C:\4A7.tmp
C:\4AE.tmp
C:\4B5.tmp
C:\4BB.tmp
C:\4C6.tmp
C:\4CE.tmp
c:\progra~1\Webroot\SPYSWE~1\Backup\ntSVc.ocx
c:\windows\winhelp.ini

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SERVICE


(((((((((((((((((((((((((   Files Created from 2009-12-17 to 2010-01-17  )))))))))))))))))))))))))))))))
.

2010-01-16 23:37 . 2008-04-14 00:12   116224   -c--a-w-   c:\windows\system32\dllcache\xrxwiadr.dll
2010-01-16 23:37 . 2008-04-14 00:12   18944   -c--a-w-   c:\windows\system32\dllcache\xrxscnui.dll
2010-01-16 23:37 . 2001-08-18 06:36   23040   -c--a-w-   c:\windows\system32\dllcache\xrxwbtmp.dll
2010-01-16 23:37 . 2001-08-18 06:37   27648   -c--a-w-   c:\windows\system32\dllcache\xrxftplt.exe
2010-01-16 23:37 . 2001-08-18 06:37   4608   -c--a-w-   c:\windows\system32\dllcache\xrxflnch.exe
2010-01-16 23:35 . 2001-08-17 21:28   397502   -c--a-w-   c:\windows\system32\dllcache\vpctcom.sys
2010-01-16 23:34 . 2001-08-18 06:36   211968   -c--a-w-   c:\windows\system32\dllcache\um54scan.dll
2010-01-16 23:33 . 2001-08-17 20:13   37961   -c--a-w-   c:\windows\system32\dllcache\tdk100b.sys
2010-01-16 23:32 . 2001-08-18 06:36   24660   -c--a-w-   c:\windows\system32\dllcache\spxupchk.dll
2010-01-16 23:31 . 2001-08-17 22:56   157696   -c--a-w-   c:\windows\system32\dllcache\sisv256.dll
2010-01-16 23:30 . 2001-08-17 20:50   75392   -c--a-w-   c:\windows\system32\dllcache\s3savmxm.sys
2010-01-16 23:29 . 2001-08-18 06:36   41472   -c--a-w-   c:\windows\system32\dllcache\qvusd.dll
2010-01-16 23:28 . 2008-04-14 00:10   211584   -c--a-w-   c:\windows\system32\dllcache\perm2dll.dll
2010-01-16 23:27 . 2001-08-17 20:50   198144   -c--a-w-   c:\windows\system32\dllcache\nv3.sys
2010-01-16 23:26 . 2008-04-13 18:39   5504   -c--a-w-   c:\windows\system32\dllcache\mstee.sys
2010-01-16 23:25 . 2004-08-04 05:41   606684   -c--a-w-   c:\windows\system32\dllcache\ltmdmnt.sys
2010-01-16 23:24 . 2001-08-18 06:36   372824   -c--a-w-   c:\windows\system32\dllcache\iconf32.dll
2010-01-16 23:23 . 2001-08-17 21:28   115807   -c--a-w-   c:\windows\system32\dllcache\hsf_fsks.sys
2010-01-16 23:22 . 2001-08-17 20:15   455296   -c--a-w-   c:\windows\system32\dllcache\fusbbase.sys
2010-01-16 23:21 . 2001-08-17 20:11   455199   -c--a-w-   c:\windows\system32\dllcache\el985n51.sys
2010-01-16 23:20 . 2001-08-17 21:50   49792   -c--a-w-   c:\windows\system32\dllcache\cyzport.sys
2010-01-16 23:19 . 2001-08-17 21:51   13824   -c--a-w-   c:\windows\system32\dllcache\bulltlp3.sys
2010-01-16 23:18 . 2001-08-17 22:56   66048   -c--a-w-   c:\windows\system32\dllcache\s3legacy.dll
2010-01-16 23:11 . 2010-01-16 23:11   --------   d-----w-   c:\program files\Safe_Mode_Fixer
2010-01-16 05:48 . 2010-01-16 05:48   --------   d-sh--w-   c:\documents and settings\LocalService\IETldCache
2010-01-15 17:12 . 2010-01-08 00:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-15 17:11 . 2010-01-15 17:12   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-01-15 17:11 . 2010-01-08 00:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-01-15 00:56 . 2010-01-15 00:56   --------   d-sh--w-   c:\documents and settings\Dennis ---\IECompatCache
2010-01-15 00:47 . 2010-01-15 00:47   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
2010-01-14 16:31 . 2010-01-14 16:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-01-14 16:27 . 2010-01-14 16:40   77390   ----a-w-   c:\windows\hpqins05.dat
2010-01-13 19:17 . 2010-01-13 19:17   --------   d-----w-   c:\program files\WebGear
2010-01-11 18:00 . 2010-01-11 18:03   --------   d-----w-   c:\documents and settings\Dennis ---\ZipForm
2010-01-11 17:59 . 2010-01-11 17:59   --------   d-----w-   c:\program files\ZipLogix
2010-01-10 02:46 . 2010-01-10 02:46   159744   ----a-w-   c:\windows\system32\libssl32.dll
2010-01-10 02:46 . 2010-01-10 02:46   --------   d-----w-   C:\OpenSSL
2010-01-10 02:46 . 2010-01-10 02:46   --------   d-----w-   c:\program files\SiLabs
2010-01-10 02:46 . 2006-09-07 19:00   89808   ----a-w-   c:\windows\system32\drivers\slabser.sys
2010-01-10 02:46 . 2006-09-07 19:00   6144   ----a-w-   c:\windows\system32\drivers\slabcmnt.sys
2010-01-10 02:46 . 2006-09-07 19:00   6144   ----a-w-   c:\windows\system32\drivers\slabcm.sys
2010-01-10 02:46 . 2006-09-07 19:00   5776   ----a-w-   c:\windows\system32\drivers\slabwhnt.sys
2010-01-10 02:46 . 2006-09-07 19:00   5776   ----a-w-   c:\windows\system32\drivers\slabwh.sys
2010-01-10 02:46 . 2006-09-07 19:00   55312   ----a-w-   c:\windows\system32\drivers\slabbus.sys
2010-01-10 02:46 . 2006-09-07 19:00   47616   ----a-w-   c:\windows\system32\ducunin2k.exe
2010-01-10 02:46 . 2010-01-17 00:50   --------   d-----w-   c:\program files\GE Security Supra
2010-01-10 02:46 . 2010-01-10 02:52   --------   d-----w-   C:\SSL

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 22:48 . 2009-09-06 05:30   --------   d-----w-   c:\documents and settings\Dennis----\Application Data\HPAppData
2010-01-16 22:05 . 2008-05-23 23:59   --------   d--h--w-   c:\documents and settings\All Users\Application Data\Google Updater
2010-01-16 06:05 . 2006-08-12 20:11   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2010-01-14 16:41 . 2008-04-02 00:48   --------   d--h--w-   c:\documents and settings\All Users\Application Data\HP
2010-01-14 16:40 . 2006-08-11 20:53   109640   ----a-w-   c:\documents and settings\Dennis ----\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-14 03:57 . 2006-09-13 17:15   --------   d-----w-   c:\program files\Google
2010-01-13 18:14 . 2006-09-05 22:24   --------   d-----w-   c:\program files\Handspring
2010-01-12 17:44 . 2006-08-12 20:12   --------   d--h--w-   c:\documents and settings\All Users\Application Data\Symantec
2010-01-11 18:57 . 2006-11-17 05:00   --------   d-----w-   c:\program files\WINForms 2000
2010-01-05 03:51 . 2008-02-21 17:50   --------   d-----w-   c:\documents and settings\Dennis ----\Application Data\ZoomBrowser EX
2010-01-05 03:51 . 2008-02-21 17:48   --------   d-----w-   c:\documents and settings\Dennis ----\Application Data\CameraWindowDC
2009-12-22 12:41 . 2009-01-12 17:53   --------   d-----w-   c:\program files\PCPitstop
2009-12-16 23:19 . 2009-12-16 01:41   --------   d-----w-   c:\documents and settings\All Users\Application Data\Norton
2009-12-11 04:29 . 2009-12-16 01:41   1782128   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\NUA.exe
2009-11-21 15:51 . 2004-08-04 12:00   471552   ----a-w-   c:\windows\AppPatch\aclayers.dll
2009-11-20 07:00 . 2006-08-12 20:35   --------   d-----w-   c:\documents and settings\Dennis -----\Application Data\Webroot
2009-11-07 01:17 . 2009-11-07 01:17   80528040   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{NAV_Production_94_17.1.0.19_NUC}\NAV10UPEN.exe
2009-10-29 07:45 . 2004-08-04 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2009-10-25 20:53 . 2009-10-25 20:53   164   ----a-w-   c:\windows\install.dat
2009-10-21 05:38 . 2004-08-04 12:00   75776   ----a-w-   c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00   25088   ----a-w-   c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00   265728   ----a-w-   c:\windows\system32\drivers\http.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-23 68856]
"gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-21 131072]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-12 7626752]
"nwiz"="c:\windows\system32\nwiz.exe" [2006-07-12 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-12 86016]
"Auto Run Software for Photo Frame"="c:\program files\Philips\Auto Run Software for Photo Frame\PhotoManager.exe" [2006-09-21 2247680]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2008-02-07 718704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-11 289576]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2008-02-20 53248]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-05-13 6345840]

c:\documents and settings\Dennis ----\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [8/9/2008 1:42 PM 29808]
R2 EraserSvc10923;Symantec Eraser Service;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [1/25/2008 5:47 PM 149352]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [1/25/2008 5:47 PM 149352]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [10/25/2009 12:56 PM 1205760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [8/26/2009 5:34 PM 102448]
R3 Wibukey2;Wibukey2;c:\windows\system32\drivers\Wibukey2.sys [8/29/2006 7:39 AM 17408]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/31/2009 9:35 AM 133104]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 6:32 PM 23888]
S3 USB100TX;Linksys EtherFast 10/100 USB Network Adapter;c:\windows\system32\drivers\USB100TX.sys [3/7/2006 4:52 PM 26368]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ERASERSVC10923

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
HPService   REG_MULTI_SZ      HPSLPSVC
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-01-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-28 03:55]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 17:35]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 17:35]

2010-01-12 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Dennis ----.job
- c:\program files\Norton AntiVirus\Navw32.exe [2008-02-07 14:05]

2010-01-17 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-08-12 22:40]

2010-01-17 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-08-12 22:40]

2010-01-15 c:\windows\Tasks\wrSpySweeper_L0A4BE1EED4ED4FF2A67C8778C2BE2686.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-08-12 22:40]

2010-01-15 c:\windows\Tasks\wrSpySweeper_L0A4BE1EED4ED4FF2A67C8778C2BE2686.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-08-12 22:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{b2475f4c-9372-46d3-a407-ff155aa1fb91} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-ANT Agent - c:\garmin\ANT Agent\ANT Agent.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe
HKLM-Run-HPPQVideo - c:\program files\HP\ScheduledLaunch\HP Color LaserJet CP2020 Series\bin\hppschlnch.exe -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CP2020_Series -f PQOptimizerVideo.xml



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-16 16:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2340)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ge security supra\syncservice.exe
c:\program files\GE Security Supra\ProxyDaemon.exe
c:\ssl\stunnel-4.10.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\GE Security Supra\SyncInfoApp.exe
c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\WinZip\WZQKPICK.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Webroot\Spy Sweeper\SSU.EXE
.
**************************************************************************
.
Completion time: 2010-01-16  17:00:39 - machine was rebooted
ComboFix-quarantined-files.txt  2010-01-17 01:00

Pre-Run: 18,089,627,648 bytes free
Post-Run: 18,812,088,320 bytes free

- - End Of File - - 6F1744A1E6FAACFAC32809E0FEA8F03F






Malwarebytes' Anti-Malware 1.44
Database version: 3569
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

1/16/2010 11:04:08 PM
mbam-log-2010-01-16 (23-04-08).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 282962
Time elapsed: 39 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{ABE09F7C-3E1C-4B16-854C-642C3F2EFCFB}\RP2467\A0136796.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0J8TQE88\load[1].php (Rootkit.TDSS) -> Quarantined and deleted successfully.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:20 PM, on 1/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\program files\ge security supra\syncservice.exe
C:\Program Files\GE Security Supra\ProxyDaemon.exe
C:\SSL\stunnel-4.10.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Philips\Auto Run Software for Photo Frame\PhotoManager.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Garmin\gStart.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\GE Security Supra\SyncInfoApp.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Auto Run Software for Photo Frame] "C:\Program Files\Philips\Auto Run Software for Photo Frame\PhotoManager.exe" /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [UserFaultCheck] "%systemroot%\system32\dumprep" 0 -u
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [gStart] "C:\Garmin\gStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: 20-20 Shortcut Bar.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: DisplayKEY eSYNC Info.lnk = C:\Program Files\GE Security Supra\SyncInfoApp.exe
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155336439734
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DkeySync - GE Security Supra - c:\program files\ge security supra\syncservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc.  - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/DENNIS~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/DENNIS~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 2: (no name) - file:///C:/DOCUME~1/DENNIS~1/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

--
End of file - 12266 bytes

[harry 48]

i'm not an malware expert . but your hjt log and mbam is clear , i cannot read combofix yet , can you post the

sas log if you have it

keep sas , mbam and ccleaner in your pc up to date and run weekly keep spybot if you want to and you can

take the rest out

wait for an expert to have  a look at your combofix

[SuperDave]

Hello DPD and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

----------------------------------------------------------------------------------------------------------------

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

------------------------------------------------------------------------------------------------------------------------------

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log

[DPD]

Hello SD. Thank you for the help.

I followed your instructions and below are the results:
- Windows Messenger deleted
- Ran HJ scan and the three malicious files were not present
- Ran the ESET Online scan and it did not find any threats

Let me know if you would like me to take any other actions, otherwise please feel free to end this discussion.

Thank you again for your help.

Also, a member named "harry 48" responded immediately after my initial post and I have not thanked him for his input yet. Thank you Harry.

[SuperDave]

Everything looks clean. If there are no other issues, let's do some clean-up. You can uninstall HJT but you can keep SAS and MBAM. Update them and run them every so often depending on your internet activity.

----------------------------------------------------------------------------------------------
* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

------------------------------------------------------------------------------------------
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

-------------------------------------------------------------------------------------------
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
Safe Surfing!

[harry 48]

no problem , happy days here