Antivirus System PRO--removed it via DOS so easy, but will it come back?

I got hit by the AVS PRO rogue yesterday and was freaking out as I couldn't open task manager, etc. (I am sure you are familiar with its irritating traits) and I removed it by doing this:
First,
When the large window trying to prompt you to purchase it came up, I right clicked and chose Properties. I wrote down the filename path (it started with kaka:// instead of http://)

Then I restarted my computer (bad probably but i had no choice at the time) and before the AVS PRO could start up I quickly right clicked on the task bar and got the task manager up. I found what I suspected was the process and stopped it.

Then I opened up Command Prompt. I found the folder called onugrl and the file called rfgsysguard.exe in my system32 subdirectory and deleted it. Then I rmdir the folder "onugrl" and rebooted. I also ran Malwarebytes' software and it removed the registry key. So far, so good, although I downloaded the new version of adobe after joining the forum and now the adobe downloader screen keeps popping up randomly so perhaps my troubles are not over? Seems like it all worked out too easily...please let me know if you know more about this malware, if its going to damage my computer if I do not do some of these more complicated fixes? Thank you I am very happy to have found this site and will tell everyone I know!!!
Betsy

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

ComboFix 09-12-02.01 - Betsy 12/02/2009 7:14.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.380 [GMT -5:00]
Running from: c:\documents and settings\Betsy\desktop\commy.exe
Command switches used :: /stepdel
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-783013601-2911902795-2016744192-1003
c:\recycler\S-1-5-21-783013601-2911902795-2016744192-1003\desktop.ini
c:\recycler\S-1-5-21-783013601-2911902795-2016744192-1003\INFO2

.
((((((((((((((((((((((((( Files Created from 2009-11-02 to 2009-12-02 )))))))))))))))))))))))))))))))
.

2009-12-02 01:54 . 2009-10-10 07:07 38208 ----a-w- c:\documents and settings\Betsy\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-02 01:54 . 2009-10-10 07:07 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-02 01:54 . 2009-12-02 01:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-02 01:53 . 2009-12-02 01:53 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-12-01 01:33 . 2009-12-01 01:33 -------- d-----w- c:\documents and settings\Betsy\Local Settings\Application Data\Cooliris
2009-12-01 01:33 . 2009-10-20 18:33 545280 ----a-w- c:\documents and settings\Betsy\Application Data\Mozilla\Firefox\Profiles\l0fhdo3q.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-12-01 01:33 . 2009-10-20 18:33 103424 ----a-w- c:\documents and settings\Betsy\Application Data\Mozilla\Firefox\Profiles\l0fhdo3q.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-12-01 01:33 . 2009-10-20 18:33 4716544 ----a-w- c:\documents and settings\Betsy\Application Data\Mozilla\Firefox\Profiles\l0fhdo3q.default\extensions\piclens@cooliris.com\components\cooliris.dll
2009-12-01 01:33 . 2009-10-20 18:33 344064 ----a-w- c:\documents and settings\Betsy\Application Data\Mozilla\Firefox\Profiles\l0fhdo3q.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-12-01 01:33 . 2009-10-20 18:33 153600 ----a-w- c:\documents and settings\Betsy\Application Data\Mozilla\Firefox\Profiles\l0fhdo3q.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-12-01 00:36 . 2009-12-01 00:36 -------- d-----w- c:\documents and settings\Kids\Application Data\Malwarebytes
2009-11-30 15:48 . 2009-11-30 20:33 -------- d-----w- c:\program files\Spyware Doctor
2009-11-30 15:33 . 2009-10-30 16:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-30 15:32 . 2009-11-09 16:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-30 15:32 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-30 15:32 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-30 15:32 . 2009-11-30 15:32 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-30 15:32 . 2009-11-30 15:32 -------- d-----w- c:\documents and settings\Betsy\Application Data\PC Tools
2009-11-30 15:32 . 2009-11-30 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-11-30 15:31 . 2009-11-30 20:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-30 14:44 . 2009-11-30 14:44 -------- d-----w- c:\documents and settings\Betsy\Application Data\Malwarebytes
2009-11-30 14:42 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-30 14:42 . 2009-11-30 14:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-30 14:42 . 2009-11-30 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-30 14:42 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-28 18:11 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-11-28 13:51 . 2009-12-02 04:08 0 ----a-w- c:\documents and settings\Betsy\Local Settings\Application Data\prvlcl.dat
2009-11-27 02:44 . 2009-11-24 22:38 1699384 ----a-w- c:\documents and settings\Kris\Application Data\PictureMover\EN-US\Presentation.dll
2009-11-27 02:44 . 2009-11-27 02:44 -------- d-----w- c:\documents and settings\Kris\Application Data\PictureMover
2009-11-27 02:44 . 2009-11-24 22:39 12160056 ----a-w- c:\documents and settings\Kris\Application Data\PictureMover\Bin\Core.dll
2009-11-24 22:38 . 2009-11-24 22:39 12160056 ----a-w- c:\documents and settings\All Users\Application Data\PictureMover\Bin\Core.dll
2009-11-24 22:38 . 2009-11-24 22:38 1249336 ----a-w- c:\documents and settings\All Users\Application Data\PictureMover\Bin\AgentScr.scr
2009-11-24 22:38 . 2009-11-24 22:38 1699384 ----a-w- c:\documents and settings\All Users\Application Data\PictureMover\EN-US\Presentation.dll
2009-11-17 01:01 . 2009-11-24 22:38 1699384 ----a-w- c:\documents and settings\Kids\Application Data\PictureMover\EN-US\Presentation.dll
2009-11-17 01:01 . 2009-11-24 22:39 12160056 ----a-w- c:\documents and settings\Kids\Application Data\PictureMover\Bin\Core.dll
2009-11-17 01:01 . 2009-11-17 01:01 -------- d-----w- c:\documents and settings\Kids\Application Data\PictureMover
2009-11-14 19:58 . 2009-11-14 19:58 152576 ----a-w- c:\documents and settings\Betsy\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-14 19:58 . 2009-11-14 19:58 79488 ----a-w- c:\documents and settings\Betsy\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-12 17:44 . 2009-11-12 17:44 3963648 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-11-12 17:44 . 2009-11-10 14:57 4026136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2009-11-12 17:44 . 2009-11-10 14:57 2016536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2009-11-12 17:44 . 2009-11-10 14:57 1257240 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2009-11-12 17:44 . 2009-11-12 17:44 497944 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2009-11-10 14:57 . 2009-11-10 14:57 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-11-02 23:56 . 2009-11-04 13:05 -------- d-----w- c:\documents and settings\Betsy\Application Data\skypePM
2009-11-02 23:54 . 2009-11-04 17:58 -------- d-----w- c:\documents and settings\Betsy\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-02 12:12 . 2009-08-22 00:07 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-02 01:55 . 2009-05-05 16:27 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-27 02:44 . 2009-08-23 01:26 60664 -c--a-w- c:\documents and settings\Kris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-24 22:39 . 2009-09-26 20:03 12160056 ----a-w- c:\documents and settings\Betsy\Application Data\PictureMover\Bin\Core.dll
2009-11-24 22:39 . 2008-08-13 13:11 51768 ----a-w- c:\documents and settings\All Users\Application Data\PictureMover\Bin\Proxy4WLPG.exe
2009-11-24 22:38 . 2009-09-26 20:03 1699384 ----a-w- c:\documents and settings\Betsy\Application Data\PictureMover\EN-US\Presentation.dll
2009-11-14 20:00 . 2009-09-05 14:53 -------- d-----w- c:\program files\Java
2009-11-14 13:10 . 2009-05-05 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-10 14:57 . 2009-08-23 18:31 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-02 23:56 . 2009-11-02 23:56 32 ----a-w- c:\documents and settings\All Users\Application Data\ezsid.dat
2009-10-29 22:48 . 2009-08-23 18:31 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-29 22:48 . 2009-08-23 18:31 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-29 22:47 . 2009-08-23 18:31 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-29 22:47 . 2009-10-29 22:47 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-10-29 22:47 . 2009-08-23 18:30 -------- d-----w- c:\program files\AVG
2009-10-21 14:21 . 2009-10-21 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-10-21 13:44 . 2009-10-21 13:44 -------- d-----w- c:\program files\MSN Messenger
2009-10-21 13:15 . 2009-08-21 22:56 60664 -c--a-w- c:\documents and settings\Betsy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-20 23:08 . 2009-05-05 16:33 -------- d-----w- c:\program files\Windows Live
2009-10-11 09:17 . 2009-09-05 14:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-03 21:38 . 2009-10-03 21:38 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-12 19:26 . 2009-09-12 19:26 127872 ----a-w- c:\documents and settings\Betsy\Application Data\Move Networks\uninstall.exe
2009-09-12 19:26 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\Betsy\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-09-11 14:18 . 2009-04-28 04:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-05 15:30 . 2009-09-05 15:30 152576 ----a-w- c:\documents and settings\Betsy\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-05 14:53 . 2009-09-05 14:53 152576 ----a-w- c:\documents and settings\Betsy\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-09-04 21:03 . 2009-04-28 04:51 58880 ----a-w- c:\windows\system32\msasn1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-05-08 395776]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-09-04 6856704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-12 2020120]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-04-27 17881088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-5-5 376832]
PictureMover.lnk - c:\program files\PictureMover\Bin\PictureMover.exe [2008-8-13 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-29 22:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/30/2009 10:32 AM 207792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/23/2009 1:31 PM 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/23/2009 1:31 PM 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [10/29/2009 5:47 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/29/2009 5:47 PM 285392]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [5/5/2009 11:39 AM 54752]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/27/2009 8:59 PM 38912]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [3/16/2009 4:27 PM 39040]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/5/2009 11:00 AM 1684736]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 9:48 PM 704864]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [5/5/2009 12:16 PM 232872]
.
Contents of the 'Scheduled Tasks' folder

2009-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: facebook.com
Trusted Zone: insidetherevolution.org\www
FF - ProfilePath - c:\documents and settings\Betsy\Application Data\Mozilla\Firefox\Profiles\l0fhdo3q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\Betsy\Application Data\Mozilla\Firefox\Profiles\l0fhdo3q.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Betsy\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Betsy\Application Data\Mozilla\Firefox\Profiles\l0fhdo3q.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-lyrcjkes - c:\documents and settings\Betsy\Local Settings\Application Data\onugrl\rgfwsysguard.exe
HKLM-Run-lyrcjkes - c:\documents and settings\Betsy\Local Settings\Application Data\onugrl\rgfwsysguard.exe
AddRemove-HijackThis - c:\documents and settings\Betsy\My Documents\Downloads\HijackThis.exe



**************************************************************************
scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-12-02 07:25
ComboFix-quarantined-files.txt 2009-12-02 12:24

Pre-Run: 139,921,080,320 bytes free
Post-Run: 139,963,908,096 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - E0125B0372F4B24A04AE8DBE17087EE0

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Thank you! I already had MalwareBytes installed from yesterday and I just reran the full scan, ZERO items infected so I think it is completely gone! I am going to look into the courses you posted about for learning how to fight Malware. I am very interested in this stuff!!

Please run Trend Micro Housecall online scan.

• Click Scan now.
  
• Read and put a Check next to Yes I accept the terms of use.
  
• Click the Launching HouseCall>> button.
  
• If confirmed that HouseCall can run on your system, under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
  
• You may receive a Security Warning about the TrendMicro Java applet, click YES.
  
• Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
  
• Please be patient while it installs, updates, and scans your system.
  
• Once the scan is complete, it will take you to the summary page.
  
• Under Cleanup options, choose clean all detected infections automatically.
  
• Click the Clean now>> button.
  
• If anything was found you may be prompted to run the scan again, you can just close the browser window.

When I downloaded it, I did not see the information contained in your steps. I clicked on Scan Now and it just started scanning...It found nothing infected, however I am wondering if I did not install it correctly? Seemed simple enough...let me know if I need to do something further. Thanks again!

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG Free 9.0
``````````````````````````````
Anti-malware/Other Utilities Check:
Spyware Doctor 7.0
HijackThis 2.0.2
Java(TM) 6 Update 17
Adobe Flash Player 10
Adobe Reader 9.2
``````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
AVG avgemc.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?