Antimalware Doctor

Hello,
I have the antimalware Doctor virus and am unsure of how to get rid of it, please help.
I have read the post you must read before posting and tried downloading the OTL, but it said the server page was forbidden...

Thanks,
Nathalie

Hi nathaliedaigle And Welcome to GP!

Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  
  
  • DDS.scr
    
  • DDS.pif
    
  
  
• Double click on the DDS icon, allow it to run.
  
• A small box will open, with an explanation about the tool.
  
• When done, DDS will open two (2) logs
  1. DDS.txt
  2. Attach.txt
  
• Save both reports to your desktop.
  
• The instructions here ask you to attach the Attach.txt.
  
  
  
• Instead of attaching, please copy/past both logs into your Thread
  
  
• Close the program window, and delete the program from your desktop.
  

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt

DDS (Ver_10-03-17.01) - NTFSx86
Run by Nathalie at 2:06:47.44 on 22/07/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3070.2010 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
C:\Windows\System32\rundll32.exe
C:\Users\Nathalie\AppData\Roaming\94B0849EACA12C0C5496B3566499000F\patchsetup70700.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Nathalie\Desktop\dds.scr
C:\Windows\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/?ref=hp
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Messenger Plus Live Toolbar: {9b339f6e-ddcd-401b-8764-230adbd01761} - c:\program files\messenger_plus_live\tbMess.dll
mURLSearchHooks: Messenger Plus Live Toolbar: {9b339f6e-ddcd-401b-8764-230adbd01761} - c:\program files\messenger_plus_live\tbMess.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Messenger Plus Live Toolbar: {9b339f6e-ddcd-401b-8764-230adbd01761} - c:\program files\messenger_plus_live\tbMess.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Messenger Plus Live Toolbar: {9b339f6e-ddcd-401b-8764-230adbd01761} - c:\program files\messenger_plus_live\tbMess.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Gestionnaire Antidote.exe] c:\program files\druide\antidote\Gestionnaire Antidote.exe
uRun: [Gcuzayerox] rundll32.exe "c:\users\nathalie\appdata\local\prvwbar.dll",Startup
uRun: [patchsetup70700.exe] c:\users\nathalie\appdata\roaming\94b0849eaca12c0c5496b3566499000f\patchsetup70700.exe
uRun: [Ofeneroqaxac] rundll32.exe "c:\users\nathalie\appdata\local\utovulad.dll",Startup
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [Gestionnaire Antidote.exe] c:\program files\druide\antidote\Gestionnaire Antidote.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-ca.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-ca.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-10 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-10 29584]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-10 243024]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\hp\quickplay\000.fcl [2008-6-18 41456]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca2d0924894d30;Google Update Service (gupdate1ca2d0924894d30);c:\program files\google\update\GoogleUpdate.exe [2009-9-3 133104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-07-22 09:02:31 284 ----a-w- C:\sqmnoopt00.sqm
2010-07-22 08:42:14 767952 ----a-w- c:\windows\BDTSupport.dll.old
2010-07-22 08:42:14 1652688 ----a-w- c:\windows\PCTBDCore.dll.old
2010-07-22 07:23:36 0 d-----w- c:\program files\Enigma Software Group
2010-07-22 07:21:57 0 d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
2010-07-22 07:21:55 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-07-22 07:07:53 0 d-----w- c:\program files\Spyware Doctor
2010-07-22 06:43:32 766464 ----a-w- c:\windows\system32\drivers\elpiy.sys
2010-07-22 06:41:32 0 d-----w- c:\users\nathalie\appdata\roaming\94B0849EACA12C0C5496B3566499000F
2010-07-15 18:46:46 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-09 09:12:33 0 d-----w- c:\programdata\Sun
2010-07-09 09:12:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-06-26 20:54:04 80896 ----a-w- c:\windows\system32\MSNP.ax
2010-06-26 20:54:04 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2010-06-26 20:54:00 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-06-26 20:53:58 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-06-26 20:53:58 217088 ----a-w- c:\windows\system32\psisrndr.ax
2010-06-25 10:00:48 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-25 10:00:48 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-25 10:00:48 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-25 10:00:48 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-25 10:00:48 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 21:35:14 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-23 21:35:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

==================== Find3M ====================

2010-07-22 09:04:38 67100 ----a-w- c:\users\nathalie\appdata\roaming\nvModes.dat
2010-07-15 18:46:47 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 18:46:04 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-09 09:08:31 725832 ----a-w- c:\windows\system32\perfh00C.dat
2010-07-09 09:08:31 150634 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-17 09:25:46 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-05-26 16:16:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25:15 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-04 18:42:57 833024 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 16:53:56 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 13:53:49 2036224 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 13:55:52 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-12 20:19:11 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-12 20:19:11 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-12 20:19:11 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-05-14 03:55:39 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-04-25 00:40:37 37390 ----a-w- c:\windows\inf\perflib\040c\perfd.dat
2008-04-25 00:40:37 37390 ----a-w- c:\windows\inf\perflib\040c\perfc.dat
2008-04-25 00:40:37 340236 ----a-w- c:\windows\inf\perflib\040c\perfi.dat
2008-04-25 00:40:37 340236 ----a-w- c:\windows\inf\perflib\040c\perfh.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 2:09:13.98 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 18/06/2008 6:41:57 AM
System Uptime: 22/07/2010 2:03:29 AM (0 hours ago)

Motherboard: Quanta | | 30DA
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-60 | Socket S1 | 2000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 221 GiB total, 73.979 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.171 GiB free.
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

32 Bit HP CIO Components Installer
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 8.1.0
Adobe Shockwave Player
Adobe Shockwave Player 11.5
Antidote RX v2
Antimalware Doctor
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
Big Fish Games: Game Manager
Bonjour
Broadcom 802.11 Wireless LAN Adapter
BufferChm
Cards_Calendar_OrderGift_DoMorePlugout
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Cooking Academy
Copy
CustomerResearchQFolder
CyberLink YouCam
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Disc2Phone
DivX Web Player
DJ_AIO_03_F4200_ProductContext
DJ_AIO_03_F4200_Software
DJ_AIO_03_F4200_Software_Min
DVD Suite
EA Link
eSupportQFolder
F4200
F4200_Help
Facebook Plug-In
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 10.0
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
HP Doc Viewer
HP Easy Setup - Frontend
HP Games
HP Help and Support
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Smart Web Printing
HP Solution Center 10.0
HP Total Care Advisor
HP Update
HP User Guides 0088
HP Wireless Assistant
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
iPod for Windows 2005-09-23
iTunes
Java Auto Updater
Java(TM) 6 Update 18
LabelPrint
Malwarebytes' Anti-Malware
MarketResearch
Messenger Plus! Live
Messenger_Plus_Live Toolbar
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
NetWaiting
NVIDIA Drivers
PhotoNow!
PhotoScape
Power2Go
PowerDirector
PSSWCORE
QuickPlay SlingPlayer 0.4.6
QuickTime
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Shop for HP Supplies
Skype web features
Skype™ 4.1
SmartWebPrintingOC
SolutionCenter
Status
Synaptics Pointing Device Driver
The Sims™ Life Stories
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoLAN VLC media player 0.8.6d
VideoToolkit01
WeatherBug Gadget
WebReg
Wheel of Fortune
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool

==== End Of File ===========================

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.
---------------------------------------------------------------------------------------------

1. Download ComboFix from below:
   
   Combofix download
   
   
   * IMPORTANT !!! Place combofix.exe on your Desktop
   
   
2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
   
   
   You can get help on disabling your protection programs here
   
   
3. Double click on combofix.exe & follow the prompts.
   
   
4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
   
   Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
   
   
   
   
   
   The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
   
   With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
   
   Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
   
   ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
   
   Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
   
   The Recovery Console was successfully installed.
   
   
   
   Click on Yes, to continue scanning for malware.
   
   
5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
   
   
6. When finished, it shall produce a log for you. Post that log in your next reply
   
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   
   ---------------------------------------------------------------------------------------------
   
   
7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
   
   ---------------------------------------------------------------------------------------------
   

ComboFix 10-07-21.02 - Nathalie 22/07/2010 11:43:40.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3070.1748 [GMT -7:00]
Running from: c:\users\Nathalie\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Nathalie\AppData\Local\{984EE554-C8DD-4487-B97F-F75E9D871374}
c:\users\Nathalie\AppData\Local\{984EE554-C8DD-4487-B97F-F75E9D871374}\chrome.manifest
c:\users\Nathalie\AppData\Local\{984EE554-C8DD-4487-B97F-F75E9D871374}\chrome\content\_cfg.js
c:\users\Nathalie\AppData\Local\{984EE554-C8DD-4487-B97F-F75E9D871374}\chrome\content\overlay.xul
c:\users\Nathalie\AppData\Local\{984EE554-C8DD-4487-B97F-F75E9D871374}\install.rdf
c:\users\Nathalie\AppData\Local\utovulad.dll
c:\users\Nathalie\AppData\Roaming\94B0849EACA12C0C5496B3566499000F
c:\users\Nathalie\AppData\Roaming\94B0849EACA12C0C5496B3566499000F\enemies-names.txt
c:\users\Nathalie\AppData\Roaming\94B0849EACA12C0C5496B3566499000F\local.ini
c:\users\Nathalie\AppData\Roaming\94B0849EACA12C0C5496B3566499000F\lsrslt.ini
c:\users\Nathalie\AppData\Roaming\94B0849EACA12C0C5496B3566499000F\patchsetup70700.exe

.
((((((((((((((((((((((((( Files Created from 2010-06-22 to 2010-07-22 )))))))))))))))))))))))))))))))
.

2010-07-22 18:56 . 2010-07-22 18:56 -------- d-----w- c:\users\Nathalie\AppData\Local\temp
2010-07-22 06:43 . 2010-07-22 18:35 120 ----a-w- c:\users\Nathalie\AppData\Local\Pwimixor.dat
2010-07-22 06:43 . 2010-07-22 08:36 0 ----a-w- c:\users\Nathalie\AppData\Local\Nzuwatodejex.bin
2010-07-20 20:37 . 2010-07-20 20:37 4368224 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-07-20 20:37 . 2010-07-20 20:37 1615200 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-07-20 20:37 . 2010-07-20 20:37 1373536 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll
2010-07-20 20:37 . 2010-07-20 20:37 1107296 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll
2010-07-15 18:47 . 2010-07-15 18:47 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-07-15 18:47 . 2010-07-15 18:47 216200 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-07-15 18:46 . 2010-07-15 18:46 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 18:45 . 2010-07-15 18:45 813336 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-07-15 18:45 . 2010-07-15 18:45 624920 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-07-15 18:45 . 2010-07-15 18:45 1690464 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-07-15 18:45 . 2010-07-15 18:45 1038688 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-07-09 09:12 . 2010-07-09 09:12 -------- d-----w- c:\program files\Common Files\Java
2010-07-09 09:12 . 2010-07-09 09:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-06-26 20:54 . 2010-04-14 17:47 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-06-26 20:53 . 2010-04-14 17:46 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-06-25 10:00 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-25 10:00 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-25 10:00 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-25 10:00 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-25 10:00 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 21:35 . 2010-04-16 16:05 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 21:35 . 2010-04-16 14:17 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 18:57 . 2010-07-22 06:43 766464 ----a-w- c:\windows\system32\drivers\elpiy.sys
2010-07-22 09:04 . 2008-08-08 21:53 67100 ----a-w- c:\users\Nathalie\AppData\Roaming\nvModes.dat
2010-07-22 09:04 . 2008-08-07 04:31 109200 ----a-w- c:\users\Nathalie\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-22 09:03 . 2010-07-22 07:07 -------- d-----w- c:\program files\Spyware Doctor
2010-07-22 07:23 . 2010-07-22 07:23 -------- d-----w- c:\program files\Enigma Software Group
2010-07-22 07:21 . 2010-07-22 07:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-22 07:21 . 2008-12-16 10:20 -------- d-----w- c:\program files\LimeWire
2010-07-22 07:21 . 2009-07-10 08:03 -------- d-----w- c:\program files\BitLord
2010-07-15 18:46 . 2010-01-11 06:24 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 18:46 . 2010-01-11 06:24 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-14 21:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-14 08:24 . 2009-05-04 03:16 -------- d-----w- c:\users\Nathalie\AppData\Roaming\dvdcss
2010-07-09 09:12 . 2008-04-25 03:08 -------- d-----w- c:\program files\Java
2010-07-09 09:08 . 2008-04-25 00:41 725832 ----a-w- c:\windows\system32\perfh00C.dat
2010-07-09 09:08 . 2008-04-25 00:41 150634 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-25 10:03 . 2008-08-07 04:22 -------- d-----w- c:\program files\Microsoft.NET
2010-06-17 09:25 . 2010-06-17 09:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-06-10 20:07 . 2009-04-27 04:49 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-10 10:18 . 2008-08-07 04:21 -------- d-----w- c:\programdata\Microsoft Help
2010-06-08 23:13 . 2010-06-08 23:13 -------- d-----w- c:\users\Guest\AppData\Roaming\Malwarebytes
2010-06-08 23:13 . 2010-06-08 23:13 -------- d-----w- c:\users\Guest\AppData\Roaming\Apple Computer
2010-06-08 23:13 . 2010-06-08 23:13 109200 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-04 08:15 . 2010-06-04 07:40 -------- d-----w- c:\program files\Cooking Academy
2010-06-04 07:38 . 2010-06-04 07:38 -------- d-----w- c:\program files\bfgclient
2010-06-03 22:19 . 2008-06-18 14:02 -------- d-----w- c:\program files\HP Games
2010-06-03 09:27 . 2008-06-18 14:01 -------- d-----w- c:\programdata\WildTangent
2010-06-03 09:25 . 2010-06-03 09:25 -------- d-----w- c:\programdata\Fugazo
2010-06-02 21:34 . 2010-01-11 06:24 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-30 10:30 . 2010-05-30 10:30 -------- d-----w- c:\users\Nathalie\AppData\Roaming\Ludia
2010-05-30 10:30 . 2010-05-30 10:30 -------- d-----w- c:\programdata\Ludia
2010-05-30 02:10 . 2010-05-30 02:10 -------- d-----w- c:\users\Nathalie\AppData\Roaming\funkitron
2010-05-30 02:09 . 2008-10-04 02:20 2523560 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\en\Installers\SetupGamesClient.exe
2010-05-26 16:16 . 2010-06-10 09:34 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-10 09:34 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-04 18:42 . 2010-06-10 09:34 833024 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37 . 2010-06-10 09:34 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 16:53 . 2010-06-10 09:34 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 13:53 . 2010-06-10 09:33 2036224 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\program files\Messenger_Plus_Live\tbMess.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9b339f6e-ddcd-401b-8764-230adbd01761}]
2009-12-31 19:53 2349080 ----a-w- c:\program files\Messenger_Plus_Live\tbMess.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\program files\Messenger_Plus_Live\tbMess.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9B339F6E-DDCD-401B-8764-230ADBD01761}"= "c:\program files\Messenger_Plus_Live\tbMess.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Gestionnaire Antidote.exe"="c:\program files\Druide\Antidote\Gestionnaire Antidote.exe" [2006-09-11 439992]
"Gcuzayerox"="c:\users\Nathalie\AppData\Local\prvwbar.dll" [2008-01-21 72192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-08 1394000]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Gestionnaire Antidote.exe"="c:\program files\Druide\Antidote\Gestionnaire Antidote.exe" [2006-09-11 439992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-10-01 23:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 08:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 23:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-20 02:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-08-17 06:13 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca2d0924894d30;Google Update Service (gupdate1ca2d0924894d30);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-04 133104]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-05-28 721904]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-15 216400]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-15 243024]
S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [2007-12-20 41456]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]


--- Other Services/Drivers In Memory ---

*Deregistered* - elpiy

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-04 02:40]

2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-04 02:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/?ref=hp
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-patchsetup70700.exe - c:\users\Nathalie\AppData\Roaming\94B0849EACA12C0C5496B3566499000F\patchsetup70700.exe
HKCU-Run-Ofeneroqaxac - c:\users\Nathalie\AppData\Local\utovulad.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-22 11:56
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\elpiy]

.
Completion time: 2010-07-22 12:00:25
ComboFix-quarantined-files.txt 2010-07-22 19:00
ComboFix2.txt 2010-01-11 03:42
ComboFix3.txt 2010-01-11 02:02

Pre-Run: 80,638,996,480 bytes free
Post-Run: 80,637,640,704 bytes free

- - End Of File - - A7C52A6302A8D832B9DD536E555FCB3E

I see you ran ComboFix before. I hope it was with a helper:

http://www.bleepingcomputer.com/forums/topic273628.html


Run CFScript

• Close any open browsers.
  
• Open Notepad by click start
  
• Click Run
  
• Type notepad into the box and click enter
  
• Notepad will open
  
• Copy and Paste everything from the Code box into Notepad:
  

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.







This will start ComboFix again. It may ask to reboot. This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt and MBAM report in your next reply.


Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Next

Update Run Malwarebytes

• Launch Malwarebytes' Anti-Malware
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Yes, when I ran combofix before, it was with you guys, over a year ago I believe.

Great. I received two to three emails a month asking me why and how combofix messed up their PC. OK, when you can post the logs and with a update on how your PC is doing?

about to run MBAM right now, but here's the combofix results.

ComboFix 10-07-21.02 - Nathalie 22/07/2010 13:44:05.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3070.1785 [GMT -7:00]
Running from: c:\users\Nathalie\Desktop\ComboFix.exe
Command switches used :: c:\users\Nathalie\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\LimeWire
c:\program files\LimeWire\aopalliance.jar.tmp
c:\program files\LimeWire\clink.jar.tmp
c:\program files\LimeWire\commons-codec-1.3.jar.tmp
c:\program files\LimeWire\commons-logging.jar.tmp
c:\program files\LimeWire\commons-net.jar.tmp
c:\program files\LimeWire\daap.jar.tmp
c:\program files\LimeWire\dnsjava.jar.tmp
c:\program files\LimeWire\forms.jar.tmp
c:\program files\LimeWire\foxtrot.jar.tmp
c:\program files\LimeWire\gettext-commons.jar.tmp
c:\program files\LimeWire\guice-1.0.jar.tmp
c:\program files\LimeWire\hsqldb.jar.tmp
c:\program files\LimeWire\httpclient-4.0-alpha5-20080522.192134-5.jar.tmp
c:\program files\LimeWire\httpcore-4.0-beta2-20080510.140437-10.jar.tmp
c:\program files\LimeWire\httpcore-nio-4.0-beta2-20080510.140437-10.jar.tmp
c:\program files\LimeWire\icu4j.jar.tmp
c:\program files\LimeWire\jaudiotagger.jar.tmp
c:\program files\LimeWire\jcraft.jar.tmp
c:\program files\LimeWire\jdic.jar.tmp
c:\program files\LimeWire\jdic_stub.jar.tmp
c:\program files\LimeWire\jflac.jar.tmp
c:\program files\LimeWire\jl.jar.tmp
c:\program files\LimeWire\jmdns.jar.tmp
c:\program files\LimeWire\jogg.jar.tmp
c:\program files\LimeWire\jorbis.jar.tmp
c:\program files\LimeWire\log4j.jar.tmp
c:\program files\LimeWire\looks.jar.tmp
c:\program files\LimeWire\messages.jar.tmp
c:\program files\LimeWire\mp3spi.jar.tmp
c:\program files\LimeWire\onion-common.jar.tmp
c:\program files\LimeWire\onion-fec.jar.tmp
c:\program files\LimeWire\ProgressTabs.jar.tmp
c:\program files\LimeWire\swt.jar.tmp
c:\program files\LimeWire\themes.jar.tmp
c:\program files\LimeWire\toolbarResult
c:\program files\LimeWire\tritonus.jar.tmp
c:\program files\LimeWire\vorbisspi.jar.tmp

.
((((((((((((((((((((((((( Files Created from 2010-06-22 to 2010-07-22 )))))))))))))))))))))))))))))))
.

2010-07-22 20:49 . 2010-07-22 20:57 -------- d-----w- c:\users\Nathalie\AppData\Local\temp
2010-07-22 20:49 . 2010-07-22 20:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-22 20:49 . 2010-07-22 20:49 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-07-22 20:49 . 2010-07-22 20:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-22 08:49 . 2010-07-22 08:49 -------- d-----w- c:\users\Nathalie\AppData\Local\Threat Expert
2010-07-22 07:23 . 2010-07-22 07:23 -------- d-----w- c:\program files\Enigma Software Group
2010-07-22 07:21 . 2010-07-22 07:38 -------- d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
2010-07-22 07:21 . 2010-07-22 07:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-22 07:07 . 2010-07-22 09:03 -------- d-----w- c:\program files\Spyware Doctor
2010-07-22 06:43 . 2010-07-22 20:57 766464 ----a-w- c:\windows\system32\drivers\elpiy.sys
2010-07-22 06:43 . 2010-07-22 18:35 120 ----a-w- c:\users\Nathalie\AppData\Local\Pwimixor.dat
2010-07-22 06:43 . 2010-07-22 08:36 0 ----a-w- c:\users\Nathalie\AppData\Local\Nzuwatodejex.bin
2010-07-15 18:46 . 2010-07-15 18:46 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-09 09:12 . 2010-07-09 09:12 -------- d-----w- c:\program files\Common Files\Java
2010-07-09 09:12 . 2010-07-09 09:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-06-26 20:54 . 2010-04-14 17:47 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-06-26 20:53 . 2010-04-14 17:46 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-06-25 10:00 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-25 10:00 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-25 10:00 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-25 10:00 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-25 10:00 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 21:35 . 2010-04-16 16:05 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 21:35 . 2010-04-16 14:17 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 09:04 . 2008-08-08 21:53 67100 ----a-w- c:\users\Nathalie\AppData\Roaming\nvModes.dat
2010-07-22 09:04 . 2008-08-07 04:31 109200 ----a-w- c:\users\Nathalie\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-22 07:21 . 2009-07-10 08:03 -------- d-----w- c:\program files\BitLord
2010-07-15 18:46 . 2010-01-11 06:24 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 18:46 . 2010-01-11 06:24 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-14 21:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-14 08:24 . 2009-05-04 03:16 -------- d-----w- c:\users\Nathalie\AppData\Roaming\dvdcss
2010-07-09 09:12 . 2008-04-25 03:08 -------- d-----w- c:\program files\Java
2010-07-09 09:08 . 2008-04-25 00:41 725832 ----a-w- c:\windows\system32\perfh00C.dat
2010-07-09 09:08 . 2008-04-25 00:41 150634 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-25 10:03 . 2008-08-07 04:22 -------- d-----w- c:\program files\Microsoft.NET
2010-06-17 09:25 . 2010-06-17 09:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-06-10 20:07 . 2009-04-27 04:49 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-10 10:18 . 2008-08-07 04:21 -------- d-----w- c:\programdata\Microsoft Help
2010-06-08 23:13 . 2010-06-08 23:13 -------- d-----w- c:\users\Guest\AppData\Roaming\Malwarebytes
2010-06-08 23:13 . 2010-06-08 23:13 -------- d-----w- c:\users\Guest\AppData\Roaming\Apple Computer
2010-06-08 23:13 . 2010-06-08 23:13 109200 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-04 08:15 . 2010-06-04 07:40 -------- d-----w- c:\program files\Cooking Academy
2010-06-04 07:38 . 2010-06-04 07:38 -------- d-----w- c:\program files\bfgclient
2010-06-03 22:19 . 2008-06-18 14:02 -------- d-----w- c:\program files\HP Games
2010-06-03 09:27 . 2008-06-18 14:01 -------- d-----w- c:\programdata\WildTangent
2010-06-03 09:25 . 2010-06-03 09:25 -------- d-----w- c:\programdata\Fugazo
2010-06-02 21:34 . 2010-01-11 06:24 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-30 10:30 . 2010-05-30 10:30 -------- d-----w- c:\users\Nathalie\AppData\Roaming\Ludia
2010-05-30 10:30 . 2010-05-30 10:30 -------- d-----w- c:\programdata\Ludia
2010-05-30 02:10 . 2010-05-30 02:10 -------- d-----w- c:\users\Nathalie\AppData\Roaming\funkitron
2010-05-26 16:16 . 2010-06-10 09:34 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-10 09:34 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-04 18:42 . 2010-06-10 09:34 833024 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37 . 2010-06-10 09:34 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 16:53 . 2010-06-10 09:34 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 13:53 . 2010-06-10 09:33 2036224 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\program files\Messenger_Plus_Live\tbMess.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9b339f6e-ddcd-401b-8764-230adbd01761}]
2009-12-31 19:53 2349080 ----a-w- c:\program files\Messenger_Plus_Live\tbMess.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\program files\Messenger_Plus_Live\tbMess.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9B339F6E-DDCD-401B-8764-230ADBD01761}"= "c:\program files\Messenger_Plus_Live\tbMess.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Gestionnaire Antidote.exe"="c:\program files\Druide\Antidote\Gestionnaire Antidote.exe" [2006-09-11 439992]
"Gcuzayerox"="c:\users\Nathalie\AppData\Local\prvwbar.dll" [2008-01-21 72192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-08 1394000]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Gestionnaire Antidote.exe"="c:\program files\Druide\Antidote\Gestionnaire Antidote.exe" [2006-09-11 439992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 23:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-08-17 06:13 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca2d0924894d30;Google Update Service (gupdate1ca2d0924894d30);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-04 133104]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-05-28 721904]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-15 216400]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-15 243024]
S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [2007-12-20 41456]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]


--- Other Services/Drivers In Memory ---

*Deregistered* - elpiy

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-04 02:40]

2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-04 02:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/?ref=hp
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\elpiy]

.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3728)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\system32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-07-22 14:07:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-22 21:07
ComboFix2.txt 2010-07-22 19:00
ComboFix3.txt 2010-01-11 03:42
ComboFix4.txt 2010-01-11 02:02

Pre-Run: 79,597,232,128 bytes free
Post-Run: 79,804,026,880 bytes free

- - End Of File - - BA8E1AC00BB482186072187EB63546D8

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

22/07/2010 2:20:22 PM
mbam-log-2010-07-22 (14-20-22).txt

Scan type: Quick Scan
Objects scanned: 110779
Time elapsed: 6 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gcuzayerox (Trojan.Agent.U) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Nathalie\AppData\Local\prvwbar.dll (Trojan.Agent.U) -> Quarantined and deleted successfully.

Yep, I was hoping Malwarebytes would remove those two entries in your ComboFix log.

Smile we are getting closer. Good job you done there!


ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

• Please go here then click on:
  
• Select the option YES, I accept the Terms of Use then click on:
  
• When prompted allow the Add-On/Active X to install.
  
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  
• Now click on Advanced Settings and select the following:
  

• Scan for potentially unwanted applications
  
• Scan for potentially unsafe applications
  
• Enable Anti-Stealth Technology
  


• Now click on:
  
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  
• When completed the Online Scan will begin automatically.
  
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  
• Now click on:
  
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  
• Copy and paste that log as a reply to this topic.
  

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Next



Download Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

In your next reply, please include these log(s):

EsetOnlineScanner\log.txt
checkup.txt

Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.

Thanks for all your help thus far Kenny94!
Just an update, so you dont think i bailed or anything....
It's taking a long time to do the scan, I am now at work, but it should be done when I get home, so i'll finish the steps and post the logs then!

Take your time.....

There was no log file that came up after the eset online test... there was just a list of the threats found, which you would convert into a file. here's what I got,

C:\Qoobox\Quarantine\C\Users\Nathalie\AppData\Local\utovulad.dll.vir a variant of Win32/Cimag.CK trojan
C:\Qoobox\Quarantine\C\Users\Nathalie\AppData\Roaming\94B0849EACA12C0C5496B3566499000F\patchsetup70700.exe.vir a variant of Win32/Kryptik.FOE trojan
C:\Qoobox\Quarantine\C\Windows\System32\H8SRTmrdeardaui.dll.vir a variant of Win32/Kryptik.BLL trojan
C:\Qoobox\Quarantine\C\Windows\System32\H8SRTrhfvuvkxua.dll.vir a variant of Win32/Kryptik.BLL trojan
C:\Qoobox\Quarantine\C\Windows\System32\H8SRTwrpdqfjyvr.dll.vir a variant of Win32/Kryptik.BLL trojan
C:\Qoobox\Quarantine\C\Windows\System32\H8SRTwucrwpuiwj.dll.vir a variant of Win32/Kryptik.BLL trojan
C:\Qoobox\Quarantine\C\Windows\System32\drivers\H8SRTmdrmprweog.sys.vir a variant of Win32/Rootkit.Kryptik.AZ trojan
C:\SWSetup\AOLIMS\setup.exe probably a variant of Win32/Agent trojan
C:\Users\Nathalie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\473ab10e-677155fb multiple threats
C:\Users\Nathalie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\1318a250-71d5a501 multiple threats
C:\Users\Nathalie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\70fd5b14-5b3a3efa multiple threats
C:\Users\Nathalie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7473c19d-3b62bbf5 multiple threats
C:\Users\Nathalie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\335f74a4-21f9af63 multiple threats
C:\Users\Nathalie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\5a01ec73-634926c4 multiple threats
C:\Users\Nathalie\Documents\LimeWire\Saved\16 Frames - Everything Around Me.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\Nathalie\Documents\LimeWire\Saved\David Ford - Songs For The Road C.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\Nathalie\Documents\LimeWire\Saved\DJ Micro - MVP - Make me feel (Shake & Break Mix).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\Nathalie\Documents\LimeWire\Saved\jeremy ashida - best track ever.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\Nathalie\Documents\LimeWire\Saved\kate voegele- a fine mess.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\Nathalie\Documents\LimeWire\Saved\Led Zeppelin - Sick Again.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\Nathalie\Documents\LimeWire\Saved\shinning star dj cammy.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\Nathalie\Documents\LimeWire\Saved\stereos - summer girl.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\Nathalie\Documents\LimeWire\Saved\tentativa 16th avenue.wma probably a variant of Win32/Agent trojan
C:\Users\Nathalie\Documents\LimeWire\Saved\Will Hoge - Baby Girl.wma WMA/TrojanDownloader.Wimad.NAA trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LY3GA1K5\1[1].pdf PDF/Exploit.Gen trojan

Results of screen317's Security Check version 0.99.4
Windows Vista Service Pack 1 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG Free 9.0
WMI entry may not exist for antivirus; attempting automatic update.
AVG9 successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 18
Out of date Java installed!
Adobe Flash Player 10.0.12.36
Adobe Reader 8.1.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
````````````````````````````````
DNS Vulnerability Check:

``````````End of Log````````````

Please download the OTM by OldTimer.

• Save it to your desktop.
  
• Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  Code:

  :Processes

:Services

:Reg

:Files
C:\Users\Nathalie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\473ab10e-677155fb
C:\Users\Nathalie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\70fd5b14-5b3a3efa
C:\Users\Nathalie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7473c19d-3b62bbf5
C:\Users\Nathalie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\335f74a4-21f9af63
C:\Users\Nathalie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\5a01ec73-634926c4
C:\Users\Nathalie\Documents\LimeWire\Saved\16 Frames - Everything Around Me.mp3
C:\Users\Nathalie\Documents\LimeWire\Saved\David Ford - Songs For The Road C.wma
C:\Users\Nathalie\Documents\LimeWire\Saved\DJ Micro - MVP - Make me feel (Shake & Break Mix).mp3
C:\Users\Nathalie\Documents\LimeWire\Saved\jeremy ashida - best track ever.mp3
C:\Users\Nathalie\Documents\LimeWire\Saved\kate voegele- a fine mess.mp3
C:\Users\Nathalie\Documents\LimeWire\Saved\Led Zeppelin - Sick Again.mp3
C:\Users\Nathalie\Documents\LimeWire\Saved\shinning star dj cammy.mp3
C:\Users\Nathalie\Documents\LimeWire\Saved\stereos - summer girl.mp3
C:\Users\Nathalie\Documents\LimeWire\Saved\tentativa 16th avenue.wma
C:\Users\Nathalie\Documents\LimeWire\Saved\Will Hoge - Baby Girl.wma

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]
  
  
• Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste.
  
• Click the red Moveit! button.
  
• A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  
• Close OTM
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File/Folder C:\Users\Nathalie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\473ab10e-677155fb not found.
File/Folder C:\Users\Nathalie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\70fd5b14-5b3a3efa not found.
File/Folder C:\Users\Nathalie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7473c19d-3b62bbf5 not found.
File/Folder C:\Users\Nathalie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\335f74a4-21f9af63 not found.
File/Folder C:\Users\Nathalie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\5a01ec73-634926c4 not found.
File/Folder C:\Users\Nathalie\Documents\LimeWire\Saved\16 Frames - Everything Around Me.mp3 not found.
File/Folder C:\Users\Nathalie\Documents\LimeWire\Saved\David Ford - Songs For The Road C.wma not found.
File/Folder C:\Users\Nathalie\Documents\LimeWire\Saved\DJ Micro - MVP - Make me feel (Shake & Break Mix).mp3 not found.
File/Folder C:\Users\Nathalie\Documents\LimeWire\Saved\jeremy ashida - best track ever.mp3 not found.
File/Folder C:\Users\Nathalie\Documents\LimeWire\Saved\kate voegele- a fine mess.mp3 not found.
File/Folder C:\Users\Nathalie\Documents\LimeWire\Saved\Led Zeppelin - Sick Again.mp3 not found.
File/Folder C:\Users\Nathalie\Documents\LimeWire\Saved\shinning star dj cammy.mp3 not found.
File/Folder C:\Users\Nathalie\Documents\LimeWire\Saved\stereos - summer girl.mp3 not found.
File/Folder C:\Users\Nathalie\Documents\LimeWire\Saved\tentativa 16th avenue.wma not found.
File/Folder C:\Users\Nathalie\Documents\LimeWire\Saved\Will Hoge - Baby Girl.wma not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nathalie
->Temp folder emptied: 370968 bytes
->Temporary Internet Files folder emptied: 1513319091 bytes
->Java cache emptied: 2864876 bytes
->FireFox cache emptied: 41555264 bytes
->Google Chrome cache emptied: 27166101 bytes
->Flash cache emptied: 1826154 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1222979 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64988 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 52524592 bytes
RecycleBin emptied: 2912 bytes

Total Files Cleaned = 1,565.00 mb

Restore point Set: OTM Restore Point

OTM by OldTimer - Version 3.1.15.0 log created on 07232010_030522

Files moved on Reboot...
C:\Users\Nathalie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZRSF0SHL\antimalware-doctor-t22835-15[1].htm moved successfully.
C:\Users\Nathalie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
C:\Users\Nathalie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

Odd. OTM did not find these.


Then look for the following Java folders and if found delete them

C:\Program Files\Java
C:\Program Files\Common Files\Java
C:\Documents and Settings\All Users\Application Data\Java
C:\Documents and Settings\All Users\Application Data\Sun\Java
C:\Documents and Settings\username\Application Data\Java
C:\Documents and Settings\username\Application Data\Sun\Java

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete LimeWireFolders

C:\Users\Nathalie\Documents\LimeWire



Next

There are some older versions of Java on your computer. These can be a source of infection.

[
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
  
• Scroll down to where it says Java SE Runtime Environment (JRE) - JRE 6 Update 21 -
  
• Click the Download button to the right.
  
• Select the Windows platform from the dropdown menu.
  
• Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6u16 with JavaFX 1 License Agreement. Click on Continue.The page will refresh.
  
• Click on the link to download Windows Offline Installation and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u121 -windows-i586-p.exe to install the newest version.
  

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  
  
  • On the General tab, under Temporary Internet Files, click the Settings button.
    
  • Next, click on the Delete Files button
    
  • There are two options in the window to clear the cache - Leave BOTH Checked
    Applications and Applets
    Trace and Log Files
    
    
    
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    
  • Click OK to leave the Temporary Files Window
    
  • Click OK to leave the Java Control Panel.
    
  
  

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml
When all is well, you should see Java Version: 1.6.0_21 from Sun Microsystems Inc.

And let me know how this went?

it wont let me delete the java folders... even as an administrator it says "you need permission to perform this action"...

The Java folders are fine. I like to tidy things up. Did you remove the other files and update Java?

yes i removed the other files, and the updated java is now installed!

Your Computer is Clean


Be sure to use Secunia software inspector & update checker.

Some final items:


Follow these steps to uninstall Combofix and tools used in the removal of malware

• Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  
• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the x and /)
  
  
• Please follow the prompts to uninstall Combofix.
  
• You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
  

This will uninstall Combofix and anything assoicated with it.

Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

• Make your Internet Explorer more secure - This can be done by following these simple instructions:
  
• From within Internet Explorer click on the Tools menu and then click on Options.
  
• Click once on the Security tab
  
• Click once on the Internet icon so it becomes highlighted.
  
• Click once on the Custom Level button.
  
• Change the Download signed ActiveX controls to Prompt
  
• Change the Download unsigned ActiveX controls to Disable
  
• Change the Initialize and script ActiveX controls not marked as safe to Disable
  
• Change the Installation of desktop items to Prompt
  
• Change the Launching programs and files in an IFRAME to Prompt
  
• Change the Navigate sub-frames across different domains to Prompt
  
• When all these settings have been made, click on the OK button
  
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
  
• Next press the Apply button and then the OK to exit the Internet Properties page.
  

Additional Security Measures


Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

Secunia software inspector & update checker

Visit My Blog for Malware and Spyware Tips

Thank you very much Kenny, you were a great help!

Your Welcome.....