Antivirus system pro cleanup left Internet explorer broke

Found your website extremely helpful so far. Malwarebytes seems to have taken care of Antivirus system pro. However, Internet explorer cannot connect to Internet. In the process of doing this, I loaded Firefox on and it working fine.

Can you help?
Thanks!

It may not be gone. Please transfer this download from another computer to the infected one.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Error - Win32 Only.
Incompatible OS. ComboFix only works for workstations with Windows 100 and XP

Next?

Please download the Kaspersky AVP Tool from Kaspersky-labs.com.

• Save it to your desktop.
  
• Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).
  
• Double click the setup file to run it.
  
• Click Next to continue.
  
• It will by default install it to your desktop folder.Click Next.
  
• Hit ok at the prompt for scanning in Safe Mode.
  
• It will then open a box There will be a tab that says Automatic scan.
  
• Under Automatic scan make sure these are checked:
  
  
  • System Memory
    
  • Startup Objects
    
  • Disk Boot Sectors.
    
  • My Computer.
    
  • Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

• Then click on Scan at the to right hand Corner.
  
• It will automatically Neutralize any objects found.
  
• If some objects are left un-neutralized then click the button that says Neutralize all
  
• If it says it cannot be Neutralized then chooose The delete option when prompted.
  
• After that is done click on the reports button at the bottom and save it to file name it Kas.
  
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

still finding things do not work with explorer

11/26/2009 9:33:43 AM Task started
11/26/2009 9:37:44 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe
11/26/2009 9:37:44 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe Postponed
11/26/2009 9:38:04 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe
11/26/2009 9:38:04 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe Postponed
11/26/2009 9:39:43 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\AppData\Local\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe
11/26/2009 9:39:43 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\AppData\Local\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe Postponed
11/26/2009 9:40:03 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\AppData\Local\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe
11/26/2009 9:40:03 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\AppData\Local\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe Postponed
11/26/2009 9:45:08 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe
11/26/2009 9:45:08 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe Postponed
11/26/2009 9:45:17 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe
11/26/2009 9:45:17 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe Postponed
11/26/2009 9:45:55 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\Local Settings\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe
11/26/2009 9:45:55 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\Local Settings\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe Postponed
11/26/2009 9:46:04 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\Local Settings\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe
11/26/2009 9:46:04 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\Local Settings\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe Postponed
11/26/2009 9:57:39 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe
11/26/2009 9:57:39 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe Postponed
11/26/2009 9:57:47 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe
11/26/2009 9:57:47 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe Postponed
11/26/2009 9:58:26 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\AppData\Local\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe
11/26/2009 9:58:26 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\AppData\Local\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe Postponed
11/26/2009 9:58:35 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\AppData\Local\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe
11/26/2009 9:58:35 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\AppData\Local\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe Postponed
11/26/2009 10:01:29 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe
11/26/2009 10:01:29 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe Postponed
11/26/2009 10:01:37 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe
11/26/2009 10:01:37 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe Postponed
11/26/2009 10:02:15 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\Local Settings\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe
11/26/2009 10:02:15 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\Local Settings\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe Postponed
11/26/2009 10:02:24 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\Local Settings\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe
11/26/2009 10:02:24 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\Local Settings\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe Postponed
11/26/2009 10:31:28 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe
11/26/2009 10:31:28 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe Postponed
11/26/2009 10:31:36 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe
11/26/2009 10:31:36 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe Postponed
11/26/2009 10:32:15 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\AppData\Local\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe
11/26/2009 10:32:15 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\AppData\Local\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe Postponed
11/26/2009 10:32:24 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\AppData\Local\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe
11/26/2009 10:32:24 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\AppData\Local\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe Postponed
11/26/2009 10:35:18 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe
11/26/2009 10:35:18 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe Postponed
11/26/2009 10:35:27 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe
11/26/2009 10:35:27 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe Postponed
11/26/2009 10:36:05 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\Local Settings\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe
11/26/2009 10:36:05 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\Local Settings\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe Postponed
11/26/2009 10:36:14 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\Local Settings\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe
11/26/2009 10:36:14 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\Local Settings\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe Postponed
11/26/2009 10:45:53 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe
11/26/2009 10:45:53 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe Postponed
11/26/2009 10:46:01 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe
11/26/2009 10:46:01 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe Postponed
11/26/2009 10:46:39 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\AppData\Local\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe
11/26/2009 10:46:39 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\AppData\Local\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe Postponed
11/26/2009 10:46:47 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\AppData\Local\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe
11/26/2009 10:46:47 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\AppData\Local\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe Postponed
11/26/2009 10:49:42 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe
11/26/2009 10:49:42 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe Postponed
11/26/2009 10:49:51 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe
11/26/2009 10:49:51 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe Postponed
11/26/2009 10:50:28 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\Local Settings\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe
11/26/2009 10:50:28 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\Local Settings\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe Postponed
11/26/2009 10:50:37 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\Local Settings\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe
11/26/2009 10:50:37 AM Untreated: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Users\jholt10\Local Settings\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe Postponed
11/26/2009 11:15:10 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe
11/26/2009 11:23:06 AM Deleted: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1GZLF5W0\movie[1].exe
11/26/2009 11:23:06 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe
11/26/2009 11:41:03 AM Deleted: not-a-virus:FraudTool.Win32.WinSpywareProtect.bhx C:\Documents and Settings\jholt10\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95OH0RM\movie[1].exe
11/26/2009 11:41:03 AM Task completed

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

you understand I ran this first to remove antivirus system pro.
will do it again.

Ok. Well, post a log, please...and I will be able to see the progress.

So it still gives a 732 error, but I ran this before to get rid of antivirus system pro initially. At least it got me to where I can look at internet.

Please open Command Prompt (Start > Run -- Enter CMD and press OK)

enter the following, in order:

cd c:\Program Files\Malwarebytes' Anti-Malware
mbam.exe /runupdate
mbam.exe /quickscanterminate


Then, allow it to run. It should display a log. If it does not, please open Malwarebytes and retrieve it, via the logs tab. It should be at the top of the list. Post the log back here. Then, please reboot your computer.

seem to update that way, thx
runs clean, deep or quick version

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 6.0.6002 Service Pack 2

11/27/2009 8:33:27 AM
mbam-log-2009-11-27 (08-33-27).txt

Scan type: Quick Scan
Objects scanned: 82154
Time elapsed: 2 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I went and reset IE defaults and it seems to be back.
Thanks, so much.

Ok. Now let us make sure your browser is not hijacked, and your computer is doing well.

Please download: HijackThis to your Desktop.

• Double Click the HijackThis icon, located on your Desktop.
  
• By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
  It will also create a shortcut on your Desktop.
  
• Accept the license agreement.
  
• Click Do a System Scan and Save a Logfile.
  
• Please post the log in your next reply.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Highjack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:36:54 PM, on 11/30/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\hp\kbd\kbd.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PCBackup Scheduler] C:\Program Files (x86)\Eisenworld\PCBackup\ABScheduler.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} (ILINCInstall102 Class) - https://content10.ilinc.com/download/AXCltInstall.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://meetingsint.webex.com/client/T27L/webex/ieatgpc1.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: WD SmartWare Drive Manager Service (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8898 bytes

fyi: I am using ESET security suite


Security Check output
Results of screen317's Security Check version 0.99.1
Windows Vista (UAC is enabled)
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
HijackThis 2.0.2
Java(TM) SE Runtime Environment 6 Update 1
Adobe Flash Player 10
Adobe Reader 8.1.3
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Please re-open HijackThis and scan. Check the boxes to the left of all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O1 - Hosts: ::1 localhost
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)


Then, please exit all programs except for HijackThis (System Tray (bottom right of screen): right-click on each program icon and click an Exit or shut down option, etc.), then click Fix Checked.

After it completes its process, please close HijackThis and reboot your computer.

==

Please consider updating to Windows Vista Service Packs 1 & 2.
Windows Vista Service Packs 1 & 2 contains all the updates of Windows Vista so far plus support for new types of hardware and emerging hardware standards.
It is now available via Windows Update or as a standalone installation here.

==

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please tell me how your computer is running and how the updates went. This is important, because any strange activity or problems in updating could be a sign of more malware lurking on your system.

completed
Saw one error on 01 Hosts: ::1 locahost (error #58 - file already exists)
system seems to be acting ok
reran scan and got
the 01 back and the two 023s

The files seem to be missing on those, so they are no longer a threat. No big deal on that. The O1 entry was just because I wanted to make sure your HOSTS file was reset, so the malware cannot use it against you. (HOSTS file helps to block advertising and malicious websites).

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

No. thanks so much. I have made a donation to show my appreciation!

Good to know there are some good guys out there.

glight

Thanks to both of you.