First 7/5/2009 7:12:41 AM mbam-log-2009-07-05 (07-12-26).txt>
No action taken
Second 7/5/2009 7:12:57 AM mbam-log-2009-07-05 (07-12-57).txt> quarantined. Good for you! you aught it- most people don't!
You need to get rid of all the temp folders:
TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies
Download
TFC to your desktop
- Open the file and close any other windows.
- It will close all programs itself when run, make sure to let it run uninterrupted.
- Click the Start button to begin the process. The program should not take long to finish its job
- Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Please empty the recycle Bin when finished.
Stop the Tracking Cookies on accounts for both Amy and Guest:
Reset Cookies:
For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.
SAS has a line to check for removal of the malware it finds. If you did not check that first time around, please update, rescan and check.
Please reopen HijackThis to 'do system scan only'
Check each f the following if present: Note: Don't click on 'Fix Checked' until you have checked all on the list:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\msierj.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\msyrrw.exe
O3 - Toolbar: (no name) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - (no file)
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKCU\..\Run: [] C:\DOCUME~1\MATTBR~1\LOCALS~1\Temp\shqr75u0.exe
O20 - AppInit_DLLs: C:\DOCUME~1\MATTBR~1\LOCALS~1\Temp\1043932984446mxx.dll
Close all Windows except HijackThis and click on 'Fix Checked.'
Please download ComboFix
HERE:
- With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
- Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
- Run Combo-Fix.exe and follow the prompts.
(Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
- Wait for the scan to be completed.
- If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)
Do not click on the ComoboFix window, as it may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Rescan with HijackThis and include new log and report from Combofix.
I'll determine if you need to run additional programs.
A comment: You have a lot of processes running. Most do not need to start on boot and run in the background. Most can be accessed manually when needed.