Wondering If Laptop is OK

Hi, y'all!

My sister has a laptop with Vista Home premium she seldom uses--maybe 2 or 3 times since November. I have been updating it since Sunday night. I got the updates for Adobe Reader, Windows Updates, Avira, Spywareblaster, Spybot, Malwarebytes, CCleaner and Java. She needed SP2 for Vista, so I installed that too, then two more Windows Updates.

When I ran CCleaner, there was a big dump file of 200+ MB. Sis said she had never had any problems with her laptop, just that Avira had taken care of something that popped up a month ago--couldn't remember what. On Sunday night Spybot gave me bad checksum for one of the updates; it updated OK on Monday, but it would not let me immunize everything, just partial, because it said I was not an administrator despite the fact I was using the admin account.

I ran scans with Avira, MBAM and SAS and Spybot--nothing! So I started reading through my email. Unfortunately, I did not notice the one way down the list from "HELP DESK" titled "Webmail Quota Has Exceeded The Set Quota/Limit" BEFORE it just opened when I deleted the one before it. It looked like a phishing email, wanting my name and password, etc., so I reported it as spam and deleted it.

Since I had checked out her computer a couple months ago with the Malware cleaning scans (and all looked OK so I did not bother y'all), I ran just the analyse.exe to see what the HJT log looked like after all the changes. Lots of Google toolbar stuff that I would have never knowingly installed, and enough different from last time that I thought maybe I should run the rest just to be sure.

Combofix said SAS was active, but it is just a scanner. When the report popped up, it said Windows Defender was active, but it is turned off.

Trying to run RootRepeal right after gave me messages about Illegal operation attempted and registry key has been marked for deletion for Rootrepeal.exe, for notepad.exe when I tried to open it to write down the message, and then for explorer.exe when I tried to open the Control Panel.

I was afraid maybe Combofix had done something; it was just readded to the cleaning procedure last night. So I used system restore to go back to 3PM when Java 18 was installed. However, the system restore did not complete fully and I got a message to try a different restore point. Instead I put UAC back on, rebooted and tried to download the latest MGTools.exe to overwrite the old one. I got "You don't have permission to save in this location. Contact the administrator to obtain permission. Would you like to save in the Belinda folder instead?" Said No and canceled.

Disabled UAC, rebooted and right-clicked the old MGTools.exe with run as administrator. Then tried RootRepeal same way again and this time it ran. It said it found 898 hidden files! But when I tried to save the report, it said Could not create file! I kept trying to save it, but it doesn't seem to have that many files in the report that saved.

While I was typing this, Avira gave me two malware alerts about Virus or unwanted program 'EXP/Pidief.GI [exploit]' detected in file 'C:\Users\Belinda\AppData\Local\Mozilla\Firefox\Profiles\vl9dpe7y.default\Cache\2F687C45d01. and in file 'C:\Users\Belinda\AppData\Local\Mozilla\Firefox\Profiles\vl9dpe7y.default\Cache\2F687C45d01.
Action performed: Move files to quarantine

I'd just like y'all to look over the scans and let me know if there is anything to worry about. Thanks, y'all!

 

And here is the last scan.

When I tried to save the five scan reports in C:\Documents and Settings last night, I got message "Access is denied."

 

Well, Tim, I wish I was totally happy that you did not see any malware in the logs. Is Combofix really fixed, and why did RootRepeal find so much stuff? I am glad y'all didn't consider anything malware, but I'm curious as to what all that long report means.

I went ahead and uninstalled Firefox 3.5.7, ran CCleaner and then installed Firefox 3.6. I had planned to move to the latest version anyway. That's about the only thing that was left to be updated I think.

However, just a little while ago I got three Avira alerts just a few minutes apart, this time regarding IE. This computer has IE7, I think. I was using IE in the standard user account. This is what Avira picked up:

Virus or unwanted program 'HTML/Feebs.Gen [virus]' detected in file 'C:\Users\Standard user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GCBK3V9X\%3Df%26naz33%3Dy%26naz14%3D0%26naz127%3Dy%26na243%3Dt%26naz16%3D0%26naz173%3Dy%26na298%3Dt%26naz150%3D76133%26rdbg_u%26rdbz_u%26,;ord=1264791605[1].htm.
Action performed: Move file to quarantine

Virus or unwanted program 'HTML/Feebs.Gen [virus]' detected in file 'C:\Users\Standard user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVMBF2HI\%3Df%26naz33%3Dy%26naz14%3D0%26naz127%3Dy%26na243%3Dt%26naz16%3D0%26naz173%3Dy%26na298%3Dt%26naz150%3D76133%26rdbg_u%26rdbz_u%26,;ord=1264791708[1].htm.
Action performed: Move file to quarantine

Virus or unwanted program 'HTML/Feebs.Gen [virus]' detected in file 'C:\Users\Standard user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IJJ2Z2TC\%3Df%26naz33%3Dy%26naz14%3D0%26naz127%3Dy%26na243%3Dt%26naz16%3D0%26naz173%3Dy%26na298%3Dt%26naz150%3D76133%26rdbg_u%26rdbz_u%26,;ord=1264791876[1].htm.
Action performed: Move file to quarantine

What is 'HTML/Feebs.Gen [virus]'--anything to be particularly concerned about?

And what are y'all recommending that we use as a browser these days? I think MG used to like Firefox, but it seems it has as many holes you could drive a Mack truck through as IE does!

Also, what should I ask about in the Software Forum? I just wanted to make sure Sis's computer is clean because I was going to use it to pay some bills while I'm visiting her. She is always bad about updating; she has IT guys at work that keep up her work computer. But she relies on li'l 'ol me to take care of her at home!

 

Tim, I did uninstall FireFox as you said. I have emptied both IE and FireFox internet temp folders. Thought I'd done that when I ran CCleaner. I'll try to get in the habit of doing it every day before I log off.

Guess I'll have to think about installing IE8 since you think it seems more secure than either IE7 or Firefox.

Anyway, good to know that all is OK. Sis and I both thank you for being so nice to check her computer. Now, if I can just get her to get in the habit of keeping it updated, I won't have to worry about using it.

Thank you!