Solved Also Google Firefox redirects, and Malwarebytes useless

[DavidPercy]

Here's the ESET report. It said 3 threats found (not 3 files infected as I mistyped pre-edit)

C:\Program Files\Wallpaper Master\Wallpaper.exe probably a variant of Win32/Agent.MZBDIGD trojan
C:\System Volume Information\_restore{59738C09-565F-4C80-933B-B2937C213AFE}\RP696\A0233244.rbf a variant of Win32/Adware.ErrorRepair application
Operating memory probably a variant of Win32/Agent.MZBDIGD trojan

 

[Broni]

1 finding is in system restore and we'll reset it in a moment.

Delete this file:
- C:\Program Files\Wallpaper Master\Wallpaper.exe
Empty recycle bin

This:
Operating memory probably a variant of Win32/Agent.MZBDIGD trojan
I'm not sure.
Update Avira, run full scan and let me know, if it found anything.

 

[DavidPercy]

Too bad about wallpaper master, I liked the program (changed wallpaper automatically, been using it for a long time...I hope it hasn't been a problem this whole time ><)

Avira had 16 items updated, running the scan now.

 

[Broni]

Too bad about wallpaper master, I liked the program (changed wallpaper automatically, been using it for a long time

It may be false positive as well.
Reinstall the program, or if you didn't delete the file yet and....

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to http://www.virustotal.com/ for security check:
- C:\Program Files\Wallpaper Master\Wallpaper.exe
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

 

[DavidPercy]

Avira's full scan is done, and it found nothing dangerous. It listed 2 files as hidden, but 0 detections, 0 warnings and 0 suspicious files. As for Wallpapermaster, I'll reinstall it later perhaps.

Here's the report


Avira AntiVir Personal
Report file date: Monday, September 27, 2010 22:11

Scanning for 2881727 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : INFINITY

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 18:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 00:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 20:07:57
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 20:08:04
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 20:08:17
VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 20:26:54
VBASE009.VDF : 7.10.11.134 2048 Bytes 9/13/2010 20:26:54
VBASE010.VDF : 7.10.11.135 2048 Bytes 9/13/2010 20:26:54
VBASE011.VDF : 7.10.11.136 2048 Bytes 9/13/2010 20:26:55
VBASE012.VDF : 7.10.11.137 2048 Bytes 9/13/2010 20:26:55
VBASE013.VDF : 7.10.11.165 172032 Bytes 9/15/2010 20:26:56
VBASE014.VDF : 7.10.11.202 144384 Bytes 9/18/2010 19:10:04
VBASE015.VDF : 7.10.11.231 129024 Bytes 9/21/2010 19:10:04
VBASE016.VDF : 7.10.12.4 126464 Bytes 9/23/2010 21:38:59
VBASE017.VDF : 7.10.12.38 146944 Bytes 9/27/2010 02:02:36
VBASE018.VDF : 7.10.12.39 2048 Bytes 9/27/2010 02:02:36
VBASE019.VDF : 7.10.12.40 2048 Bytes 9/27/2010 02:02:36
VBASE020.VDF : 7.10.12.41 2048 Bytes 9/27/2010 02:02:36
VBASE021.VDF : 7.10.12.42 2048 Bytes 9/27/2010 02:02:36
VBASE022.VDF : 7.10.12.43 2048 Bytes 9/27/2010 02:02:36
VBASE023.VDF : 7.10.12.44 2048 Bytes 9/27/2010 02:02:37
VBASE024.VDF : 7.10.12.45 2048 Bytes 9/27/2010 02:02:37
VBASE025.VDF : 7.10.12.46 2048 Bytes 9/27/2010 02:02:37
VBASE026.VDF : 7.10.12.47 2048 Bytes 9/27/2010 02:02:37
VBASE027.VDF : 7.10.12.48 2048 Bytes 9/27/2010 02:02:37
VBASE028.VDF : 7.10.12.49 2048 Bytes 9/27/2010 02:02:37
VBASE029.VDF : 7.10.12.50 2048 Bytes 9/27/2010 02:02:38
VBASE030.VDF : 7.10.12.51 2048 Bytes 9/27/2010 02:02:38
VBASE031.VDF : 7.10.12.54 39936 Bytes 9/27/2010 02:02:38
Engineversion : 8.2.4.66
AEVDF.DLL : 8.1.2.1 106868 Bytes 9/1/2010 20:09:00
AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 9/20/2010 19:10:29
AESCN.DLL : 8.1.6.1 127347 Bytes 9/1/2010 20:08:55
AESBX.DLL : 8.1.3.1 254324 Bytes 9/1/2010 20:09:01
AERDL.DLL : 8.1.9.2 635252 Bytes 9/21/2010 19:10:14
AEPACK.DLL : 8.2.3.7 471413 Bytes 9/20/2010 19:10:26
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 9/1/2010 20:08:52
AEHEUR.DLL : 8.1.2.27 2933110 Bytes 9/24/2010 21:39:06
AEHELP.DLL : 8.1.13.4 242038 Bytes 9/24/2010 21:39:01
AEGEN.DLL : 8.1.3.22 401780 Bytes 9/20/2010 19:10:17
AEEMU.DLL : 8.1.2.0 393588 Bytes 9/1/2010 20:08:41
AECORE.DLL : 8.1.17.0 196982 Bytes 9/24/2010 21:39:00
AEBB.DLL : 8.1.1.0 53618 Bytes 9/1/2010 20:08:40
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 18:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 18:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 22:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 18:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 18:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 18:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 15:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 18:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 21:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 20:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 20:14:29

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on

 

[Broni]

Good

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.

 

[DavidPercy]

Done and done. I am liking PSI and FileHippo, they seem like solid programs, and have already been handy in finding updates etc.

I've had defrag issues, running O&O Defrag has worked, but always seems to be 8-15% or more that remains fragmented. I'll run it again after all these fixes and updates and hope for more success.

I'm also going to double check my hardware driver updates, as some gaming performance issues may simply be update related.

All the same, these are separate issues. My computer is clean, and that's some seriously great news. I can't thank you enough for taking the time to help me out. Learned a lot, which is always nice, but getting rid of malicious software is not always an easy task and I'm pretty stoked to have found and eliminated these problems.

I've been reading some more here at Techspot while scans were running, and plan on reading a lot more. This is a great freakin site.

Just to be certain, TFC is something to keep, but I can get rid of OTC, MBRCheck, HijackThis, SecurityCheck and JavaRA?

Thanks again for the help Broni. I haven't enough posts to send messages, so I'd just like to mention that as a starving student, this volunteer help with professional quality is very much appreciated. Once some income comes my way, you're on the shortlist of people to support. I'll do my best to spread the help around in the meantime, and direct my friends to Techspot too.

Sincerely,
Dave

 

[Broni]

You're very welcome

Just to be certain, TFC is something to keep, but I can get rid of OTC, MBRCheck, HijackThis, SecurityCheck and JavaRA?

Exactly.

Good luck and stay safe