Resolved Malware/Virus infection (7-step logs included): hidden all my files

[BigChief014]

Heya! I'm currently using Windows Vista 32-bit.
Something happened to my system two nights ago where my program windows (inc. FireFox) reverted back to Windows 95 style for a short time. Then my computer automatically restarted, and when it rebooted all of my files and folders were gone! However my desktop background remained unchanged.

I did a system restore, and many of my files and folders came back, but the majority were still gone. Turns out they were randomly made hidden. Around this time my firefox browser occasionally opens up new tabs by itself, or redirects google searchers, so I suspect malware is the problem.

I ran the following in this order: Avira Virus Scan, MalwareBytes, GMER, and DDS. All logs are pasted below. Please help! Thanks in advance. =)


AVIRA SCAN:
Avira AntiVir Personal
Report file date: Tuesday, 24 May 2011 20:24

Scanning for 2757234 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 1) [6.0.6001]
Boot mode : Normally booted
Username : SYSTEM
Computer name : ONUR-PC

Version information:
BUILD.DAT : 10.0.0.648 31823 Bytes 1/04/2011 18:36:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 1/04/2011 07:07:43
AVSCAN.DLL : 10.0.3.0 46440 Bytes 1/04/2011 07:07:57
LUKE.DLL : 10.0.3.2 104296 Bytes 1/04/2011 07:07:53
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 14:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 00:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 06:15:47
VBASE002.VDF : 7.11.3.0 1950720 Bytes 9/02/2011 06:15:47
VBASE003.VDF : 7.11.5.225 1980416 Bytes 7/04/2011 10:12:21
VBASE004.VDF : 7.11.5.226 2048 Bytes 7/04/2011 10:12:21
VBASE005.VDF : 7.11.5.227 2048 Bytes 7/04/2011 10:12:22
VBASE006.VDF : 7.11.5.228 2048 Bytes 7/04/2011 10:12:22
VBASE007.VDF : 7.11.5.229 2048 Bytes 7/04/2011 10:12:23
VBASE008.VDF : 7.11.5.230 2048 Bytes 7/04/2011 10:12:23
VBASE009.VDF : 7.11.5.231 2048 Bytes 7/04/2011 10:12:24
VBASE010.VDF : 7.11.5.232 2048 Bytes 7/04/2011 10:12:24
VBASE011.VDF : 7.11.5.233 2048 Bytes 7/04/2011 10:12:25
VBASE012.VDF : 7.11.5.234 2048 Bytes 7/04/2011 10:12:25
VBASE013.VDF : 7.11.6.28 158208 Bytes 11/04/2011 10:12:28
VBASE014.VDF : 7.11.6.74 116224 Bytes 13/04/2011 10:12:30
VBASE015.VDF : 7.11.6.113 137728 Bytes 14/04/2011 10:12:32
VBASE016.VDF : 7.11.6.150 146944 Bytes 18/04/2011 10:12:34
VBASE017.VDF : 7.11.6.192 138240 Bytes 20/04/2011 10:12:36
VBASE018.VDF : 7.11.6.237 156160 Bytes 22/04/2011 10:12:38
VBASE019.VDF : 7.11.7.45 427520 Bytes 27/04/2011 10:12:42
VBASE020.VDF : 7.11.7.64 192000 Bytes 28/04/2011 10:12:49
VBASE021.VDF : 7.11.7.97 182272 Bytes 2/05/2011 10:12:52
VBASE022.VDF : 7.11.7.127 467968 Bytes 4/05/2011 10:12:58
VBASE023.VDF : 7.11.7.183 185856 Bytes 9/05/2011 10:13:02
VBASE024.VDF : 7.11.7.218 133120 Bytes 11/05/2011 10:13:04
VBASE025.VDF : 7.11.7.234 139776 Bytes 11/05/2011 10:13:06
VBASE026.VDF : 7.11.8.16 147456 Bytes 13/05/2011 10:13:09
VBASE027.VDF : 7.11.8.46 169472 Bytes 17/05/2011 10:13:11
VBASE028.VDF : 7.11.8.109 181760 Bytes 24/05/2011 10:13:14
VBASE029.VDF : 7.11.8.110 2048 Bytes 24/05/2011 10:13:15
VBASE030.VDF : 7.11.8.111 2048 Bytes 24/05/2011 10:13:15
VBASE031.VDF : 7.11.8.115 22016 Bytes 24/05/2011 10:13:16
Engineversion : 8.2.4.242
AEVDF.DLL : 8.1.2.1 106868 Bytes 28/03/2011 06:15:27
AESCRIPT.DLL : 8.1.3.64 1606011 Bytes 24/05/2011 10:13:54
AESCN.DLL : 8.1.7.2 127349 Bytes 28/03/2011 06:15:27
AESBX.DLL : 8.1.3.2 254324 Bytes 28/03/2011 06:15:26
AERDL.DLL : 8.1.9.9 639347 Bytes 25/03/2011 02:21:38
AEPACK.DLL : 8.2.6.8 557430 Bytes 24/05/2011 10:13:46
AEOFFICE.DLL : 8.1.1.22 205178 Bytes 24/05/2011 10:13:43
AEHEUR.DLL : 8.1.2.119 3481976 Bytes 24/05/2011 10:13:42
AEHELP.DLL : 8.1.17.2 246135 Bytes 24/05/2011 10:13:25
AEGEN.DLL : 8.1.5.6 401780 Bytes 24/05/2011 10:13:23
AEEMU.DLL : 8.1.3.0 393589 Bytes 28/03/2011 06:15:19
AECORE.DLL : 8.1.20.5 196983 Bytes 24/05/2011 10:13:21
AEBB.DLL : 8.1.1.0 53618 Bytes 28/03/2011 06:15:19
AVWINLL.DLL : 10.0.0.0 19304 Bytes 28/03/2011 06:15:31
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/04/2011 07:07:42
AVREP.DLL : 10.0.0.10 174120 Bytes 24/05/2011 10:13:56
AVREG.DLL : 10.0.3.2 53096 Bytes 1/04/2011 07:07:42
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 1/04/2011 07:07:43
AVARKT.DLL : 10.0.22.6 231784 Bytes 1/04/2011 07:07:38
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/04/2011 07:07:41
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 05:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 28/03/2011 06:15:30
NETNT.DLL : 10.0.0.0 11624 Bytes 28/03/2011 06:15:39
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/04/2011 07:07:58
RCTEXT.DLL : 10.0.58.0 97128 Bytes 28/03/2011 06:15:52

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, E:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Tuesday, 24 May 2011 20:24

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'wmiprvse.exe' - '44' Module(s) have been scanned
Scan process 'STARFI~1.SCR' - '25' Module(s) have been scanned
Scan process 'avscan.exe' - '88' Module(s) have been scanned
Scan process 'avcenter.exe' - '91' Module(s) have been scanned
Scan process 'avgnt.exe' - '55' Module(s) have been scanned
Scan process 'sched.exe' - '61' Module(s) have been scanned
Scan process 'avshadow.exe' - '38' Module(s) have been scanned
Scan process 'avguard.exe' - '72' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'vssvc.exe' - '60' Module(s) have been scanned
Scan process 'mcupdmgr.exe' - '82' Module(s) have been scanned
Scan process 'svchost.exe' - '161' Module(s) have been scanned
Scan process 'WinMail.exe' - '89' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '71' Module(s) have been scanned
Scan process 'iPodService.exe' - '36' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '79' Module(s) have been scanned
Scan process 'McSvHost.exe' - '153' Module(s) have been scanned
Scan process 'mfefire.exe' - '34' Module(s) have been scanned
Scan process 'mcshield.exe' - '73' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '38' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '89' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '50' Module(s) have been scanned
Scan process 'SeaPort.exe' - '69' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'mfevtps.exe' - '40' Module(s) have been scanned
Scan process 'IAANTMon.exe' - '41' Module(s) have been scanned
Scan process 'BtStackServer.exe' - '78' Module(s) have been scanned
Scan process 'ehmsas.exe' - '26' Module(s) have been scanned
Scan process 'Apntex.exe' - '27' Module(s) have been scanned
Scan process 'HidFind.exe' - '29' Module(s) have been scanned
Scan process 'ApMsgFwd.exe' - '29' Module(s) have been scanned
Scan process 'DellDock.exe' - '89' Module(s) have been scanned
Scan process 'BTTray.exe' - '68' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '35' Module(s) have been scanned
Scan process 'ehtray.exe' - '31' Module(s) have been scanned
Scan process 'sprtcmd.exe' - '69' Module(s) have been scanned
Scan process 'mcagent.exe' - '115' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '75' Module(s) have been scanned
Scan process 'rundll32.exe' - '39' Module(s) have been scanned
Scan process 'PDVDDXSrv.exe' - '45' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '43' Module(s) have been scanned
Scan process 'quickset.exe' - '83' Module(s) have been scanned
Scan process 'WLTRAY.EXE' - '67' Module(s) have been scanned
Scan process 'sttray.exe' - '46' Module(s) have been scanned
Scan process 'Apoint.exe' - '37' Module(s) have been scanned
Scan process 'hnm_svc.exe' - '118' Module(s) have been scanned
Scan process 'btwdins.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '38' Module(s) have been scanned
Scan process 'Explorer.EXE' - '167' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '52' Module(s) have been scanned
Scan process 'aestsrv.exe' - '21' Module(s) have been scanned
Scan process 'Dwm.exe' - '44' Module(s) have been scanned
Scan process 'svchost.exe' - '64' Module(s) have been scanned
Scan process 'spoolsv.exe' - '89' Module(s) have been scanned
Scan process 'bcmwltry.exe' - '78' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '24' Module(s) have been scanned
Scan process 'svchost.exe' - '100' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '41' Module(s) have been scanned
Scan process 'DockLogin.exe' - '28' Module(s) have been scanned
Scan process 'svchost.exe' - '87' Module(s) have been scanned
Scan process 'SLsvc.exe' - '29' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'CTAudSvc.exe' - '31' Module(s) have been scanned
Scan process 'STacSV.exe' - '41' Module(s) have been scanned
Scan process 'svchost.exe' - '120' Module(s) have been scanned
Scan process 'svchost.exe' - '80' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'lsm.exe' - '31' Module(s) have been scanned
Scan process 'lsass.exe' - '69' Module(s) have been scanned
Scan process 'services.exe' - '41' Module(s) have been scanned
Scan process 'winlogon.exe' - '39' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '35' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[DETECTION] Contains code of the BOO/TDss.M boot sector virus
[NOTE] The boot sector was not written!

Start scanning boot sectors:
Boot sector 'C:\'
[DETECTION] Contains code of the BOO/TDss.M boot sector virus
[NOTE] The boot sector was not written!
Boot sector 'E:\'
[DETECTION] Contains code of the BOO/TDss.M boot sector virus
[NOTE] The boot sector was not written!

Starting to scan executable files (registry).

The registry was scanned ( '1817' files ).


Starting the file scan:

Begin scan in 'C:\' <OS>
C:\Program Files\Mozilla Firefox\0.19789321904291302.exe
[DETECTION] Is the TR/Fake.Rean.1948 Trojan
C:\Users\Onur\AppData\Local\vah.exe
[DETECTION] Is the TR/FakeAV.czvb Trojan
C:\Users\Onur\AppData\Local\Temp\0.16296048091286697.exe
[DETECTION] Is the TR/Dldr.Renos.twf Trojan
C:\Users\Onur\AppData\Local\Temp\0.20220546709169274.exe
[DETECTION] Is the TR/Dldr.Renos.twf Trojan
C:\Users\Onur\AppData\Local\Temp\0.6835808642239324.exe
[DETECTION] Is the TR/FakeAV.czvb Trojan
C:\Users\Onur\AppData\Local\Temp\jar_cache1228664689912818467.tmp
[DETECTION] Is the TR/FakeAV.czvb Trojan
C:\Users\Onur\AppData\Local\Temp\jar_cache3488237086204442127.tmp
[DETECTION] Is the TR/Fake.Rean.1948 Trojan
C:\Users\Onur\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\c669a2-2a7f2e72
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Stutter.AH Java virus
--> vload.class
[DETECTION] Contains recognition pattern of the JAVA/Stutter.AH Java virus
--> vmain.class
[DETECTION] Contains recognition pattern of the JAVA/Stutter.AG Java virus
C:\Users\Onur\Documents\Files\Uni\1st Year\2009\Semester 1\Mind, Brain and Behaviour\Lectures\Sensation and Perception\880-001Lecture1.pdf
[0] Archive type: PDF
[DETECTION] Is the TR/Spy.Banker.vk.1 Trojan
--> pdf_img_49.avp
[DETECTION] Is the TR/Spy.Banker.vk.1 Trojan
C:\Users\Onur\Documents\Files\Uni\1st Year\2009\Semester 1\Mind, Brain and Behaviour\Lectures\Sensation and Perception\880-001Lecture2.pdf
[0] Archive type: PDF
[DETECTION] Is the TR/Spy.Banker.vk.1 Trojan
--> pdf_img_0.avp
[DETECTION] Is the TR/Spy.Banker.vk.1 Trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\6685d300-27140475
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.A exploit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\4d2bdafe-227fa66d
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.CP Java virus
--> FAQ/Template.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.CP Java virus
--> tools/Commander.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.CR Java virus
--> tools/Syntax.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.CQ Java virus
--> tools/XmlStandard.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.CO Java virus
C:\Windows\Temp\jar_cache7677709313234663009.tmp
[DETECTION] Is the TR/Drop.Dapato.gp Trojan
Begin scan in 'E:\' <RECOVERY>

Beginning disinfection:
C:\Windows\Temp\jar_cache7677709313234663009.tmp
[DETECTION] Is the TR/Drop.Dapato.gp Trojan
[NOTE] The file was moved to the quarantine directory under the name '4bba6677.qua'.
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\4d2bdafe-227fa66d
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.CO Java virus
[NOTE] The file was moved to the quarantine directory under the name '536d49d3.qua'.
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\6685d300-27140475
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.A exploit
[NOTE] The file was moved to the quarantine directory under the name '671b56b8.qua'.
C:\Users\Onur\Documents\Files\Uni\1st Year\2009\Semester 1\Mind, Brain and Behaviour\Lectures\Sensation and Perception\880-001Lecture2.pdf
[DETECTION] Is the TR/Spy.Banker.vk.1 Trojan
[NOTE] The file could not be copied to quarantine!
[NOTE] The file does not exist!
C:\Users\Onur\Documents\Files\Uni\1st Year\2009\Semester 1\Mind, Brain and Behaviour\Lectures\Sensation and Perception\880-001Lecture1.pdf
[DETECTION] Is the TR/Spy.Banker.vk.1 Trojan
[NOTE] The file could not be copied to quarantine!
[NOTE] The file does not exist!
C:\Users\Onur\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\c669a2-2a7f2e72
[DETECTION] Contains recognition pattern of the JAVA/Stutter.AG Java virus
[NOTE] The file was moved to the quarantine directory under the name '113e6fd1.qua'.
C:\Users\Onur\AppData\Local\Temp\jar_cache3488237086204442127.tmp
[DETECTION] Is the TR/Fake.Rean.1948 Trojan
[NOTE] The file was moved to the quarantine directory under the name '6d7a2e7e.qua'.
C:\Users\Onur\AppData\Local\Temp\jar_cache1228664689912818467.tmp
[DETECTION] Is the TR/FakeAV.czvb Trojan
[NOTE] The file was moved to the quarantine directory under the name '40200130.qua'.
C:\Users\Onur\AppData\Local\Temp\0.6835808642239324.exe
[DETECTION] Is the TR/FakeAV.czvb Trojan
[NOTE] The file could not be copied to quarantine!
[NOTE] The file does not exist!
C:\Users\Onur\AppData\Local\Temp\0.20220546709169274.exe
[DETECTION] Is the TR/Dldr.Renos.twf Trojan
[NOTE] The file could not be copied to quarantine!
[NOTE] The file does not exist!
C:\Users\Onur\AppData\Local\Temp\0.16296048091286697.exe
[DETECTION] Is the TR/Dldr.Renos.twf Trojan
[NOTE] The file could not be copied to quarantine!
[NOTE] The file does not exist!
C:\Users\Onur\AppData\Local\vah.exe
[DETECTION] Is the TR/FakeAV.czvb Trojan
[NOTE] The file could not be copied to quarantine!
[NOTE] The file does not exist!
C:\Program Files\Mozilla Firefox\0.19789321904291302.exe
[DETECTION] Is the TR/Fake.Rean.1948 Trojan
[NOTE] The file could not be copied to quarantine!
[NOTE] The file does not exist!


End of the scan: Wednesday, 25 May 2011 00:39
Used time: 2:26:52 Hour(s)

The scan has been done completely.

26534 Scanned directories
568757 Files were scanned
21 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
6 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
568739 Files not concerned
6470 Archives were scanned
0 Warnings
16 Notes
493798 Objects were scanned with rootkit scan
0 Hidden objects were found




MALWAREBYTES:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6654

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19019

25/05/2011 2:31:32 AM
mbam-log-2011-05-25 (02-31-32).txt

Scan type: Quick scan
Objects scanned: 152166
Time elapsed: 9 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{9E9DA3C5-C7F9-8051-B7C9-5649F9EA3AA3} (Trojan.ZbotR.Gen) -> Value: {9E9DA3C5-C7F9-8051-B7C9-5649F9EA3AA3} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Onur\AppData\Roaming\microsoft\Windows\start menu\Programs\StartUp\fulo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Onur\AppData\Roaming\microsoft\Windows\start menu\Programs\StartUp\mijoe.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Temp\jar_cache3737238844970604673.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Temp\jar_cache646693631889566736.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.





GMER:
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit quick scan 2011-05-25 13:26:54
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0003
Running: q8zhshzq.exe; Driver: C:\Users\Onur\AppData\Local\Temp\pxldapob.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- System - GMER 1.0.15 ----

Code B13A4233 TmInitSystem

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

 

[Bobbye]

Please finish the steps in the thread and leave the 2 logs from DDS in your next reply.. When I have the additional logs, I will have you take the next step.

Important! One of the malware entries if from a rogue program that will "alert" you to problems, then offer to fix them on their site. ($$$). It is important that you don't act on these alerts.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

Note: I have deleted your duplicate thread. Please leave the logs on this thread- do not start a new one for the same problem.

 

[BigChief014]

Sorry, I thought I could post the remaining logs right away.. Here they are.
Edit: Just to update you, my user account is not applying changes I make to my profile picture; my Dell Dock is constantly crashing; and my Quick Launch icon in the Taskbar is permanently gone despite enabling it in Taskbar Properties. I don't mean to unload all my problems on you, but everything here happened after the problems in my previous post. If they're related, please help me fix them. Thanks Bobbye!



DDS:
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.19019
Run by Onur at 13:23:26 on 2011-05-25
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3579.2622 [GMT 10:00]
.
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Users\Onur\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [RunDLLEntry] c:\windows\system32\rundll32.exe c:\windows\system32\AmbRunE.dll,RunDLLEntry
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\onur\appdata\roaming\mozilla\firefox\profiles\ab5ixccm.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-4-30 218688]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-9-11 81920]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-24 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-24 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-24 61960]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-19 155648]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-9-11 29736]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-9-11 144128]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-30 136176]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2009-9-11 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-9-11 79360]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-30 136176]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files\common files\creative labs shared\service\XMBLicensing.exe [2009-9-11 79360]
.
=============== Created Last 30 ================
.
2011-05-24 10:38:12 -------- d-----w- c:\users\onur\appdata\roaming\Jujeh
2011-05-24 10:38:12 -------- d-----w- c:\users\onur\appdata\roaming\Coabas
2011-05-24 10:22:32 -------- d-----w- c:\users\onur\appdata\roaming\Avira
2011-05-24 10:10:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-24 10:10:36 -------- d-----w- c:\programdata\Avira
2011-05-24 10:10:36 -------- d-----w- c:\program files\Avira
2011-05-23 17:05:39 -------- d-----w- c:\users\onur\appdata\roaming\Malwarebytes
2011-05-23 17:05:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-23 17:05:16 -------- d-----w- c:\programdata\Malwarebytes
2011-05-23 17:05:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-23 17:05:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-22 13:05:28 0 ---ha-w- c:\users\onur\appdata\local\Fsakoca.bin
2011-05-22 13:05:26 -------- d--h--w- c:\users\onur\appdata\local\{CDDBA3CB-4DD2-4FD3-97CB-CFFA1F097D74}
2011-05-20 07:25:26 -------- d--h--w- c:\windows\msdownld.tmp
2011-05-20 07:25:21 -------- d-----w- c:\windows\system32\directx
2011-05-20 07:21:54 -------- d-----w- c:\program files\PCSX2 0.9.8
2011-05-07 17:00:39 -------- d--h--w- c:\users\onur\appdata\local\Microsoft Games
2011-05-07 08:28:40 -------- d-----w- c:\users\onur\appdata\local\Stardock_Corporation
2011-05-06 14:43:17 -------- d-----w- c:\users\onur\appdata\roaming\Eclipse
2011-05-06 14:43:12 -------- d--h--w- c:\users\onur\appdata\local\javasharedresources
2011-05-06 14:38:32 -------- d-----w- c:\programdata\SafeNet Sentinel
2011-05-06 14:36:19 -------- d--h--w- c:\program files\Zero G Registry
2011-05-06 14:36:18 -------- d--h--w- c:\users\onur\InstallAnywhere
2011-05-06 14:35:20 -------- d-----w- c:\programdata\SPSS
2011-05-06 14:33:33 -------- d-----w- c:\program files\common files\IBM
2011-05-06 14:32:07 -------- d-----w- c:\program files\IBM
2011-05-06 14:31:53 205 ----a-w- c:\windows\system32\lsprst7.dll
2011-05-06 14:31:53 1025 ----a-w- c:\windows\system32\sysprs7.dll
2011-05-06 06:05:37 -------- d-----w- c:\program files\ATMA V
2011-04-30 12:13:03 -------- d--h--w- c:\users\onur\appdata\roaming\Kisis
2011-04-30 12:13:03 -------- d-----w- c:\users\onur\appdata\roaming\Ildo
2011-04-30 06:03:10 -------- d-----w- c:\users\onur\appdata\local\SupportSoft
2011-04-30 01:29:11 94208 ----a-w- c:\windows\DIIUnin.exe
2011-04-30 01:29:11 2829 ----a-w- c:\windows\DIIUnin.pif
2011-04-30 01:27:38 -------- d-----w- c:\program files\Diablo II
2011-04-30 01:06:41 -------- d--h--w- c:\users\onur\appdata\local\Apple Computer
2011-04-29 17:12:49 571392 ----a-w- c:\windows\system32\Flurry.scr
2011-04-29 16:35:00 14596133 ----a-w- c:\windows\system32\Windows 7 Energy.scr
2011-04-29 16:34:51 16440029 ----a-w- c:\windows\system32\Waterfalls HD.scr
2011-04-29 16:30:01 14336 ----a-w- c:\windows\system32\Starfield.scr
2011-04-29 16:21:02 -------- d-----w- c:\program files\HJSplit
2011-04-29 16:17:31 -------- d-----w- c:\program files\WinSPC
2011-04-29 15:35:27 -------- d-----w- c:\program files\NCH Software
2011-04-29 15:35:25 -------- d--h--w- c:\users\onur\appdata\roaming\NCH Software
2011-04-29 15:30:47 -------- d-----w- c:\program files\ComicRack
2011-04-29 15:25:00 -------- d-----w- c:\program files\Audacity
2011-04-29 15:24:36 -------- d-----w- c:\program files\G3C
2011-04-29 15:24:19 -------- d-----w- c:\program files\Foxit Software
2011-04-29 15:15:49 -------- d--h--w- c:\users\onur\appdata\local\Google
2011-04-29 15:15:42 -------- d-----w- c:\program files\SpinRite
2011-04-29 15:14:27 -------- d-----w- c:\program files\Audiosurf
2011-04-29 15:13:17 -------- d-----w- c:\program files\BitTorrent
2011-04-29 15:12:48 -------- d-----w- c:\users\onur\appdata\roaming\BitTorrent
2011-04-29 15:11:01 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-04-29 15:10:54 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-04-29 15:08:58 -------- d--h--w- c:\users\onur\appdata\roaming\DAEMON Tools Lite
2011-04-29 15:08:58 -------- d--h--w- c:\programdata\DAEMON Tools Lite
2011-04-29 15:08:40 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-04-29 15:08:40 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-04-29 15:08:40 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-04-29 15:08:40 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-04-29 15:08:40 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-04-29 15:08:40 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-29 15:08:39 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-04-29 15:08:39 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-04-29 15:06:06 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-29 15:06:06 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-04-29 15:05:11 -------- d-----w- c:\program files\iPod
2011-04-29 15:05:10 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-04-29 15:05:10 -------- d-----w- c:\program files\iTunes
2011-04-29 14:56:30 -------- d--h--w- c:\users\onur\appdata\local\Apple
2011-04-29 14:53:30 -------- d-----w- c:\program files\Guitar Pro 5
2011-04-29 14:51:56 -------- d-----w- c:\program files\Bonjour
2011-04-29 14:50:09 -------- d-----w- c:\program files\Happy Note
2011-04-29 14:49:55 178176 ----a-w- c:\windows\system32\unrar.dll
2011-04-29 14:49:50 881664 ----a-w- c:\windows\system32\xvidcore.dll
2011-04-29 14:49:50 839680 ----a-w- c:\windows\system32\lameACM.acm
2011-04-29 14:49:50 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2011-04-29 14:49:50 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2011-04-29 14:49:50 118784 ----a-w- c:\windows\system32\ac3acm.acm
2011-04-29 14:49:48 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2011-04-29 14:49:46 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-04-29 14:44:52 -------- d-----w- c:\program files\Spectromancer
2011-04-29 14:44:37 -------- d-----w- c:\program files\Power Tab Editor 1.7
2011-04-29 14:43:52 -------- d-----w- c:\program files\ShellExView
2011-04-29 14:43:18 -------- d-----w- c:\program files\Tetris
2011-04-29 14:43:04 551424 ----a-w- c:\windows\TheMatrix.scr
2011-04-29 14:43:04 -------- d-----w- c:\program files\TheMatrix Screen Saver
2011-04-29 14:42:23 -------- d-----w- c:\program files\JDownloader
2011-04-29 14:40:54 -------- d-----w- c:\program files\NCH Swift Sound
2011-04-29 14:40:41 -------- d-----w- c:\program files\Tunatic
2011-04-29 14:40:33 -------- d-----w- c:\program files\Ultimate Windows Tweaker
2011-04-29 13:54:27 -------- d--h--w- c:\users\onur\appdata\local\Adobe
2011-04-29 13:27:39 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-04-29 13:27:01 72704 ----a-w- c:\windows\system32\admparse.dll
2011-04-29 13:27:00 66560 ----a-w- c:\windows\system32\tdc.ocx
2011-04-29 13:27:00 48128 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-29 13:27:00 34816 ----a-w- c:\windows\system32\imgutil.dll
2011-04-29 13:27:00 18944 ----a-w- c:\windows\system32\corpol.dll
2011-04-29 13:27:00 156160 ----a-w- c:\windows\system32\msls31.dll
2011-04-29 13:21:13 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-04-29 13:21:13 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-04-29 13:21:13 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-04-29 13:21:13 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-04-29 13:21:13 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-04-29 13:19:16 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-04-29 13:19:14 411136 ----a-w- c:\windows\system32\drivers\http.sys
2011-04-29 13:19:13 31232 ----a-w- c:\windows\system32\httpapi.dll
2011-04-29 13:18:27 231936 ----a-w- c:\windows\system32\msshsq.dll
2011-04-29 13:15:24 1257472 ----a-w- c:\windows\system32\msxml3.dll
2011-04-29 13:15:03 409600 ----a-w- c:\windows\system32\odbc32.dll
2011-04-29 13:15:02 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2011-04-29 13:15:02 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
2011-04-29 13:15:02 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
2011-04-29 13:15:02 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2011-04-29 13:15:02 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2011-04-29 13:14:47 104960 ----a-w- c:\windows\system32\netiohlp.dll
2011-04-29 13:14:46 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-04-29 13:14:46 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-04-29 13:14:45 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-04-29 13:14:45 10240 ----a-w- c:\windows\system32\finger.exe
2011-04-29 13:14:44 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-04-29 13:14:44 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-04-29 13:14:44 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-04-29 13:14:42 17920 ----a-w- c:\windows\system32\netevent.dll
2011-04-29 13:13:33 2868224 ----a-w- c:\windows\system32\mf.dll
2011-04-29 13:13:25 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-29 13:13:24 3550608 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-29 13:13:24 1205592 ----a-w- c:\windows\system32\ntdll.dll
2011-04-29 13:13:16 499712 ----a-w- c:\windows\system32\kerberos.dll
2011-04-29 13:13:16 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-04-29 13:13:15 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2011-04-29 13:13:14 9728 ----a-w- c:\windows\system32\lsass.exe
2011-04-29 13:13:14 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-04-29 13:13:13 72704 ----a-w- c:\windows\system32\secur32.dll
2011-04-29 13:12:58 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2011-04-29 13:12:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-04-29 13:12:05 1616384 ----a-w- c:\program files\windows mail\msoe.dll
2011-04-29 13:12:01 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-04-29 13:12:01 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-04-29 13:10:55 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-29 13:09:09 71680 ----a-w- c:\windows\system32\atl.dll
2011-04-29 13:09:05 274432 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 13:07:58 126464 ----a-w- c:\windows\system32\spoolsv.exe
2011-04-29 13:06:56 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-04-29 12:26:03 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-04-29 12:25:47 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-04-29 12:25:38 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-04-29 12:25:38 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-04-29 12:12:07 -------- d-----w- c:\users\onur\appdata\local\Mozilla
2011-04-29 12:02:41 -------- d--h--w- c:\users\onur\appdata\local\DataSafeOnline
2011-04-29 12:02:35 -------- d--h--w- c:\users\onur\appdata\local\Broadcom
2011-04-29 12:02:16 -------- d--h--w- c:\users\onur\appdata\local\PowerDVD DX
2011-04-29 12:01:48 -------- d-----w- c:\users\onur\appdata\local\VirtualStore
2011-04-29 11:55:53 -------- d-sh--we C:\Documents and Settings
.
==================== Find3M ====================
.
2011-04-06 06:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 06:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 06:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 06:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-10 16:12:54 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 16:12:54 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:00:15 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 12:53:48 2040832 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 14:49:43 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
.
============= FINISH: 13:24:19.54 ===============




DDS Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 11/09/2009 7:35:06 AM
System Uptime: 25/05/2011 1:11:39 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0CJG36
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | Microprocessor | 1200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 138.733 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 8.08 GiB free.
F: is CDROM ()
W: is CDROM ()
X: is CDROM ()
Y: is CDROM ()
Z: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.4
Advanced Audio FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATMA V 5.05
Audacity 1.2.6
Avira AntiVir Personal - Free Antivirus
BitTorrent
Bonjour
ccc-utility
Choice Guard
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
ComicRack v0.9.139
Compatibility Pack for the 2007 Office system
DAEMON Tools Lite
Debut Video Capture Software
Dell-eBay
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Remote Access
Dell Support Center (Support Software)
Dell Touchpad
Dell Video Chat
Dell Webcam Central
Dell Wireless WLAN Card Utility
Diablo II
Ear Training Play It By Ear HN
Foxit PDF Editor
G3C (remove only)
Google Earth
Google Update Helper
GoToAssist 8.0.0.514
Guitar Pro 5.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IBM SPSS Statistics 19
Intel® Matrix Storage Manager
iTunes
Java(TM) 6 Update 13
JDownloader 0.9
Junk Mail filter update
K-Lite Codec Pack 5.5.1 (Full)
LADSPA_plugins-win-0.4.15
Live! Cam Avatar Creator
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
NirSoft ShellExView
PCSX2 - Playstation 2 Emulator
PlugY, The Survival Kit
Power Tab Editor 1.7
PowerDVD
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Sound Blaster X-Fi MB
Spectromancer: Truth and Beauty
TempoPerfect Metronome Software
Tetris
TheMatrix Screen Saver version 1.14
Total Recorder Editor v12.1.1
Tunatic
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WIDCOMM Bluetooth Software 6.2.0.6600
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
25/05/2011 2:35:44 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Advanced Networking Service service to connect.
25/05/2011 2:32:10 AM, Error: Service Control Manager [7034] - The Marvell Yukon Service service terminated unexpectedly. It has done this 1 time(s).
25/05/2011 12:58:17 PM, Error: Service Control Manager [7034] - The McAfee Validation Trust Protection Service service terminated unexpectedly. It has done this 1 time(s).
25/05/2011 12:57:16 PM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
25/05/2011 12:57:16 PM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
25/05/2011 12:57:16 PM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
25/05/2011 12:57:16 PM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
25/05/2011 12:57:16 PM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
25/05/2011 12:57:16 PM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
23/05/2011 8:39:00 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
23/05/2011 8:19:30 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
23/05/2011 8:19:30 PM, Error: Service Control Manager [7022] - The Server service hung on starting.
23/05/2011 8:19:30 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
23/05/2011 8:16:39 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: Not enough server storage is available to process this command.
23/05/2011 2:21:16 PM, Error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
23/05/2011 1:22:21 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer DELIISTANBULLU that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CA520E12-6A50-4CCF-927D-EC8. The master browser is stopping or an election is being forced.
19/05/2011 8:53:28 PM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.100. The computer with the IP address 192.168.0.101 did not allow the name to be claimed by this computer.
18/05/2011 9:23:03 AM, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 PCI Express Network Connection Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
18/05/2011 9:23:03 AM, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
18/05/2011 9:23:03 AM, Error: Service Control Manager [7000] - The Bluetooth Device (Personal Area Network) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
18/05/2011 12:56:50 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
18/05/2011 12:01:41 AM, Error: netbt [4321] - The name "DELIISTANBULLU :0" could not be registered on the interface with IP address 192.168.0.100. The computer with the IP address 192.168.0.101 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================

 

[Bobbye]

There are quite a few files that are outdated and others I will have to 'open' to identify. Please do the following:

Please download MBRCheck and save to your desktop

• Double click on MBRCheck.exeto run.(Vista and Windows 7 users will have to confirm the UAC prompt)
• It will show a Black screen with some information that will contain either the below line if no problem is found:
  [o] Done! Press ENTER to exit...
• Or you will see more information like below if a problem is found:
  [o] Found non-standard or infected MBR.
  [o] Enter 'Y' and hit ENTER for more options, or 'N' to exit:
• Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
• MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
• Paste this log to your next message.

============================================
Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
========================================

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the
  
  on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=====================================
Keep in mind that Malwarebytes removed entries for rogue programs. so messages and alerts you get most likely do not reflect a true state. We'll have to 'unhide' the files- the rogue does this to make you click on their 'fix'- which doesn't nothing because the problem was set up by the malware.

 

[BigChief014]

Nevermind, as I was waiting for a reply the problem got worse and worse and prompted me to reformat my computer. Thanks anyway

 

[Bobbye]

Thanks for update. I had to wait for my internet to come back up then a violent storm front to get through. But I think you may have ended up at a better place.