[Closed] Can't seem to remove "AsktheCrew" redirect virus

[clarkstar]

I am running Windows 7 and using IE. Have recently realized I have the "AsktheCrew" redirect virus. I downloaded MalwareBytes, ran a full scan,
removed all infected files, rebooted, re-scanned and MalwareBytes found no issues. Yet I am still have the redirect problem.

I then used Norton to run a full scan, removed all 187 files it suggested be removed, rebooted, re-scanned, and Norton found no problems. Yet I am still having the redirect problem.

I am hoping that some kind, kind soul here may be able to help me figure out what to do from here!

 

[Bobbye]

Welcome to TechSpot! I'll help with the redirect after I get some information.

Please follow these steps: Preliminary Virus and Malware Removal.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't follow directions given to someone else
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.

Threads are closed after 5 days if there is no reply.

 

[clarkstar]

Log Results

FROM GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-17 11:13:29
Windows 6.1.7601 Service Pack 1
Running: fokbkcts.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 6755
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 5964

---- EOF - GMER 1.0.15 ----


FROM DDS

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Clark Family at 11:22:42 on 2012-03-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1607 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.5.1.2\ccSvcHst.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.5.1.2\ccSvcHst.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://mail.google.com/mail/?hl=en&shva=1#inbox
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe,
uWindows: load=C:\Windows\inf\Other.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.1.2\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.1.2\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.1.2\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [<NO NAME>]
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://mywayphotos.riteaid.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{EC17BF69-FF05-4661-BDDD-4A4FD05BD44C} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.1.2\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.1.2\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.1.2\coIEPlg.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun-x64: [(Default)]
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 188.119.151.111 www.google-analytics.com.
Hosts: 188.119.151.111 ad-emea.doubleclick.net.
Hosts: 188.119.151.111 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1306010.008\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1306010.008\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1306010.008\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1306010.008\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [2012-3-2 1157240]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1306010.008\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1306010.008\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120316.005\IDSviA64.sys [2012-3-16 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1306010.008\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1306010.008\Ironx64.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-2-28 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-5-14 514232]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-3-30 26680]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-7 2413056]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\ccsvchst.exe [2012-3-17 138232]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-3-16 138360]
R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-6-14 1098296]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1305010.002\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1305010.002\SYMNETS.SYS [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-18 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-18 136176]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-17 11:48:49 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1306010.008\symnets.sys
2012-03-17 11:48:49 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1306010.008\symefa64.sys
2012-03-17 11:48:48 738936 ----a-w- C:\Windows\System32\drivers\NISx64\1306010.008\srtsp64.sys
2012-03-17 11:48:48 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1306010.008\symds64.sys
2012-03-17 11:48:48 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1306010.008\srtspx64.sys
2012-03-17 11:48:48 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1306010.008\ironx64.sys
2012-03-17 11:48:47 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1306010.008\ccsetx64.sys
2012-03-17 11:48:12 -------- d-----w- C:\Windows\System32\drivers\NISx64\1306010.008
2012-03-16 20:16:00 738936 ----a-r- C:\Windows\System32\drivers\NISx64\1305010.002\srtsp64.sys
2012-03-16 20:16:00 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1305010.002\SymDS64.sys
2012-03-16 20:16:00 405624 ----a-r- C:\Windows\System32\drivers\NISx64\1305010.002\symnets.sys
2012-03-16 20:16:00 37496 ----a-r- C:\Windows\System32\drivers\NISx64\1305010.002\srtspx64.sys
2012-03-16 20:16:00 190072 ----a-r- C:\Windows\System32\drivers\NISx64\1305010.002\Ironx64.sys
2012-03-16 20:16:00 167048 ----a-r- C:\Windows\System32\drivers\NISx64\1305010.002\ccSetx64.sys
2012-03-16 20:16:00 1092728 ----a-r- C:\Windows\System32\drivers\NISx64\1305010.002\SymEFA64.sys
2012-03-16 20:15:50 -------- d-----w- C:\Windows\System32\drivers\NISx64\1305010.002
2012-03-16 19:37:21 -------- d-----w- C:\Users\Clark Family\AppData\Roaming\Tific
2012-03-15 18:39:37 -------- d-----w- C:\Users\Clark Family\AppData\Roaming\Malwarebytes
2012-03-15 18:39:30 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-15 18:39:29 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-15 18:39:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-15 09:35:05 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-15 09:35:04 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-15 09:35:03 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 18:47:30 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 18:47:28 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 18:47:28 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 10:36:20 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 10:36:20 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 10:36:19 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 10:36:19 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 10:36:19 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 10:36:18 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 10:36:18 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-13 11:38:44 -------- d-----w- C:\Program Files (x86)\Zoodles
2012-03-13 10:25:19 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E169A92C-AF4B-4CED-8189-396A7B10B37D}\mpengine.dll
2012-03-12 23:00:26 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\251F.tmp
2012-03-12 23:00:26 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\24D0.tmp
2012-03-12 23:00:26 158720 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\24D0.tmp.dat
2012-03-07 23:59:25 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\7E01.tmp
2012-03-07 23:59:25 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\7DB2.tmp
2012-03-07 23:59:25 152064 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\7DB2.tmp.dat
2012-02-25 23:03:35 -------- d-----w- C:\Program Files (x86)\Vstplugins
2012-02-25 22:58:30 -------- d-----w- C:\Program Files (x86)\Sony Setup
.
==================== Find3M ====================
.
2012-03-17 11:49:04 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 11:23:30.22 ===============

 

[clarkstar]

MY ORIGINAL MALWAREBYTES LOG (When the problems were dectected and then removed)

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.15.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Clark Family :: CLARKFAMILY-HP [administrator]

3/15/2012 2:44:50 PM
mbam-log-2012-03-15 (14-44-50).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 405242
Time elapsed: 1 hour(s), 12 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Internet Security (Backdoor.IRCBot) -> Data: C:\Users\Clark Family\AppData\Roaming\isecurity.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|run (Trojan.Agent) -> Data: C:\Windows\system32\config\Win.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 98
C:\Users\Clark Family\AppData\Local\Temp\1871.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Clark Family\AppData\Local\Temp\24B.tmp (Malware.Gen) -> Quarantined and deleted successfully.
C:\Users\Clark Family\AppData\Local\Temp\2D49.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Clark Family\AppData\Local\Temp\668A.tmp (Malware.Gen) -> Quarantined and deleted successfully.
C:\Users\Clark Family\AppData\Local\Temp\8BB0.tmp (Malware.Gen) -> Quarantined and deleted successfully.
C:\Users\Clark Family\AppData\Local\Temp\9571.tmp (Malware.Gen) -> Quarantined and deleted successfully.
C:\Users\Clark Family\AppData\Local\Temp\B8F.tmp (Malware.Gen) -> Quarantined and deleted successfully.
C:\Users\Clark Family\AppData\Local\Temp\CBDA.tmp (Trojan.FakeAlert.FS) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\From Laptop\From Laptop.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\From Laptop\Advent Calendar Ideas\Advent Calendar Ideas.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\From Laptop\Baby Reed to Print for Calder\Baby Reed to Print for Calder.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\From Laptop\birthday ideas\birthday ideas.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\From Laptop\birthday ideas\Rocket Ship Birthday\Rocket Ship Birthday.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\From Laptop\CALDER SCHOOL\CALDER SCHOOL.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\From Laptop\CALDER SCHOOL\Math\Math.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\From Laptop\Crab Costume Ideas\Crab Costume Ideas.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\From Laptop\Financial\Financial.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\From Laptop\haircut ideas\haircut ideas.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\From Laptop\haircut ideas\Final Set\Final Set.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\From Laptop\Menu Plans\Menu Plans.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\From Laptop\Mermaid Costume Ideas\Mermaid Costume Ideas.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\From Laptop\Project Ideas\Project Ideas.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 101\Chapter 10 Motivation\images\images.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 101\Chapter 13 Personality\CHAPTER_13 Images\CHAPTER_13 Images.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 101\Chapter 15 Abnormal\Video Clips\4012_Bipolar_Disorder\4012_Bipolar_Disorder.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 101\Chapter 15 Abnormal\Video Clips\4014_OCD\4014_OCD.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 101\Chapter 15 Abnormal\Video Clips\4018_ADHD\4018_ADHD.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 101\Chapter 17 Social\images\images.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 101\Chapter 3 Brain Neuroscience and Behavior\Preparation Resources\Preparation Resources.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 101\Chapter 3 Brain Neuroscience and Behavior\Preparation Resources\CHAPTER 3 FILES\CHAPTER 3 FILES.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 101\Chapter 3 Brain Neuroscience and Behavior\Preparation Resources\CHAPTER 3 FILES\3820_Feldman8_ppt_ch03\3820_Feldman8_ppt_ch03.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 101\Chapter 3 Brain Neuroscience and Behavior\Preparation Resources\CHAPTER 3 FILES\4124_Structure_of_Neurons\4124_Structure_of_Neurons.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 101\Chapter 9 Intelligence\Chapter 9 Intelligence.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 101\Paper Assignment\ARTICLES Full Text Files\ARTICLES Full Text Files.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 101\Paper Assignment\Set Three nine possibilities various lengths_files\Set Three nine possibilities various lengths_files.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 101\Paper Assignment\Set Two nine possibilities of 6 pages or less_files\Set Two nine possibilities of 6 pages or less_files.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201\HACC 201.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201\Article Critique Assignment\Article Critique Assignment.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201\Articles\Articles.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201\Chapter 1\Chapter 1.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201\Chapter 11\Chapter 11.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201\Chapter 12\Chapter 12.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201\Chapter 13\Chapter 13.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201\Chapter 14\Chapter 14.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201\Chapter 2\Chapter 2.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201\Chapter 2\1 Psychosocial Development\1 Psychosocial Development.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201\Chapter 2\2 Cognitive Development\2 Cognitive Development.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201\Chapter 2\3 Moral Development\3 Moral Development.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201\Chapter 3\Chapter 3.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201\Chapter 4\Chapter 4.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201\Chapter 6 and 5\Chapter 6 and 5.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201\Chapter 7\Chapter 7.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201\Chapter 8\Chapter 8.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201\Chapter 9\Chapter 9.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201\EBSCOhost Intrinsic Motivation and Academic Achievement What Does Their Relationship___files\EBSCOhost Intrinsic Motivation and Academic Achievement What Does Their Relationship___files.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201\EXAMS\EXAMS.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201\Exemplars Math K-2 Sample_files\Exemplars Math K-2 Sample_files.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201\Exemplars Science K-2 Sample_files\Exemplars Science K-2 Sample_files.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201\First Day of Class\First Day of Class.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201\New Folder\New Folder.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201\WebPages\WebPages.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201\WebPages\Graphic Organizers_files\Graphic Organizers_files.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201\Worksheets and Samples\Worksheets and Samples.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201 WEEKLY\HACC 201 WEEKLY.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201 WEEKLY\Fall 2009 Rosters\Fall 2009 Rosters.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201 WEEKLY\Session 1 First Day of Class\Session 1 First Day of Class.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201 WEEKLY\Session 10 Classroom Management and Assessment\Session 10 Classroom Management and Assessment.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201 WEEKLY\Session 2 Psychosocial and Cognitive Development\Session 2 Psychosocial and Cognitive Development.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201 WEEKLY\Session 3 Cognitive and Moral Development\Session 3 Cognitive and Moral Development.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201 WEEKLY\Session 4 Exam and Behavioral Learning Theory\Session 4 Exam and Behavioral Learning Theory.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201 WEEKLY\Session 5 Information Processing Theory\Session 5 Information Processing Theory.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201 WEEKLY\Session 6 Social Cognitive Theory\Session 6 Social Cognitive Theory.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201 WEEKLY\Session 7 Exam and Instruction\Session 7 Exam and Instruction.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201 WEEKLY\Sessions 8 and 9 COMBINED Due to Missed Class\Sessions 8 and 9 COMBINED Due to Missed Class.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\HACC 201 WEEKLY\SPRING 2010\SPRING 2010.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\Misc. Personal Files\Birthday Invites\Birthday Invites.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\Misc. Personal Files\Calder Birthday Party Invitation\Calder Birthday Party Invitation.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\Misc. Personal Files\Calder Birthday Pics for Printing\Calder Birthday Pics for Printing.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\Misc. Personal Files\For Nanny\For Nanny.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\Misc. Personal Files\Misc\Misc.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\Misc. Personal Files\Misc\2008_06_06\2008_06_06.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\Misc. Personal Files\Misc\2008_06_06\Originals\Originals.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\Misc. Personal Files\Misc\2008_10_30\2008_10_30.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\Misc. Personal Files\Misc\2008_10_30\Originals\Originals.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\Misc. Personal Files\Misc\Birthday Invitation Graphics\Birthday Invitation Graphics.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\Misc. Personal Files\Misc\Brightened\Brightened.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\Misc. Personal Files\Misc\Brightened\2008_09_11\2008_09_11.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\Misc. Personal Files\Misc\Calders Third Birthday Pictures\Calders Third Birthday Pictures.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\Misc. Personal Files\Misc\Calders Third Birthday Pictures\2008_11_21\2008_11_21.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\Misc. Personal Files\Misc\Photoshop Experiments\Photoshop Experiments.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\Misc. Personal Files\Mother's Day for Printing\Mother's Day for Printing.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\Misc. Personal Files\primerprint\primerprint.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\Misc. Personal Files\primerprint\WINDOWS\WINDOWS.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\Misc. Personal Files\primerprint\WINDOWS\Desktop\Desktop.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\Misc. Personal Files\Santa\Santa.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\Documents\HACC\HACC JUMP DRIVE BACK UP\Misc. Personal Files\Santa\Collages\Collages.exe (Worm.Olala) -> Quarantined and deleted successfully.
C:\Users\Clark Family\AppData\Local\Temp\ms0cfg32.exe (Exploit.Drop.CFG) -> Quarantined and deleted successfully.
C:\Users\Clark Family\AppData\Roaming\isecurity.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.

(end)


THE CURRENT MALWAREBYTES SCAN

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.15.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Clark Family :: CLARKFAMILY-HP [administrator]

3/15/2012 5:53:54 PM
mbam-log-2012-03-15 (17-53-54).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 406166
Time elapsed: 1 hour(s), 18 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[clarkstar]

Hope I've done this all correctly! Thanks so much already for your time and help...and for the excellent 5-Step Directions! Much appreciated!

 

[clarkstar]

(And sorry that these are posted in the wrong order...they were, in fact, carried out in the right order, but I was having trouble finding my MalwareBytes logs and so I went ahead and posted the others while I tracked them down!)

 

[Bobbye]

My apology for the delay- I've been sick.

Okay- let me lay this out for you:
The most prevalent malware is (Worm.Olala)>>> Worm:Win32/VB.CB is a worm that attempts to spread via Yahoo! Messenger.It may check if Yahoo! Messenger is running in the system. If Yahoo! Messenger is running, Worm:Win32/VB.CB attempts to spread to other computers by sending a link containing a copy of itself to all of the user's contacts.

It attempts to connect to a remote server >>"dungcoivb.googlepages.com" to download other files.The malware may use the following text in the message:

Chuc mung, ban da tam thoi thoat khoi Worm DungCoi
Olalala >> what shows in your logs, may tinh cua ban da dinh Worm DungCoi...........

When executed, Worm:Win32/VB.CB may drop itself to executable files.The malware then modifies the system registry by adding values or modifying registry entries so that it runs on every Windows start by using value> "load"

Alert Level>> Severe

This Worm is all over the laptop HACC JUMP DRIVE BACK UP files, executable files in the Clark Family\Documents
Source: Description courtest Microsoft.
--------------------------------
Mbam also found the (Backdoor.IRCBot):

This is a piece of malware that has worm, downloader, backdoor, keylogger and spy ability. It may arrive on a system after being exploited by a copy of the worm, residing on an infected machine in the network. After execution, the malware will inject a piece of code in kernel mode (by gaining access to \Device\PhysicalMemory). It will make a copy of itself inside c:\windows\fonts\unwise_.exe (hidden), execute it and continue execution there. The original file it will then be deleted. The worm will register itself as a service under the name: Windows Hosts Controller, and setting the information to "Enables Windows Host Controller Service. This service cannot be stopped." discouraging users from deleting it.

The worm has the ability to spread via: USB drives; when it detects a new drive, it will make a fresh copy of itself, on the USB drive in the following directory:
Recycler\S-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxx-xxxx\file-name.exe. It will also create an autorun.inf file that will point to the new copy.

And yes- it makes Registry changes to the firewall, the Security Center. It can do or cause:

1. Use of the machine as part of a botnet (e.g. to perform automated spamming or to distribute Denial-of-service attacks)
2. Data theft (e.g. retrieving passwords or credit card information)
3. Installation of software, including third-party malware
4. Downloading or uploading of files on the user's computer
5. Modification or deletion of files
6. Keystroke logging
7. Watching the user's screen
8. Wasting the computer's storage space
9. Crashing the computer

---------------------------------
The (Trojan.FakeAlert.FS) is s Rogue Antivirus that fools users into installing it by telling them that their computer may be infected. Once installed, the malware will inform users that their computer is critically infected with system threats by giving them exaggerated virus reports, pop-up windows and even changing the desktop background to a fake infection error message.
=============================================
Although scan s can remove some entries, it is likely that the system has already been compromised> files corrupted, password/personal information stolen, and leaving the Backdoor in the system and ability to connect to remote servers,

Being advised of this, would you rather consider a reformat/reinstall instead of an attempt to clean which may not find or remove all if it's code?

No matter what you decide, all passwords should be changed and any online financial transactions should be carefully monitored

 

[clarkstar]

Thanks for your detailed reply. I appreciate it.

To be honest, I'm not exactly sure what exactly it would mean to 'reformat' or 'reinstall'. You seem to imply that I might not want to do it, so does that mean I would lose data or something? Thanks for your patience with my limited understanding here. I'm scared by the potential leak of personal information, and I'd like to get a handle on this as soon as possible.

Again, I'm so grateful for any help!

 

[Bobbye]

If you check this link> http://www.tech-101.com/support/ind...and-repair-xp-vista-7/page__p__1645#entry1645

You will be doing a Fresh Install (not a Repair install)

There is also a section named Extra Backup processes

You will find the entire step by step process. It will tell you what happens, how to back up and what you need. I suggest you print the instructions our because once you start the process, the instructions won't be available to you while you're working.

Some users do a 'routine' reformat/reinstall. I don't believe in that- it should only be done as a last resort. Many don't know how to troubleshoot which is unfortunate. But I think knowing the limits where we can reasonably assure the person that a system can be cleaned safely and when it cannot is important

I am seeing so many systems infected with multiple malware> not just a few ads, but the really bad 'stuff.' Then it becomes an issue of whether the system is safe and clean if we just removed those entries we find. In some cases, like yours, I think we would do a disservice to just remove the files and send you on your way>> it's the true test of "could we> should we?"

Read through the link I left- the post 2 will begin the actual process.
---------------------------------------
When you have finished the process, send me a PM to let me know. Then I'll have you put a new thread in the forum for security processes recommendations.

 

[clarkstar]

Thanks for your honest advice. I'm still so overwhelmed by this problem. The simple and occasional redirects are such a minor nuissance that it's hard for me to get my head around the idea that they could be a major security threat.

I would, however, like to do a full reinstall, but my laptop (HP Pavilion purchased at Best Buy less than a year ago -- July 2011) did not come with a Windows XP CD. I thought this was strange at the time, but I didn't really give it a second thought. I guess I assumed that including CDs with new computers had become outdated.

Thus, I don't think I'd have any way to reinstall the operating system. Right? Are there ways to get these CDs if you don't have one??

 

[clarkstar]

One more question -- and thank you, thank you again for your time!

I'm preparing to back up my files to do a complete reinstall, but I'm just confused about how we know that the virus will not be 'transferred' when I do this. I plan to put my documents, photos, and music on an external hard drive, and then return them to the laptop when it is restored to factory settings. How can I know, though, that the files are clean and that I'm not simply sending the virus along to the external drive and then back to the laptop?

Sorry if these are very basic questions! I'm just trying to understand this process! Your answers are so appreciated!

 

[Bobbye]

Can you please contact Best Buy and ask for information about disc to reinstall? I am not familiar with the HP setup.

There is no guarantee that the files you back up are clean. Stay away from these file associations:
.exe, .scr, .rar, .zip, .htm, .html. You can't just go back to the factory install- you need to do a reformat before the reinstall.