Solved Unauthorized bank card charges - Possible virius/spyware

[logangb345]

This past Thursday, I had two un-authorized charges to my bank account. The privious night I had a virius quarantined which I deleted immediately. I think that something may have happened and it wasn't fully deleted, or deleted too late (I'm not sure how that sort of thing works, so I can't be certain).

My bank has taken care of the charges so that's not an issue any longer, I just want to be certain that whatever it was that stole my bank account number is gone. I have also found multiple iexplore.exe processes in my task manager that I heard wasn't a good thing. I scanned past threads about this, but I knew the situations weren't identical to mine and weren't necessarily on Vista. I wanted to post my own dilemma instead of using what they did in case it messed up my system even more.

I have the logs of the "8-step Viruses/Spyware/Malware Preliminary Removal Instructions" if it's helpful to have them.

Thanks to anyone willing to help with expert knowledge in this area,
Logan

 

[Broni]

Welcome aboard

Please, post your logs...

 

[logangb345]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4602

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

9/12/2010 8:51:11 PM
mbam-log-2010-09-12 (20-51-11).txt

Scan type: Quick scan
Objects scanned: 138039
Time elapsed: 11 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


For some reason, the GMER file didn't have anything saved in it. I will re-do the scan and post the log then.



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 8/19/2009 3:35:30 AM
System Uptime: 9/12/2010 8:16:08 PM (2 hours ago)

Motherboard: Dell Inc. | | 0P792H
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | U2E1 | 1200/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 283 GiB total, 194.931 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 5.734 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

Acrobat.com
Adobe Acrobat 9 Standard - English, Français, Deutsch
Adobe Acrobat 9.3.4 - CPSID_83708
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.4
Adobe Shockwave Player 11.5
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
Banctec Service Agreement
Byki
Byki Express
Compatibility Pack for the 2007 Office system
Dell-eBay
Dell DataSafe Local Backup
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Video Chat
Dell Webcam Central
Download Updater (AOL LLC)
GIMP 2.7.0
Google Earth Plug-in
Google SketchUp 7
Google Update Helper
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ITECIR
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
kSolo Recorder
LG USB Modem driver
LimeWire 5.4.6
Live! Cam Avatar Creator
Malwarebytes' Anti-Malware
Microsoft Age of Empires II
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.6.2)
MSN Toolbar
MSVCRT
Musicnotes Software Suite 1.1
Picasa 3
PowerDVD DX
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Sibelius 6.1.0.3 Demo
Sibelius Scorch (ActiveX Only)
Sound Blaster X-Fi MB
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
V CAST Music with Rhapsody
Viewpoint Media Player
W Photo Studio
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer

==== End Of File ===========================

 

[logangb345]

DDS (Ver_10-03-17.01) - NTFSX64
Run by Logan at 22:30:46.75 on Sun 09/12/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6102.4057 [GMT -6:00]

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Logan\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.swagbucks.com/
uDefault_Page_URL = hxxp://www.msn.com
mLocal Page = c:\windows\syswow64\blank.htm
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
mRun: [VolPanel] "c:\program files (x86)\creative\sb x-fi mb\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Microsoft Default Manager] "c:\program files (x86)\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "c:\program files (x86)\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [DellSupportCenter] "c:\program files (x86)\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRunOnce: [Launcher] "c:\program files (x86)\dell datasafe local backup\components\scheduler\Launcher.exe"
mRunOnce: [Malwarebytes' Anti-Malware] "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" /install /silent
mRunOnce: [DellDatasafeLauncher] "c:\program files (x86)\dell datasafe local backup\components\scheduler\Launcher.exe"
StartupFolder: c:\users\logan\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\logan\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files (x86)\limewire\LimeWire.exe
StartupFolder: c:\users\logan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files (x86)\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://games.pogo.com/online2/pogo/chuzzle/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [Apoint] c:\program files\delltpad\Apoint.exe
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun-x64: [RunDLLEntry] c:\windows\system32\rundll32.exe c:\windows\system32\AmbRunE.dll,RunDLLEntry
mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe

================= FIREFOX ===================

FF - ProfilePath - c:\users\logan\appdata\roaming\mozilla\firefox\profiles\709xzgps.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files (x86)\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\ksolo\npAVX.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files (x86)\musicnotes\npmusicn.dll
FF - plugin: c:\program files (x86)\musicnotes\NPSibelius.dll
FF - plugin: c:\program files (x86)\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

[logangb345]

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-8-19 53488]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2008-10-3 192528]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_15f4e438\AESTSr64.exe [2009-8-19 89600]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-7-13 42000]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2008-10-3 277008]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\viewpoint\common\ViewpointService.exe [2009-8-28 24652]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-8-19 172032]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-8-19 126464]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-8-19 59392]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2009-8-19 239104]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw5v64.sys [2009-8-19 4735488]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-6 159840]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-8 319840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-3-17 136176]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\common files\creative labs shared\service\AL6Licensing.exe [2009-8-19 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2009-8-19 79360]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-2 61280]
S3 fsssvc;Windows Live Family Safety Service;c:\program files (x86)\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\common files\creative labs shared\service\XMBLicensing.exe [2009-8-19 79360]
S3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2009-8-28 587696]
S3 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-8-28 854280]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-09-13 02:37:48 0 d-----w- c:\users\logan\appdata\roaming\Malwarebytes
2010-09-13 02:37:12 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-13 02:37:12 0 d-----w- c:\programdata\Malwarebytes
2010-09-13 02:37:12 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-09-13 02:15:28 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-08-21 14:29:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll

==================== Find3M ====================

2010-08-10 05:57:13 5659925 ----a-w- c:\windows\fonts\HDZB.TTF
2010-07-26 15:51:48 11584512 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-23 23:29:41 82752 ----a-w- c:\windows\fonts\OPUSC___.TTF
2010-07-23 23:29:41 66688 ----a-w- c:\windows\fonts\OPUSCS__.TTF
2010-07-23 23:29:41 32608 ----a-w- c:\windows\fonts\INK2TEXT.TTF
2010-07-23 23:29:41 27896 ----a-w- c:\windows\fonts\OPUS____.TTF
2010-07-23 23:29:39 79336 ----a-w- c:\windows\fonts\INK2SCRI.TTF
2010-07-23 23:29:38 30900 ----a-w- c:\windows\fonts\HELST___.TTF
2010-07-23 23:29:38 15116 ----a-w- c:\windows\fonts\INK2METR.TTF
2010-07-23 23:29:38 14396 ----a-w- c:\windows\fonts\HELSM___.TTF
2010-07-23 23:29:38 106220 ----a-w- c:\windows\fonts\INK2CHOR.TTF
2010-06-26 06:30:12 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:25:54 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:25:54 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:05:49 916480 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-26 06:05:41 1210368 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-26 06:04:40 206848 ----a-w- c:\windows\syswow64\occache.dll
2010-06-26 06:03:22 611840 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-26 06:03:04 5951488 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-26 06:03:02 599040 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-06-26 06:03:02 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-26 06:02:31 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2010-06-26 06:02:15 1986560 ----a-w- c:\windows\syswow64\iertutil.dll
2010-06-26 06:02:15 164352 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2010-06-26 06:02:14 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2010-06-26 06:02:14 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-26 06:02:14 11077120 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-26 06:02:09 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-26 04:47:47 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-26 04:25:02 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-06-26 04:24:51 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2010-06-26 04:24:17 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-21 14:05:22 2752000 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:48:21 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 17:31:29 36864 ----a-w- c:\windows\syswow64\rtutils.dll
2009-12-08 10:19:50 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-08 10:19:50 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-08 10:19:50 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-08 10:19:50 143360 ----a-w- c:\windows\inf\infstrng.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-08-19 15:37:56 75 --sh--r- c:\windows\CT4CET.bin
2010-02-10 05:20:34 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-14 09:18:23 245760 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-08-19 17:07:56 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 22:31:09.52 ===============

 

[logangb345]

I ran GMER again and still had no information saved in the file.

 

[Broni]

That's fine....

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[logangb345]

Thank you for the fast responses!

I can't run Combofix. I tried downloading from both links. I try to run the program, but I get a message that says "Incompatible OS." and something about only working with Windows 2000 and XP.

Here's the MBRCheck:



MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Studio 1737
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 156):
0x01C60000 \SystemRoot\system32\ntoskrnl.exe
0x01C1A000 \SystemRoot\system32\hal.dll
0x00603000 \SystemRoot\system32\kdcom.dll
0x0060D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00648000 \SystemRoot\system32\PSHED.dll
0x0065C000 \SystemRoot\system32\CLFS.SYS
0x006B9000 \SystemRoot\system32\CI.dll
0x00807000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E1000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008EF000 \SystemRoot\system32\drivers\acpi.sys
0x00945000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094E000 \SystemRoot\system32\drivers\msisadrv.sys
0x00958000 \SystemRoot\system32\drivers\pci.sys
0x00988000 \SystemRoot\System32\drivers\partmgr.sys
0x0099D000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x009A1000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x009AD000 \SystemRoot\system32\drivers\volmgr.sys
0x0076B000 \SystemRoot\System32\drivers\volmgrx.sys
0x009C1000 \SystemRoot\System32\drivers\mountmgr.sys
0x009D4000 \SystemRoot\system32\drivers\atapi.sys
0x009DC000 \SystemRoot\system32\drivers\ataport.SYS
0x007D1000 \SystemRoot\system32\drivers\msahci.sys
0x007DB000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00A0A000 \SystemRoot\system32\drivers\fltmgr.sys
0x00A51000 \SystemRoot\system32\drivers\fileinfo.sys
0x00A65000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00A71000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C06000 \SystemRoot\system32\drivers\ndis.sys
0x00AF8000 \SystemRoot\system32\drivers\msrpc.sys
0x00B48000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E06000 \SystemRoot\System32\drivers\tcpip.sys
0x00F7C000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0100F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0118F000 \SystemRoot\system32\drivers\volsnap.sys
0x011D3000 \SystemRoot\System32\Drivers\spldr.sys
0x011DB000 \SystemRoot\System32\Drivers\mup.sys
0x00FA8000 \SystemRoot\System32\drivers\ecache.sys
0x00FD4000 \SystemRoot\system32\drivers\disk.sys
0x00DC9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x011ED000 \SystemRoot\system32\drivers\crcdisk.sys
0x00BA1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x011F7000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x02001000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x0280E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x028F1000 \SystemRoot\System32\drivers\watchdog.sys
0x02901000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x0290D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02953000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02A00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02C02000 \SystemRoot\system32\DRIVERS\NETw5v64.sys
0x03091000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x030D0000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x030E2000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x030F2000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x03112000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
0x03127000 \SystemRoot\system32\DRIVERS\rimspx64.sys
0x0313E000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
0x03195000 \SystemRoot\system32\DRIVERS\itecir.sys
0x02AED000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x031F0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02B03000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x02B40000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x02B4C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02B68000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x02B75000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02B88000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x02B91000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x02B96000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02964000 \SystemRoot\system32\DRIVERS\storport.sys
0x02BCF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02BDC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x029C1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x029CD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x027AB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x027BB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x027D9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x00BAE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x031FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x00BC1000 \SystemRoot\system32\DRIVERS\ks.sys
0x007EB000 \SystemRoot\system32\DRIVERS\circlass.sys
0x02800000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x0320C000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0321C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03264000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03278000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x032F1000 \SystemRoot\system32\DRIVERS\portcls.sys
0x0332C000 \SystemRoot\system32\DRIVERS\drmk.sys
0x0334F000 \SystemRoot\system32\drivers\ksthunk.sys
0x03355000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x03379000 \SystemRoot\system32\DRIVERS\hidir.sys
0x03384000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x03396000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0339E000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x033A9000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x033B4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x033BE000 \SystemRoot\System32\Drivers\Null.SYS
0x033C7000 \SystemRoot\System32\drivers\vga.sys
0x033D5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03200000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x027F1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x00DF5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x07008000 \SystemRoot\System32\Drivers\Npfs.SYS
0x07019000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x07022000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0703F000 \SystemRoot\system32\DRIVERS\smb.sys
0x0705A000 \SystemRoot\system32\drivers\afd.sys
0x070C5000 \SystemRoot\System32\DRIVERS\netbt.sys
0x07109000 \SystemRoot\system32\DRIVERS\pacer.sys
0x07127000 \SystemRoot\system32\DRIVERS\tmlwf.sys
0x0715A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x07169000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x07184000 \SystemRoot\system32\DRIVERS\tmtdi.sys
0x0719A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x071E7000 \SystemRoot\system32\drivers\nsiproxy.sys
0x07206000 \SystemRoot\System32\Drivers\dfsc.sys
0x07223000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0722C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0722E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0724A000 \SystemRoot\system32\DRIVERS\OA001Vid.sys
0x07299000 \SystemRoot\system32\DRIVERS\OA001Ufd.sys
0x072C1000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys
0x072EB000 \SystemRoot\System32\Drivers\crashdmp.sys
0x072F9000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x07305000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x000C0000 \SystemRoot\System32\win32k.sys
0x0730F000 \SystemRoot\System32\drivers\Dxapi.sys
0x0731B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004C0000 \SystemRoot\System32\TSDDD.dll
0x00690000 \SystemRoot\System32\cdd.dll
0x008F0000 \SystemRoot\System32\ATMFD.DLL
0x0732E000 \SystemRoot\system32\drivers\luafv.sys
0x07350000 \SystemRoot\system32\DRIVERS\tmpreflt.sys
0x18A09000 \SystemRoot\system32\DRIVERS\vsapint.sys
0x0735F000 \SystemRoot\system32\DRIVERS\tmxpflt.sys
0x19208000 \SystemRoot\system32\drivers\spsys.sys
0x192A2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x192B6000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x192EA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x192F5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x1930D000 \SystemRoot\system32\drivers\HTTP.sys
0x193B0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x193D9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x073B6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x073D0000 \SystemRoot\system32\drivers\mrxdav.sys
0x19601000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x1962A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x19673000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x19692000 \SystemRoot\System32\DRIVERS\srv2.sys
0x196C4000 \SystemRoot\System32\DRIVERS\srv.sys
0x19C06000 \SystemRoot\system32\drivers\peauth.sys
0x19CBC000 \SystemRoot\System32\Drivers\secdrv.SYS
0x19CC7000 \SystemRoot\System32\Drivers\fastfat.SYS
0x19CFC000 \SystemRoot\System32\drivers\tcpipreg.sys
0x1A003000 \SystemRoot\system32\DRIVERS\tmwfp.sys
0x1A1B3000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x771C0000 \Windows\System32\ntdll.dll

Processes (total 74):
0 System Idle Process
4 System
488 C:\Windows\System32\smss.exe
556 csrss.exe
592 C:\Windows\System32\wininit.exe
612 csrss.exe
648 C:\Windows\System32\services.exe
668 C:\Windows\System32\lsass.exe
676 C:\Windows\System32\lsm.exe
776 C:\Windows\System32\winlogon.exe
848 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\svchost.exe
376 C:\Windows\System32\svchost.exe
512 C:\Windows\System32\svchost.exe
548 C:\Windows\System32\svchost.exe
672 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\stacsv64.exe
1056 C:\Windows\System32\audiodg.exe
1092 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
1132 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\SLsvc.exe
1200 C:\Windows\System32\svchost.exe
1324 C:\Program Files\Dell\DellDock\DockLogin.exe
1416 C:\Windows\System32\svchost.exe
1592 C:\Windows\System32\spoolsv.exe
1616 C:\Windows\System32\svchost.exe
1792 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
1828 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1852 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1180 C:\Windows\System32\svchost.exe
832 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2108 C:\Windows\System32\svchost.exe
2360 C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
2380 C:\Windows\System32\svchost.exe
2396 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2428 C:\Windows\System32\SearchIndexer.exe
2800 C:\Windows\System32\taskeng.exe
2856 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3032 C:\Windows\System32\taskeng.exe
3060 C:\Windows\System32\dwm.exe
2388 C:\Windows\explorer.exe
1392 C:\Program Files\Windows Defender\MSASCui.exe
2676 C:\Program Files\DellTPad\Apoint.exe
2652 C:\Windows\System32\hkcmd.exe
2684 C:\Windows\System32\igfxpers.exe
2696 C:\Windows\System32\rundll32.exe
2952 C:\Program Files\IDT\WDM\sttray64.exe
3092 C:\Program Files\Windows Sidebar\sidebar.exe
3116 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
3136 C:\Windows\ehome\ehtray.exe
3164 C:\Program Files\Dell\QuickSet\quickset.exe
3184 C:\Program Files\Dell\DellDock\DellDock.exe
3192 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
3208 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
3216 C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
3224 C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
3232 C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
3248 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
3260 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
3276 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3296 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3580 C:\Windows\ehome\ehmsas.exe
3604 C:\Windows\System32\wbem\unsecapp.exe
3684 WmiPrvSE.exe
3904 C:\Program Files\iPod\bin\iPodService.exe
524 C:\Windows\System32\igfxsrvc.exe
4244 C:\Program Files\DellTPad\ApMsgFwd.exe
4352 C:\Program Files\DellTPad\hidfind.exe
4388 WmiPrvSE.exe
4608 C:\Program Files\DellTPad\ApntEx.exe
4724 C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
4876 C:\Windows\System32\conime.exe
4524 C:\Windows\System32\wbem\WMIADAP.exe
2076 C:\Users\Logan\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c4f00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`04f00000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543232L9A300, Rev: FB4OC4FC

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

 

[Broni]

I'm sorry, my fault. Combofix won't run on 64-bit system.

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):

• 
  Close browsers before scanning.
  Scan for tracking cookies.
  Terminate memory threats before quarantining.

* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.

• 
  Click Preferences, then click the Statistics/Logs tab.
  Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  Please copy and paste the Scan Log results in your next reply.

* Click Close to exit the program.
Post SUPERAntiSpyware log.

=======================================================================

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[logangb345]

Well, this seemed to make everything a little bit faster, I think...

Thanks again for all your help!

 

[logangb345]

Here is the OTL file:

 

[logangb345]

And the Extras file:

 

[Broni]

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

========================================================================

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

=======================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O4 - HKLM..\Run: []  File not found
  O4 - Startup: C:\Users\Logan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
  O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
  O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
  O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
  O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
  O20:[b]64bit:[/b] - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
  O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
  O33 - MountPoints2\{03d19f7e-b5a8-11de-83b5-002219f874b7}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
  O33 - MountPoints2\{03d19f83-b5a8-11de-83b5-002219f874b7}\Shell - "" = AutoRun
  O33 - MountPoints2\{03d19f83-b5a8-11de-83b5-002219f874b7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
  O33 - MountPoints2\{da1fe510-9449-11de-b4be-002219f874b7}\Shell - "" = AutoRun
  O33 - MountPoints2\{da1fe510-9449-11de-b4be-002219f874b7}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe -- File not found
  O33 - MountPoints2\{da1fe6e7-9449-11de-b4be-002219f874b7}\Shell - "" = AutoRun
  O33 - MountPoints2\{da1fe6e7-9449-11de-b4be-002219f874b7}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
  @Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:73CF0D7D
  @Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:FAFEC4B9
  @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5C90B77C
  
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

• Disable your active antivirus program.
• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
  • Archives
  • Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

 

[logangb345]

I can't believe how much faster my computer is running now! Thanks!

Here's the OTL log:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Users\Logan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ not found.
File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui\ deleted successfully.
File move failed. C:\Windows\SysNative\igfxdev.dll scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03d19f7e-b5a8-11de-83b5-002219f874b7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03d19f7e-b5a8-11de-83b5-002219f874b7}\ not found.
File F:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03d19f83-b5a8-11de-83b5-002219f874b7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03d19f83-b5a8-11de-83b5-002219f874b7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03d19f83-b5a8-11de-83b5-002219f874b7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03d19f83-b5a8-11de-83b5-002219f874b7}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da1fe510-9449-11de-b4be-002219f874b7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da1fe510-9449-11de-b4be-002219f874b7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da1fe510-9449-11de-b4be-002219f874b7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da1fe510-9449-11de-b4be-002219f874b7}\ not found.
File F:\VZAccess_Manager.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da1fe6e7-9449-11de-b4be-002219f874b7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da1fe6e7-9449-11de-b4be-002219f874b7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da1fe6e7-9449-11de-b4be-002219f874b7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da1fe6e7-9449-11de-b4be-002219f874b7}\ not found.
File F:\LaunchU3.exe not found.
ADS C:\ProgramData\TEMP:73CF0D7D deleted successfully.
ADS C:\ProgramData\TEMP:FAFEC4B9 deleted successfully.
ADS C:\ProgramData\TEMP:5C90B77C deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Logan
->Temp folder emptied: 5312173 bytes
->Temporary Internet Files folder emptied: 65353659 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 53459939 bytes
->Flash cache emptied: 2843 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2437310 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 4581083 bytes

Total Files Cleaned = 125.00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Default

User: Default User

User: Logan
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.12.0 log created on 09142010_194033

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\igfxdev.dll scheduled to be moved on reboot.
C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JVPWQGPQ\topic153264[1].html moved successfully.
C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\78UCW9UN\ads[1].htm moved successfully.
C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3QDT4LOZ\sh23[1].html moved successfully.
C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...



Security Check log:
Results of screen317's Security Check version 0.99.5
Windows Vista (UAC is enabled)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 21
Adobe Flash Player 10.0.32.18
Adobe Reader 8.1.4
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.2) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
Trend Micro Internet Security SfCtlCom.exe
Trend Micro BM TMBMSRV.exe
Trend Micro Internet Security UfSeAgnt.exe
TRENDM~1 INTERN~1 TmPfw.exe
Trend Micro Internet Security TmProxy.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

 

[Broni]

I'm glad to hear good news

 

[logangb345]

I couldn't finish the Kaspersky thing. It finished the Program Download and Update, but when it tries to do the Database Update it gets to about 14% and gives me this message:

Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab. Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: Connection to updates source cannot be established]

 

[Broni]

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• IMPORTANT! UN-check Remove found threats
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

 

[logangb345]

Ok that worked.

Here is the log:

C:\Program Files (x86)\Unlocker\eBay_shortcuts_1016.exe a variant of Win32/Adware.ADON application
C:\Users\Logan\AppData\Roaming\Desktopicon\eBayShortcuts.exe a variant of Win32/Adware.ADON application

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  
  :Services
  
  :Reg
  
  :Files
  C:\Program Files (x86)\Unlocker\eBay_shortcuts_1016.exe 
  C:\Users\Logan\AppData\Roaming\Desktopicon\eBayShortcuts.exe
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

======================================================================

1. Update Firefox.

2. Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

make sure, you have both boxes UN-checked AND (important!) click on Decline button

========================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current (including Service Pack 2!)

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.

 

[logangb345]

OTL log:

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files (x86)\Unlocker\eBay_shortcuts_1016.exe moved successfully.
C:\Users\Logan\AppData\Roaming\Desktopicon\eBayShortcuts.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Logan
->Temp folder emptied: 63343067 bytes
->Temporary Internet Files folder emptied: 46991764 bytes
->Java cache emptied: 128101 bytes
->FireFox cache emptied: 13240255 bytes
->Flash cache emptied: 1957 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49632 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 118.00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Default

User: Default User

User: Logan
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.12.0 log created on 09142010_225154

Files\Folders moved on Reboot...
File\Folder C:\Users\Logan\AppData\Local\Temp\Low\hsperfdata_Logan\4032 not found!

Registry entries deleted on Reboot...

 

[logangb345]

So far, my computer is in great shape!

I have just one more question for you: My Trend Micro Internet Security is going to expire November 27 and I don't really want to pay to renew it if there is something else I can use that works just as good (if not better). So, what combination of programs should I use for my all of my security?

Thank you so much for all of your help with everything! I can't thank you enough!

 

[logangb345]

Another thing, I can't view PDF files now. I get this message when I try:

"The Adobe Acrobat/Reader that is running can not be used to view PDF files in a Web Browser.
Adobe Acrobat/Reader version 8 or 9 is required. Please exit and try again."

 

[Broni]

Very good

Trend Micro alternatives...

- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html

- free Comodo Internet Security (firewall + AV): http://www.personalfirewall.comodo.com/
NOTE. During installation, Comodo will also allow you to install AV only, or firewall only, if you prefer to combine one Comodo product with some other product.

If you decide to install Avast, or Avira, make sure, Windows firewall is turned on, or use Comodo firewall..
If you decide to install Comodo Internet Security, or just Comodo firewall, make sure, Windows firewall is turned off.


As for PDF files, I strongly suggest, you switch to FoxIt (reply #19).

 

[logangb345]

Ok cool. Now, I know you mentioned using Malwarebytes, TFC, and Secunia regularly; should I also continue to use SUPERAntiSpyware?

The only reason I didn't install FoxIt is because I don't really use Firefox ever. Will it work with IE?

 

[Broni]

Superantispyware is an excellent program.
If you have time to run MBAM and Super once in a while, that's even better.

You can have as many browsers, as you want.
Having at least two is a very good idea, just in case you need to do some troubleshooting.