trz####.tmp files are taking over my computer!

Should I run GooredFix before, or after ComboFix?

Also, ComboFix prompted me to update to the newer version, but I clicked No. Is that a problem?

Also also, you're awesome. Thanks so much for the help so far!

Problem, the first.

I followed your instructions, ran ComboFix, left for a bit, and when I came back, a window was open that said it needed to report Malware or something and to make sure I was connected to the internet before clicking Continue (or OK). Windows explorer wasn't up so I couldn't get to the start menu. I just assumed I was still connected to the internet and hit OK, a loading bar started and after a few seconds hit 100%, then it said there was no file at C:\Users\User\AppData\\log.txt and asked if I wanted to create the file. I clicked Yes and it closed ComboFix and opened log.txt, but it's blank.

Was that supposed to happen?

The ComboFix.txt changed, though, so here it is:

[[ComboFix.Txt - 2nd run]]

ComboFix 10-09-22.02 - User 22/09/2010 21:35:20.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2046.1154 [GMT -4:00]
Running from: c:\users\User\Desktop\commy.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\unpu.exe"
"c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\uvec.exe"
"c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ymyn.exe"
"c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ynel.exe"
"c:\windows\system32\config\systemprofile\AppData\Local\Qdativodukeqoda.bin"
"c:\windows\system32\config\systemprofile\AppData\Local\Ukazafuxu.dat"
"c:\windows\system32\o.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\unpu.exe
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\uvec.exe
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ymyn.exe
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ynel.exe
c:\users\User\AppData\Roaming\Kineo
c:\users\User\AppData\Roaming\Kineo\trz411.tmp
c:\users\User\AppData\Roaming\Mual
c:\windows\System32\config\systemprofile\AppData\Local\{5B7E0F29-0448-4B9B-8842-DDA1BFFC675D}
c:\windows\System32\config\systemprofile\AppData\Local\{5B7E0F29-0448-4B9B-8842-DDA1BFFC675D}\chrome.manifest
c:\windows\System32\config\systemprofile\AppData\Local\{5B7E0F29-0448-4B9B-8842-DDA1BFFC675D}\chrome\content\_cfg.js
c:\windows\System32\config\systemprofile\AppData\Local\{5B7E0F29-0448-4B9B-8842-DDA1BFFC675D}\chrome\content\overlay.xul
c:\windows\System32\config\systemprofile\AppData\Local\{5B7E0F29-0448-4B9B-8842-DDA1BFFC675D}\install.rdf
c:\windows\system32\config\systemprofile\AppData\Local\Qdativodukeqoda.bin
c:\windows\system32\config\systemprofile\AppData\Local\Ukazafuxu.dat
c:\windows\system32\o.dat
K:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-08-23 to 2010-09-23 )))))))))))))))))))))))))))))))
.

2010-09-23 01:42 . 2010-09-23 01:42 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-09-23 01:42 . 2010-09-23 01:42 -------- d-----w- c:\users\User\AppData\Local\temp
2010-09-23 01:42 . 2010-09-23 01:42 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-23 01:42 . 2010-09-23 01:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-22 22:19 . 2010-09-22 22:19 -------- d-----w- c:\programdata\WindowsSearch
2010-09-22 19:37 . 2010-09-22 19:37 -------- d-----w- C:\_OTL
2010-09-22 13:04 . 2010-09-22 13:04 -------- d-----w- c:\program files\temp
2010-09-18 23:12 . 2010-09-18 23:12 -------- d-----w- c:\program files\AVS4YOU
2010-09-18 23:10 . 2010-06-22 18:57 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
2010-09-18 23:10 . 2010-06-22 18:57 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
2010-09-15 03:23 . 2010-09-19 02:56 65024 ----a-w- c:\users\User\AppData\Roaming\.minecraft\bin\natives\jinput-dx8_64.dll
2010-09-15 03:23 . 2010-09-19 02:56 62464 ----a-w- c:\users\User\AppData\Roaming\.minecraft\bin\natives\jinput-raw_64.dll
2010-09-15 03:23 . 2010-09-19 02:56 248832 ----a-w- c:\users\User\AppData\Roaming\.minecraft\bin\natives\lwjgl64.dll
2010-09-15 03:23 . 2010-09-19 02:56 195072 ----a-w- c:\users\User\AppData\Roaming\.minecraft\bin\natives\OpenAL64.dll
2010-09-15 03:23 . 2010-09-15 03:06 232159 ----a-w- c:\users\User\AppData\Roaming\.minecraft\Minecraft.exe
2010-09-14 14:54 . 2009-07-23 03:08 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2010-09-14 14:54 . 2009-07-23 03:08 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2010-09-14 14:52 . 2010-09-14 14:52 -------- d-----w- c:\windows\system32\RsFx
2010-09-14 14:44 . 2010-09-14 14:52 -------- d-----w- c:\program files\Microsoft SQL Server
2010-09-14 14:42 . 2010-09-14 14:42 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-09-14 14:41 . 2010-09-14 14:41 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-09-14 14:41 . 2010-09-14 14:41 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-14 14:39 . 2010-09-14 14:39 -------- d-----w- c:\programdata\PreEmptive Solutions
2010-09-14 14:31 . 2010-09-14 14:32 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-14 14:27 . 2010-09-14 14:27 -------- d-----w- c:\program files\Microsoft ASP.NET
2010-09-14 14:27 . 2010-09-14 14:27 -------- d-----w- c:\program files\IIS
2010-09-14 14:25 . 2010-09-14 14:25 18368 ----a-w- c:\programdata\Microsoft\VSA\9.0\1033\ResourceCache.dll
2010-09-14 14:25 . 2010-09-14 15:09 2377696 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2010-09-14 14:11 . 2010-09-14 14:50 -------- d-----w- c:\windows\system32\1033
2010-09-14 14:10 . 2010-09-14 14:10 -------- d-----w- c:\windows\symbols
2010-09-14 14:09 . 2010-09-14 14:18 -------- d-----w- c:\program files\Microsoft F#
2010-09-14 14:09 . 2010-09-14 14:43 -------- d-----w- c:\program files\Microsoft SDKs
2010-09-14 14:09 . 2010-09-14 14:13 -------- d-----w- c:\program files\HTML Help Workshop
2010-09-14 14:09 . 2010-09-14 14:17 -------- d-----w- c:\program files\Common Files\Merge Modules
2010-09-14 14:09 . 2010-09-14 14:09 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-09-14 14:01 . 2010-09-14 14:01 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-09-09 00:34 . 2010-09-21 12:54 -------- d-----w- c:\users\User\AppData\Roaming\.minecraft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 01:43 . 2009-12-09 04:04 -------- d-----w- c:\program files\Common Files\Akamai
2010-09-23 00:12 . 2009-09-11 23:53 -------- d-----w- c:\users\User\AppData\Roaming\WTablet
2010-09-23 00:11 . 2009-09-16 12:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet
2010-09-21 10:57 . 2009-08-04 00:01 -------- d-----w- c:\program files\Windows Live Safety Center
2010-09-21 10:56 . 2009-09-19 19:12 -------- d-----w- c:\program files\QuickTime
2010-09-21 10:56 . 2009-06-18 00:23 -------- d-----w- c:\program files\Paint.NET
2010-09-21 10:55 . 2009-06-17 17:49 -------- d-----w- c:\program files\Movie Maker 2.6
2010-09-21 10:55 . 2008-08-21 21:30 -------- d-----w- c:\program files\Microsoft Works
2010-09-21 10:54 . 2009-10-12 01:52 -------- d-----w- c:\program files\Microsoft
2010-09-21 10:52 . 2009-08-02 18:25 -------- d-----w- c:\program files\DDS Converter 2
2010-09-21 10:52 . 2008-08-21 21:08 -------- d-----w- c:\program files\Common Files\LightScribe
2010-09-21 10:52 . 2009-06-17 17:38 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-09-21 10:52 . 2009-08-06 05:27 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-09-21 10:42 . 2009-08-06 05:19 -------- d-----w- c:\program files\backburner 2
2010-09-21 10:42 . 2009-08-21 15:41 -------- d-----w- c:\program files\AVI-GIF
2010-09-21 10:42 . 2009-08-21 20:14 -------- d-----w- c:\program files\Audacity
2010-09-19 23:00 . 2009-06-16 03:30 -------- d-----w- c:\users\User\AppData\Roaming\uTorrent
2010-09-18 23:12 . 2010-05-12 11:45 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-09-14 14:50 . 2008-08-21 21:29 -------- d-----w- c:\program files\Microsoft.NET
2010-09-14 14:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-09-14 14:23 . 2009-06-11 22:51 71840 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-07 02:01 . 2010-08-19 14:39 -------- d-----w- c:\users\User\AppData\Roaming\vlc
2010-08-27 13:21 . 2010-04-02 13:44 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-22 23:51 . 2009-07-07 10:58 -------- d-----w- c:\program files\Steam
2010-08-22 23:37 . 2009-07-07 10:58 -------- d-----w- c:\program files\Common Files\Steam
2010-08-17 16:39 . 2010-08-17 16:39 59904 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\zlib1.dll
2010-08-17 16:39 . 2010-08-17 16:39 1036288 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\msvcp80d.dll
2010-08-17 16:39 . 2010-08-17 16:39 548864 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\msvcp80.dll
2010-08-17 16:10 . 2010-08-17 13:41 46 ----a-w- c:\users\User\jagex_runescape_preferences.dat
2010-08-17 16:10 . 2010-08-17 13:42 99 ----a-w- c:\users\User\jagex_runescape_preferences2.dat
2010-08-17 13:42 . 2010-08-17 13:42 0 ----a-w- c:\users\User\jagex__preferences3.dat
2010-08-10 03:01 . 2010-07-19 22:40 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-10 01:53 . 2010-08-10 01:53 -------- d-----w- c:\users\User\AppData\Roaming\Screaming Bee
2010-07-08 18:55 . 2010-07-08 18:56 151552 ----a-w- c:\windows\system32\nvRegDev.dll
2010-06-28 20:57 . 2010-07-13 17:56 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-07-13 17:56 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-07-13 17:57 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-07-13 17:57 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-07-13 17:57 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-07-13 17:57 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2010-07-13 17:57 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 21:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\programs\DAEMON Tools\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"WeatherEye"="d:\programs\WeatherEye\WeatherEye.exe" [2009-10-27 718232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-06-02 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-06-02 319488]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-04 148888]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-14 202256]
"AMTDeviceService"="d:\programs\AMT Media Manager\AMTDeviceService.exe" [2009-01-21 184320]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
trz77F0.tmp [2010-9-21 253440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 136176]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 131072]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-25 691696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 aswSP;aswSP; [x]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-26 45056]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-01-19 2789160]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2007-07-18 357376]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-01 34384]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 15656]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 21:14]

2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 21:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=1&o=vp32&d=0609&m=aspire_m1201
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=1&o=vp32&d=0609&m=aspire_m1201
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\790fczqk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://ca.yahoo.com/
FF - prefs.js: keyword.URL -
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\users\User\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3465122130-2015767867-611751245-1000\Software\SecuROM\License information*]
"datasecu"=hex:6c,11,40,49,2e,c8,96,39,03,31,79,e0,11,39,1b,7c,18,a4,ec,8b,ed,
94,02,c8,76,04,ce,c8,0b,4c,49,76,08,ae,d6,19,57,94,f9,e8,9e,d8,c9,23,51,a4,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
Completion time: 2010-09-22 21:45:41
ComboFix-quarantined-files.txt 2010-09-23 01:45
ComboFix2.txt 2010-09-23 00:20

Pre-Run: 42,370,592,768 bytes free
Post-Run: 41,923,485,696 bytes free

- - End Of File - - 04E5F227D6A94531032C0ADCD6DBC0A0

And then I ran Goored. It only took about 15 seconds.

[[GooredFix.Txt]]

GooredFix by jpshortstuff (03.07.10.1)
Log created at 22:00 on 22/09/2010 (User)
Firefox version 3.6.10 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [00:48 23/09/2010]
{B13721C7-F507-4982-B2E5-502A71474FED} [11:13 26/10/2009]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [03:23 04/08/2009]

C:\Users\User\Application Data\Mozilla\Firefox\Profiles\790fczqk.default\extensions\
cfxe@Triton [12:57 30/06/2010]
cfxHelper@Triton [12:57 30/06/2010]
glowygreen-ff3-30@glowplug.bitasylum.net [14:15 17/04/2010]
personas@christopher.beard [02:32 14/09/2010]
runtime@panda3d.org [13:10 10/03/2010]
{20a82645-c095-46ed-80e3-08825760534b} [12:57 30/06/2010]
{66871bd1-5ba2-4739-b485-2a15f5969bd8} [02:51 02/02/2010]
{bbf8fc30-5280-11db-b0de-0800200c9a66} [13:53 04/08/2009]
{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [20:17 28/07/2010]
{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [13:56 28/08/2010]
{d596c130-b00a-11db-abbd-0800200c9a66} [13:54 04/08/2009]
{dd30bf68-268a-4815-ad48-8740b774c764} [14:15 17/04/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [01:23 12/06/2009]

-=E.O.F=-

Hi.

Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

(Writing this, as I have been most things, on a different computer:)

I ran Malwarebytes and it prompted me to reboot, but my computer has been on Vista's shiny "Shutting Down..." screen for about half an hour now.

Should I kill it?

Hi yes, please do that, and go to the "Logs" tab in Malwarebytes and post the most recent one.

I feel I should mention that I've never, since buying the computer, been able to save an internet connection, I got into the habit of manually connecting and typing in the password every time I started up the computer, but through all this, every time it reboots, I've never had to connect, it automatically did for once.

[[mbam-log-2010-09-22 (22-45-57).txt]]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4673

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

22/09/2010 10:45:57 PM
mbam-log-2010-09-22 (22-45-57).txt

Scan type: Quick scan
Objects scanned: 147672
Time elapsed: 5 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 40
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Awaiting orders, cap'n.

Hi.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

I'm thinking this isn't what you expected:

[[log.txt from ESET Online Scanner]]

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

Hi.

How is your computer running now?

This is what I'm seeing now, should I do anything or just click "Finish"?

In answer to your question, I haven't gotten any virus alerts in some time (I know I turned avast! off a while ago, but for a while before that too).

Can I turn avast! back on now and see if it screams at me?

Hi.

Can you hit the list found threats button, and export that to a text file, then zip it up and attach it please?

I'm working on it, the virus ate my winRAR so I have to download something else to make a .zip file.

Here's the List of Threats from the ESET Online Scanner.

Hi.

How is your computer running now? See any more files of that name?

I find one now and then, but I just delete them, they aren't new, and avast! isn't reporting any more problems.

Everything appears to be back to normal (except the missing files and programs that won't start) but I did manage to save most of the files I wanted to to carry over to Windows 7.

Now I just need to get the internet working. But I already made a new thread about that elsewhere in the forum.

for your help! I've already started recommending this site to everyone I know. Saved me a lot of money from going down to the local tech store.

Hi,

We are not quite done yet, could you please run a ESET Scan again, Ramnit is a polymorphic file infector, and you seem to have a new variant.

Ooo, well shortly after I thought the problem was solved, I wiped my hard drive. So unless it got onto my portable drive, I think it's gone now. I wanted to be rid of that other trz####.tmp virus so it wouldn't carry over on my portable drive.

Hi.

You might want to check the portable drive too as ramnit can infected one if it was inserted. Try running a scan on it and see if it finds anything.