Trojan.Sirefef

this is my most recent mbam log Does it look ok? Do you think we are clean now?

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.16.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
davidcore2 :: DAVIDCORE2-PC [administrator]

7/16/2012 9:30:05 PM
mbam-log-2012-07-16 (21-30-05).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1120845
Time elapsed: 3 hour(s), 12 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Giant Savings (PUP.GamePlayLabs) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Program Files (x86)\Giant Savings\Giant Savings.exe (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Giant Savings\Giant SavingsGui.exe (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Giant Savings\Uninstall.exe (PUP.GamePlayLabs) -> Quarantined and deleted successfully.

(end)

We should not be seeing those same infections this late in the game.

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-17 18:27:18
-----------------------------
18:27:18.531 OS Version: Windows x64 6.1.7601 Service Pack 1
18:27:18.531 Number of processors: 2 586 0xF0B
18:27:18.531 ComputerName: DAVIDCORE2-PC UserName: davidcore2
18:27:19.311 Initialize success
18:28:16.490 AVAST engine defs: 12071701
18:29:28.889 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
18:29:28.905 Disk 0 Vendor: WDC_WD5000AAVS-14N7B0 01.00A01 Size: 476940MB BusType: 3
18:29:28.905 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-5
18:29:28.905 Disk 1 Vendor: ST3500630AS 3.AAK Size: 476940MB BusType: 3
18:29:28.952 Disk 0 MBR read successfully
18:29:28.952 Disk 0 MBR scan
18:29:28.967 Disk 0 Windows 7 default MBR code
18:29:28.999 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 2048
18:29:29.014 Disk 0 scanning C:\Windows\system32\drivers
18:29:40.948 Service scanning
18:30:07.343 Modules scanning
18:30:07.343 Disk 0 trace - called modules:
18:30:07.375 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:30:07.889 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c24060]
18:30:07.889 3 CLASSPNP.SYS[fffff8800198c43f] -> nt!IofCallDriver -> [0xfffffa800473a520]
18:30:07.889 5 ACPI.sys[fffff88000f137a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800473b680]
18:30:10.167 AVAST engine scan C:\Windows
18:30:14.161 AVAST engine scan C:\Windows\system32
18:34:25.088 AVAST engine scan C:\Windows\system32\drivers
18:34:48.098 AVAST engine scan C:\Users\davidcore2
18:52:05.490 AVAST engine scan C:\ProgramData
18:53:15.910 Scan finished successfully
18:54:45.485 Disk 0 MBR has been saved successfully to "C:\Users\davidcore2\Desktop\MBR.dat"
18:54:45.485 The log file has been saved successfully to "C:\Users\davidcore2\Desktop\pitsenbarger virus scan.txt"

Please update and run MBAM again and post the log. Also, please run ESET again.

It looks like we are ok now. Here is my AVSCAN from today:


Avira Free Antivirus
Report file date: Wednesday, July 18, 2012 12:00

Scanning for 3897622 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Home Premium
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : DAVIDCORE2-PC

Version information:
BUILD.DAT : 12.0.0.1125 41829 Bytes 5/2/2012 17:40:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 5/2/2012 04:48:51
AVSCAN.DLL : 12.3.0.15 54736 Bytes 5/2/2012 19:31:39
LUKE.DLL : 12.3.0.15 68304 Bytes 5/2/2012 05:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 5/2/2012 04:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 7/13/2012 23:43:08
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 00:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 05:23:21
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 05:32:24
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 15:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 16:43:53
VBASE005.VDF : 7.11.34.116 4034048 Bytes 6/29/2012 23:42:42
VBASE006.VDF : 7.11.34.117 2048 Bytes 6/29/2012 23:42:42
VBASE007.VDF : 7.11.34.118 2048 Bytes 6/29/2012 23:42:42
VBASE008.VDF : 7.11.34.119 2048 Bytes 6/29/2012 23:42:42
VBASE009.VDF : 7.11.34.120 2048 Bytes 6/29/aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-17 18:27:18
-----------------------------
18:27:18.531 OS Version: Windows x64 6.1.7601 Service Pack 1
18:27:18.531 Number of processors: 2 586 0xF0B
18:27:18.531 ComputerName: DAVIDCORE2-PC UserName: davidcore2
18:27:19.311 Initialize success
18:28:16.490 AVAST engine defs: 12071701
18:29:28.889 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
18:29:28.905 Disk 0 Vendor: WDC_WD5000AAVS-14N7B0 01.00A01 Size: 476940MB BusType: 3
18:29:28.905 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-5
18:29:28.905 Disk 1 Vendor: ST3500630AS 3.AAK Size: 476940MB BusType: 3
18:29:28.952 Disk 0 MBR read successfully
18:29:28.952 Disk 0 MBR scan
18:29:28.967 Disk 0 Windows 7 default MBR code
18:29:28.999 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 2048
18:29:29.014 Disk 0 scanning C:\Windows\system32\drivers
18:29:40.948 Service scanning
18:30:07.343 Modules scanning
18:30:07.343 Disk 0 trace - called modules:
18:30:07.375 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:30:07.889 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c24060]
18:30:07.889 3 CLASSPNP.SYS[fffff8800198c43f] -> nt!IofCallDriver -> [0xfffffa800473a520]
18:30:07.889 5 ACPI.sys[fffff88000f137a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800473b680]
18:30:10.167 AVAST engine scan C:\Windows
18:30:14.161 AVAST engine scan C:\Windows\system32
18:34:25.088 AVAST engine scan C:\Windows\system32\drivers
18:34:48.098 AVAST engine scan C:\Users\davidcore2
18:52:05.490 AVAST engine scan C:\ProgramData
18:53:15.910 Scan finished successfully
18:54:45.485 Disk 0 MBR has been saved successfully to "C:\Users\davidcore2\Desktop\MBR.dat"
18:54:45.485 The log file has been saved successfully to "C:\Users\davidcore2\Desktop\pitsenbarger virus scan.txt"


2012 23:42:43
VBASE010.VDF : 7.11.34.121 2048 Bytes 6/29/2012 23:42:43
VBASE011.VDF : 7.11.34.122 2048 Bytes 6/29/2012 23:42:43
VBASE012.VDF : 7.11.34.123 2048 Bytes 6/29/2012 23:42:43
VBASE013.VDF : 7.11.34.124 2048 Bytes 6/29/2012 23:42:43
VBASE014.VDF : 7.11.34.201 169472 Bytes 7/2/2012 23:42:44
VBASE015.VDF : 7.11.35.19 122368 Bytes 7/4/2012 23:42:45
VBASE016.VDF : 7.11.35.87 146944 Bytes 7/6/2012 23:42:46
VBASE017.VDF : 7.11.35.143 126464 Bytes 7/9/2012 23:42:47
VBASE018.VDF : 7.11.35.235 151552 Bytes 7/12/2012 23:42:48
VBASE019.VDF : 7.11.36.45 118784 Bytes 7/13/2012 23:42:49
VBASE020.VDF : 7.11.36.107 123904 Bytes 7/16/2012 13:32:47
VBASE021.VDF : 7.11.36.147 238592 Bytes 7/17/2012 13:32:49
VBASE022.VDF : 7.11.36.148 2048 Bytes 7/17/2012 13:32:49
VBASE023.VDF : 7.11.36.149 2048 Bytes 7/17/2012 13:32:49
VBASE024.VDF : 7.11.36.150 2048 Bytes 7/17/2012 13:32:49
VBASE025.VDF : 7.11.36.151 2048 Bytes 7/17/2012 13:32:49
VBASE026.VDF : 7.11.36.152 2048 Bytes 7/17/2012 13:32:49
VBASE027.VDF : 7.11.36.153 2048 Bytes 7/17/2012 13:32:49
VBASE028.VDF : 7.11.36.154 2048 Bytes 7/17/2012 13:32:49
VBASE029.VDF : 7.11.36.155 2048 Bytes 7/17/2012 13:32:50
VBASE030.VDF : 7.11.36.156 2048 Bytes 7/17/2012 13:32:50
VBASE031.VDF : 7.11.36.176 45056 Bytes 7/18/2012 13:32:50
Engine version : 8.2.10.114
AEVDF.DLL : 8.1.2.10 102772 Bytes 7/13/2012 23:43:05
AESCRIPT.DLL : 8.1.4.32 455034 Bytes 7/13/2012 23:43:05
AESCN.DLL : 8.1.8.2 131444 Bytes 2/16/2012 22:11:36
AESBX.DLL : 8.2.5.12 606578 Bytes 7/13/2012 23:43:06
AERDL.DLL : 8.1.9.15 639348 Bytes 1/21/2012 05:22:40
AEPACK.DLL : 8.3.0.14 807287 Bytes 7/13/2012 23:43:04
AEOFFICE.DLL : 8.1.2.40 201082 Bytes 7/13/2012 23:43:02
AEHEUR.DLL : 8.1.4.72 5038455 Bytes 7/13/2012 23:43:01
AEHELP.DLL : 8.1.23.2 258422 Bytes 7/13/2012 23:42:54
AEGEN.DLL : 8.1.5.32 434548 Bytes 7/13/2012 23:42:54
AEEXP.DLL : 8.1.0.62 86389 Bytes 7/13/2012 23:43:07
AEEMU.DLL : 8.1.3.2 393587 Bytes 7/13/2012 23:42:53
AECORE.DLL : 8.1.27.2 201078 Bytes 7/13/2012 23:42:53
AEBB.DLL : 8.1.1.0 53618 Bytes 1/21/2012 05:22:35
AVWINLL.DLL : 12.3.0.15 27344 Bytes 5/2/2012 04:59:21
AVPREF.DLL : 12.3.0.15 51920 Bytes 5/2/2012 04:44:31
AVREP.DLL : 12.3.0.15 179208 Bytes 5/2/2012 04:13:35
AVARKT.DLL : 12.3.0.15 211408 Bytes 5/2/2012 04:21:32
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 5/2/2012 04:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 4/17/2012 03:11:02
AVSMTP.DLL : 12.3.0.15 63440 Bytes 5/2/2012 04:51:35
NETNT.DLL : 12.3.0.15 17104 Bytes 5/2/2012 05:33:29
RCIMAGE.DLL : 12.3.0.15 4450000 Bytes 5/2/2012 06:03:52
RCTEXT.DLL : 12.3.0.15 96720 Bytes 5/2/2012 19:40:44

Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\alldiscs.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: Wednesday, July 18, 2012 12:00

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarUser_32.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned
Scan process 'agent.exe' - '1' Module(s) have been scanned
Scan process 'isuspm.exe' - '1' Module(s) have been scanned
Scan process 'daemonu.exe' - '1' Module(s) have been scanned
Scan process 'IntuitUpdateService.exe' - '1' Module(s) have been scanned
Scan process 'TestDDCCI.exe' - '1' Module(s) have been scanned
Scan process 'TestDDCCI.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'GarminLifetime.exe' - '1' Module(s) have been scanned
Scan process 'ACDaemon.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'EasySetPackage.exe' - '1' Module(s) have been scanned
Scan process 'distnoted.exe' - '1' Module(s) have been scanned
Scan process 'ubd.exe' - '1' Module(s) have been scanned
Scan process 'paConsole.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'E_S30RP1.EXE' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'armsvc.exe' - '1' Module(s) have been scanned
Scan process 'ACService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '2370' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Users\davidcore2\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\quarantine.db
[WARNING] The archive header is damaged
C:\Windows.old.000\Program Files\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\FSX Realair spitfire\RealAir\spit08\AutoPlay\Config Panel.cdd
[WARNING] The file is password protected
C:\Windows.old.000\Program Files\Microsoft Games\Microsoft Flight Simulator X (new)\SimObjects\Airplanes\FSX Realair spitfire\RealAir\spit08\AutoPlay\Config Panel.cdd
[WARNING] The file is password protected
C:\Windows.old.000\Users\Scott\Documents\VFAT2008_720p.zip
[WARNING] Possible archive bomb: the maximum unpack size has been reached.
C:\Windows.old.000\Windows\SoftwareDistribution\Download\ce5287396485f886a3051ac552cbdb2f08681033
[0] Archive type: Portable Executable Resource
--> P39564799
[1] Archive type: CAB (Microsoft)
--> WriterProdLang.7z
[2] Archive type: 7-Zip
--> WriterProdLang.cab
[3] Archive type: CAB (Microsoft)
--> writerprodlang.msi
[WARNING] The file could not be read!
--> P7563067
[1] Archive type: CAB (Microsoft)
--> LanguageSelector64.7z
[2] Archive type: 7-Zip
--> LanguageSelector64.cab
[3] Archive type: CAB (Microsoft)
--> LanguageSelector64.msi
[WARNING] The file could not be read!
Begin scan in 'D:\'
D:\DAVIDCORE2-PC\Backup Set 2011-09-25 082521\Backup Files 2011-10-02 083059\Backup files 215.zip
[WARNING] Invalid end of file
D:\DAVIDCORE2-PC\Backup Set 2011-09-25 082521\Backup Files 2011-10-02 083059\Backup files 224.zip
[WARNING] The archive header is damaged
D:\DAVIDCORE2-PC\Backup Set 2011-09-25 082521\Backup Files 2011-10-02 083059\Backup files 281.zip
[WARNING] Invalid end of file
D:\DAVIDCORE2-PC\Backup Set 2011-09-25 082521\Backup Files 2011-10-02 083059\Backup files 283.zip
[WARNING] The archive header is damaged
D:\DAVIDCORE2-PC\Backup Set 2011-09-25 082521\Backup Files 2011-10-02 083059\Backup files 391.zip
[WARNING] Invalid end of file
D:\DAVIDCORE2-PC\Backup Set 2011-09-25 082521\Backup Files 2011-10-02 083059\Backup files 396.zip
[WARNING] The archive header is damaged
D:\DAVIDCORE2-PC\Backup Set 2011-09-25 082521\Backup Files 2011-10-23 080118\Backup files 11.zip
[WARNING] The archive header is damaged
D:\DAVIDCORE2-PC\Backup Set 2011-09-25 082521\Backup Files 2011-10-23 080118\Backup files 16.zip
[WARNING] Invalid end of file
D:\DAVIDCORE2-PC\Backup Set 2011-09-25 082521\Backup Files 2011-10-23 080118\Backup files 25.zip
[WARNING] The archive header is damaged
D:\DAVIDCORE2-PC\Backup Set 2011-09-25 082521\Backup Files 2011-10-23 080118\Backup files 8.zip
[WARNING] Invalid end of file
D:\DAVIDCORE2-PC\Backup Set 2011-09-25 082521\Backup Files 2012-02-26 100408\Backup files 1.zip
[WARNING] Unsupported archive version
D:\DAVIDCORE2-PC\Backup Set 2012-05-20 020003\Backup Files 2012-05-20 020003\Backup files 245.zip
[WARNING] Invalid end of file
D:\DAVIDCORE2-PC\Backup Set 2012-05-20 020003\Backup Files 2012-05-20 020003\Backup files 254.zip
[WARNING] The archive header is damaged
D:\DAVIDCORE2-PC\Backup Set 2012-05-20 020003\Backup Files 2012-05-20 020003\Backup files 311.zip
[WARNING] Invalid end of file
D:\DAVIDCORE2-PC\Backup Set 2012-05-20 020003\Backup Files 2012-05-20 020003\Backup files 313.zip
[WARNING] The archive header is damaged
D:\DAVIDCORE2-PC\Backup Set 2012-05-20 020003\Backup Files 2012-05-20 020003\Backup files 440.zip
[WARNING] Invalid end of file
D:\DAVIDCORE2-PC\Backup Set 2012-05-20 020003\Backup Files 2012-05-20 020003\Backup files 445.zip
[WARNING] The archive header is damaged
D:\DAVIDCORE2-PC\Backup Set 2012-05-20 020003\Backup Files 2012-06-03 020004\Backup files 3.zip
[WARNING] Invalid end of file
D:\DAVIDCORE2-PC\Backup Set 2012-05-20 020003\Backup Files 2012-06-03 020004\Backup files 7.zip
[WARNING] The archive header is damaged
D:\My Old 130GB Drive\Download\NRN_SIT.HQX
[WARNING] Error file CRC
D:\My Old 130GB Drive\Games\Install-Spades-Free.exe
[WARNING] Invalid compressed data
D:\My Old 130GB Drive\My Documents\BIN2HEX.ZIP
[WARNING] The file is password protected
D:\My Old 130GB Drive\Program Files\IM\Uninstall.exe
[WARNING] Invalid end of file
D:\My Old 130GB Drive\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\3fc2\f4373dc\_bwfindx.zip
[WARNING] Invalid end of file
D:\My Old 130GB Drive\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\3fc2\f4373e6\_bwfindx.zip
[WARNING] Invalid end of file
D:\My Old 130GB Drive\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\3fc2\f4373e8\_bwfindx.zip
[WARNING] Invalid end of file
D:\My Old 130GB Drive\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\3fc2\f4373ef\_bwfindx.zip
[WARNING] Invalid end of file
D:\My Old 130GB Drive\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\3fc2\f437428\_bwfindx.zip
[WARNING] Invalid end of file
D:\My Old 130GB Drive\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\3fc2\f437448\_bwfindx.zip
[WARNING] Invalid end of file
D:\My Old 130GB Drive\Program Files\Netscape\Netscape Browser\NSUninst.exe
[WARNING] Unsupported archive version
D:\My Old 250GB Drive\PITS1 (250GB)\Documents and Settings\Owner\Application Data\eRoom\eRoom Client\V7\~Temp\ERTemp081815daf9990029.pdc
[WARNING] Invalid end of file
D:\My Old 250GB Drive\PITS1 (250GB)\Documents and Settings\Owner\Application Data\Juniper Networks\Setup\uninstall.exe
[WARNING] Invalid end of file
D:\My Old 250GB Drive\PITS1 (250GB)\Documents and Settings\Owner\Application Data\Move Networks\MoveMediaPlayerWin_071505000010.exe
[WARNING] Invalid end of file
D:\My Old 250GB Drive\PITS1 (250GB)\Documents and Settings\Owner\Application Data\Move Networks\uninstall.exe
[WARNING] Invalid end of file
D:\My Old 250GB Drive\PITS1 (250GB)\Program Files\eRoom 7\Help\webhelp.jar
[WARNING] Error multiple volume
D:\My Old 250GB Drive\PITS1 (250GB)\Program Files\WinRAR\rarnew.dat
[WARNING] Error no files to extract
D:\My Old 60GB Drive\Program Files\Common Files\Adobe\ESD\uninst.exe
[WARNING] Unsupported archive version
D:\My Old 60GB Drive\Program Files\Jummpa Software\OggDS0991.exe
[WARNING] Unsupported archive version
D:\My Old 60GB Drive\Program Files\Microsoft FrontPage\temp\cm98.zip
[WARNING] Invalid end of file
D:\My Old 60GB Drive\Program Files\Net Nanny\nn_uninstall.exe
[WARNING] Invalid compressed data
D:\My Old 60GB Drive\Program Files\NetZero\qs\uninst.exe
[WARNING] Unsupported archive version
D:\My Old 60GB Drive\WINDOWS\OPTIONS\INSTALL\DRIVER5.CAB
[WARNING] Error multiple volume
D:\My Old 60GB Drive\WINDOWS\OPTIONS\INSTALL\DRIVER6.CAB
[WARNING] Error multiple volume
D:\My Old 60GB Drive\WINDOWS\OPTIONS\INSTALL\DRIVER7.CAB
[WARNING] Error multiple volume
D:\My Old 60GB Drive\WINDOWS\OPTIONS\INSTALL\NET3.CAB
[WARNING] Error multiple volume
D:\My Old 60GB Drive\WINDOWS\OPTIONS\INSTALL\NET4.CAB
[WARNING] Error multiple volume
D:\My Old 60GB Drive\WINDOWS\OPTIONS\INSTALL\WIN_10.CAB
[WARNING] Error multiple volume
D:\My Old 60GB Drive\WINDOWS\OPTIONS\INSTALL\WIN_11.CAB
[WARNING] Error multiple volume
D:\My Old 60GB Drive\WINDOWS\OPTIONS\INSTALL\WIN_12.CAB
[WARNING] Error multiple volume
D:\My Old 60GB Drive\WINDOWS\OPTIONS\INSTALL\WIN_13.CAB
[WARNING] Error multiple volume
D:\My Old 60GB Drive\WINDOWS\OPTIONS\INSTALL\WIN_14.CAB
[WARNING] Error multiple volume
D:\My Old 60GB Drive\WINDOWS\OPTIONS\INSTALL\WIN_15.CAB
[WARNING] Error multiple volume
D:\My Old 60GB Drive\WINDOWS\OPTIONS\INSTALL\WIN_16.CAB
[WARNING] Error multiple volume
D:\My Old 60GB Drive\WINDOWS\OPTIONS\INSTALL\WIN_17.CAB
[WARNING] Error multiple volume
D:\My Old 60GB Drive\WINDOWS\OPTIONS\INSTALL\WIN_18.CAB
[WARNING] Error multiple volume
D:\My Old 60GB Drive\WINDOWS\OPTIONS\INSTALL\WIN_19.CAB
[WARNING] Error multiple volume
D:\My Old 60GB Drive\WINDOWS\OPTIONS\INSTALL\WIN_20.CAB
[WARNING] Error multiple volume
D:\My Old 60GB Drive\WINDOWS\OPTIONS\INSTALL\WIN_21.CAB
[WARNING] Error multiple volume
D:\My Old 60GB Drive\WINDOWS\OPTIONS\INSTALL\WIN_8.CAB
[WARNING] Error multiple volume
D:\My Old 60GB Drive\WINDOWS\OPTIONS\INSTALL\WIN_9.CAB
[WARNING] Error multiple volume
D:\My Old 60GB Drive\WINDOWS\TEMP\NetNanny\Downloads\dao36.exe
[WARNING] Unsupported archive version
D:\My Old 60GB Drive\WINDOWS\TEMP\NetNanny\Downloads\NN5-0-3-05_nn_setup_files.exe
[WARNING] Unsupported archive version
D:\My Old 60GB Drive\WINDOWS\TEMP\RarSFX0\NN5-0-3-05_nnsetup.exe
[WARNING] Invalid compressed data
D:\My Old 60GB Drive\WINDOWS\Temporary Internet Files\Content.IE5\81QJ45AF\AdbeRdr60_DLM_enu_full[1].exe
[WARNING] Unsupported archive version


End of the scan: Wednesday, July 18, 2012 16:15
Used time: 4:15:02 Hour(s)

The scan has been done completely.

100136 Scanned directories
3279818 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
3279818 Files not concerned
21507 Archives were scanned

And here is my Mbam log
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.18.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
davidcore2 :: DAVIDCORE2-PC [administrator]

7/17/2012 9:19:27 PM
mbam-log-2012-07-17 (21-19-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240930
Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

It looks like we are ok now.

Does that mean your computer is running normally now?

I believe it is better. All of the scans seems to be coming back ok.

Ok. We can do some cleanup. If anything else comes up, please let me know.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

*************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!