Ongoing problem with Malware,Trojans....Help?

Hi

I'm a noob here but do have some experience in removing malware/viruses, however every single step I have tried has failed. Malwarebytes was able to find 3 trojans (removed), also used ESET's online scanner which found another trojan (removed). Everything worked great for about 2 days, then redirects through Firefox began again. I have no plug-ins downloaded to Firefox, so that does not seem to be the issue. Came here, did the recommended scans and I need help

I've attached the scan texts as the site tells me it makes this message too long to post.

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
****************************************************************
What AV are you running on that computer?

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.



* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
***********************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Hi Dave,

Here is the OTL Log:

========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2BAA28F1-5CC5-4BDF-A75C-32EC21069736}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2BAA28F1-5CC5-4BDF-A75C-32EC21069736}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E948CB57-0C36-4228-A175-17D40B1310B8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E948CB57-0C36-4228-A175-17D40B1310B8}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{180780f0-b348-4b44-8210-94a8f3ee15b2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3AADD526-7A0E-45FD-B7C0-4BA3FF25A9B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AADD526-7A0E-45FD-B7C0-4BA3FF25A9B3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B2DE18E2-FC72-4DED-AABF-7482E8E12BD3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2DE18E2-FC72-4DED-AABF-7482E8E12BD3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF1893BD-9F76-4642-B708-6AF2D4CA647E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF1893BD-9F76-4642-B708-6AF2D4CA647E}\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.55.0 log created on 08042012_224620

I ran ComboFix but after it restarted my system it didn't produce a log at all. Should I run it again? Also, I did open Firefox and surf through a few of the previous problems pages and have had no redirects. I know this isn't proof everything is entirely fixed, however, it's something. Thanks again.



Last edited by sinister9128 on 5th August 2012, 3:48 am; edited 1 time in total (Reason for editing : Mistyped)

Just a quick update, after a few hours of no occurrences, that has changed as of this morning. My first use of Google today produced another redirect. It's not happening nearly as much as before, but it's still there. Just thought I should let you know.

I ran ComboFix but after it restarted my system it didn't produce a log at all. Should I run it again?

You should be able to find it at C:\ Combofix. Just look for a txt file. If you can't find it, please run it again. What AV are your running on that computer?

Ok, I reran ComboFix, here is the log:

ComboFix 12-08-05.02 - Imagine 08/05/2012 20:25:15.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2622 [GMT -5:00]
Running from: c:\users\Imagine\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{887202d4-3af8-888f-30e5-b3fb3c2a1f41}\@
c:\windows\Installer\{887202d4-3af8-888f-30e5-b3fb3c2a1f41}\L\00000004.@
c:\windows\Installer\{887202d4-3af8-888f-30e5-b3fb3c2a1f41}\L\201d3dde
c:\windows\Installer\{887202d4-3af8-888f-30e5-b3fb3c2a1f41}\U\00000004.@
c:\windows\Installer\{887202d4-3af8-888f-30e5-b3fb3c2a1f41}\U\00000008.@
c:\windows\Installer\{887202d4-3af8-888f-30e5-b3fb3c2a1f41}\U\000000cb.@
c:\windows\Installer\{887202d4-3af8-888f-30e5-b3fb3c2a1f41}\U\80000000.@
c:\windows\Installer\{887202d4-3af8-888f-30e5-b3fb3c2a1f41}\U\80000032.@
c:\windows\Installer\{887202d4-3af8-888f-30e5-b3fb3c2a1f41}\U\80000064.@
.
---- Previous Run -------
.
c:\users\Imagine\AppData\Local\Diagnostics\DataSafeOnline\oyljjw.dll
c:\users\Imagine\AppData\Roaming\0ad
c:\users\Imagine\AppData\Roaming\0ad\config\user.cfg
c:\users\Imagine\AppData\Roaming\Microsoft\Windows\Recent\GamesTorrent.url
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\svchost.exe
c:\windows\SysWow64\404Fix.exe
c:\windows\SysWow64\Agent.OMZ.Fix.exe
c:\windows\SysWow64\dumphive.exe
c:\windows\SysWow64\IEDFix.C.exe
c:\windows\SysWow64\IEDFix.exe
c:\windows\SysWow64\o4Patch.exe
c:\windows\SysWow64\SrchSTS.exe
c:\windows\SysWow64\tmp.reg
c:\windows\SysWow64\VACFix.exe
c:\windows\SysWow64\VCCLSID.exe
c:\windows\SysWow64\WS2Fix.exe
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))
.
.
2012-08-06 01:36 . 2012-08-06 01:36 -------- d-----w- c:\users\Slick\AppData\Local\temp
2012-08-06 01:36 . 2012-08-06 01:36 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-06 01:36 . 2012-08-06 01:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-05 03:07 . 2012-08-05 03:07 -------- d-----w- C:\_OTL
2012-08-04 18:52 . 2012-08-04 18:52 -------- d-----w- c:\users\Imagine\AppData\Roaming\Ludia
2012-08-04 18:52 . 2012-08-04 18:52 -------- d-----w- c:\programdata\Ludia
2012-08-04 18:52 . 2012-08-04 18:52 -------- d-----w- c:\program files (x86)\Hells Kitchen
2012-08-04 18:49 . 2012-08-04 18:49 -------- d-----w- c:\program files (x86)\bfgclient
2012-08-04 18:48 . 2012-08-04 18:52 -------- d-----w- C:\BigFishGamesCache
2012-07-29 07:46 . 2012-07-29 07:46 -------- d-----w- c:\programdata\GFI Software
2012-07-28 08:12 . 2012-07-28 08:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-27 05:14 . 2012-07-27 05:14 -------- d-----w- c:\users\Imagine\AppData\Local\Downloaded Installations
2012-07-27 05:13 . 2012-07-27 05:13 -------- d-----w- c:\users\Imagine\AppData\Local\adawarebp
2012-07-27 05:12 . 2012-07-27 05:12 -------- d-----w- c:\users\Imagine\AppData\Roaming\SUPERAntiSpyware.com
2012-07-27 05:12 . 2012-07-27 05:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-27 05:12 . 2012-07-27 05:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-22 21:01 . 2009-07-14 01:14 20480 ------w- c:\windows\bymcxopb.sot
2012-07-21 08:44 . 2012-07-21 08:44 -------- d-----w- c:\users\Imagine\AppData\Roaming\funkitron
2012-07-21 07:03 . 2012-07-21 07:03 -------- d-----w- c:\windows\Sun
2012-07-21 02:42 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{37681A3F-4F3F-4A60-8825-4DEF2AF502B5}\mpengine.dll
2012-07-19 09:51 . 2012-07-19 09:51 -------- d-----w- c:\programdata\HipSoft
2012-07-18 22:55 . 2012-07-19 05:43 -------- d-----w- c:\programdata\MumboJumbo
2012-07-18 22:52 . 2012-07-18 22:52 -------- d-----w- c:\users\Imagine\AppData\Roaming\InstallShield
2012-07-18 22:28 . 2012-07-22 21:03 -------- d-----w- C:\Remote Programs
2012-07-18 17:19 . 2012-07-18 17:19 -------- d-----w- c:\users\Imagine\AppData\Local\Xfinity.com
2012-07-15 09:00 . 2012-07-18 04:34 -------- d-----w- c:\programdata\Wild Tangent
2012-07-15 07:44 . 2012-07-19 05:12 -------- d-----w- c:\users\Imagine\AppData\Roaming\iWin
2012-07-15 05:34 . 2012-07-15 05:34 -------- d-----w- c:\program files (x86)\Bethesda Softworks
2012-07-15 05:20 . 2007-09-22 20:48 9976832 ----a-w- c:\users\Imagine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firaxis Games\Sid Meier's Civilization 4 - Warlords\Civ4Warlords.exe
2012-07-15 05:12 . 2006-05-21 13:13 10567680 ----a-w- c:\users\Imagine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe
2012-07-15 04:54 . 2012-07-18 22:52 -------- d-----w- c:\users\Imagine\AppData\Roaming\InstallShield Installation Information
2012-07-15 04:54 . 2012-07-15 04:54 -------- d-----w- c:\users\Imagine\AppData\Roaming\Firaxis Games
2012-07-15 04:54 . 2005-05-26 20:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll
2012-07-15 04:54 . 2005-05-26 20:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll
2012-07-15 04:03 . 2012-07-15 04:03 52736 ----a-w- c:\windows\ipuninst.exe
2012-07-15 04:03 . 2012-07-15 04:03 -------- d-----w- c:\program files\BlackIsle
2012-07-13 13:06 . 2012-07-13 13:06 -------- d-----w- c:\users\Imagine\AppData\Roaming\Hoyle FaceCreator
2012-07-13 13:06 . 2012-07-18 08:04 -------- d-----w- c:\users\Imagine\AppData\Roaming\Hoyle Puzzle and Board Games
2012-07-13 13:05 . 2012-07-18 22:48 -------- d-----w- c:\program files (x86)\Encore
2012-07-11 05:13 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 03:07 . 2012-06-02 11:57 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-07-11 03:07 . 2012-06-02 11:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-11 03:07 . 2012-06-02 08:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-07-11 03:07 . 2012-06-02 12:52 174200 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-07-11 03:07 . 2012-06-02 09:08 140920 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-07-11 02:33 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 02:33 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 02:33 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 02:33 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 02:33 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 02:33 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-10 07:46 . 2012-07-10 07:46 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-10 02:35 . 2012-07-11 02:19 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-07-09 23:55 . 2012-07-09 23:55 -------- d-----w- c:\program files\LucasArts
2012-07-09 23:55 . 2001-09-05 10:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-07-09 23:55 . 2001-09-05 10:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-07-09 23:55 . 2001-09-05 10:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-07-09 23:55 . 2001-09-05 10:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-06 01:37 . 2011-04-11 15:39 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-07-19 03:13 . 2011-06-27 18:07 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-07-19 03:13 . 2011-06-27 18:06 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-07-19 03:13 . 2011-06-27 18:06 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-07-19 03:13 . 2011-12-05 05:11 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-07-11 03:40 . 2010-03-27 16:48 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-06 07:01 . 2011-05-21 17:31 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-07-06 07:01 . 2011-05-21 17:31 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-07-06 07:01 . 2011-05-21 17:31 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-07-03 18:46 . 2011-04-23 08:21 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-02 04:48 . 2012-06-04 22:25 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-02 04:48 . 2011-08-09 21:23 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-16 04:17 . 2011-05-21 17:31 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-12 23:21 . 2012-06-12 23:21 967 ----a-w- c:\windows\ScUnin.pif
2012-06-12 23:21 . 2012-06-12 23:21 68096 ----a-w- c:\windows\ScUnin.exe
2012-06-03 04:55 . 2012-06-03 04:55 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-06-03 04:55 . 2011-02-11 16:22 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-02 22:19 . 2012-06-24 08:10 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 08:10 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-24 08:10 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 08:10 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 08:10 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-24 08:10 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-24 08:10 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-24 08:10 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-24 08:10 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 17:25 . 2012-06-28 00:53 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-31 04:10 . 2012-07-02 04:34 126944 ----a-w- c:\windows\system32\drivers\scdemu.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-05-31 336992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-21 559616]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-11-18 25072]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-20 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-06 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2012-08-06 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate07182012
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Imagine\AppData\Roaming\Mozilla\Firefox\Profiles\qfgjd40b.default-1340353282062\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bdb77fbc5-7381-4c2e-b256-86dac70a258e%7D&mid=9113713cfa0247d08da175f39d4bd00b-4bde9bba95cd82cacae746a9384fef7e5b561d2d&ds=st011&v=11.1.0.12&lang=en&pr=sa&d=2012-07-01%2023%3A35%3A08&sap=ku&q=
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - (no file)
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-DataSafeOnline - c:\users\Imagine\AppData\Local\Diagnostics\DataSafeOnline\oyljjw.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:ef,f4,91,44,65,66,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,79,9a,9a,ab,3a,48,41,41,a8,ee,f7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,79,9a,9a,ab,3a,48,41,41,a8,ee,f7,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\06\00\03\07**u"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
.
**************************************************************************
.
Completion time: 2012-08-05 20:44:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-06 01:44
.
Pre-Run: 117,462,867,968 bytes free
Post-Run: 117,562,662,912 bytes free
.
- - End Of File - - 02C5457AE0E74512C7800DDD45267323


This computer currently has no AV protection. Our McAfee expired last month and I am just starting a new job, with no check until the 17th. I can't renew it until that time

This computer currently has no AV protection. Our McAfee expired last month and I am just starting a new job, with no check until the 17th. I can't renew it until that time

Here's a list of free AV's. You need to install an AV pronto. I prefer MSE

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition
7) ThreatFire

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
********************************************************
Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
  
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

Ok, AV is now active on the computer and here is the Rooter log:

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 7 Home Edition (6.1.7601) Service Pack 1
[32_bits] - Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.0.8112.16421
Mozilla Firefox 14.0.1 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:283 Go - Free:108 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
.
Scan : 18:36.44
Path : C:\Users\Imagine\Downloads\Rooter.exe
User : Imagine ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ ????????? (400)
______ ????????? (488)
______ ????????? (548)
______ ????????? (564)
______ ????????? (612)
______ ????????? (636)
______ ????????? (648)
______ ????????? (656)
______ ????????? (792)
______ ????????? (872)
______ ????????? (956)
______ ????????? (1020)
______ ????????? (412)
______ ????????? (500)
Locked audiodg.exe (944)
______ ????????? (1112)
______ C:\Program Files\Dell\DellDock\DockLogin.exe (1164)
______ ????????? (1276)
______ ????????? (1376)
______ ????????? (1400)
______ ????????? (1412)
______ ????????? (1420)
______ ????????? (1520)
______ ????????? (1576)
______ ????????? (1740)
______ ????????? (1760)
______ ????????? (1812)
______ ????????? (1900)
______ C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (1980)
______ ????????? (2036)
______ ????????? (1156)
______ ????????? (2088)
______ C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (2140)
______ C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (2208)
______ ????????? (2280)
______ ????????? (2688)
______ ????????? (2264)
______ ????????? (1924)
______ C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE (3060)
______ ????????? (3776)
______ ????????? (3792)
______ ????????? (3804)
______ ????????? (3824)
______ ????????? (3852)
______ ????????? (3860)
______ ????????? (3868)
______ C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (3904)
______ C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (3912)
______ C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (4060)
______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (4072)
______ ????????? (4444)
______ ????????? (4572)
______ ????????? (4664)
______ ????????? (4688)
______ ????????? (4728)
______ ????????? (5144)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (5572)
______ ????????? (5644)
______ C:\Program Files (x86)\Mozilla Firefox\firefox.exe (6012)
______ C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4828)
______ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe (3840)
______ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe (6120)
______ ????????? (6116)
______ ????????? (4160)
______ ????????? (4200)
______ ????????? (6476)
______ ????????? (976)
______ ????????? (776)
______ ????????? (6764)
______ ????????? (2472)
______ ????????? (2000)
______ ????????? (888)
______ C:\Users\Imagine\Downloads\Rooter.exe (6304)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:41094144)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:41943040 | Length:15728640000)
\Device\Harddisk0\Partition3 (Start_Offset:15770583040 | Length:304301301760)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\SystemToolsDailyTest.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 18:36.54
.
C:\Rooter$\Rooter.txt - (06/08/2012 | 18:36.54)

Re-run MBAM:

Code:
Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply..
******************************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Ok, Malwarebytes:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.06.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Imagine :: SLICK-PC [administrator]

8/6/2012 07:04:07 PM
mbam-log-2012-08-06 (19-04-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234377
Time elapsed: 4 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Eset found 7 threats:

C:\Qoobox\Quarantine\C\Windows\Installer\{887202d4-3af8-888f-30e5-b3fb3c2a1f41}\U\00000008.@.vir Win64/Agent.BA

trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.07.2012_03.11.41\mbr0000\tdlfs0000\tsk0000.dta Win64/Olmarik.AK trojan cleaned by deleting

- quarantined
C:\TDSSKiller_Quarantine\28.07.2012_03.11.41\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYH trojan cleaned by

deleting - quarantined
C:\TDSSKiller_Quarantine\28.07.2012_03.11.41\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AL trojan cleaned by deleting

- quarantined
C:\Users\Imagine\AppData\Local\Google\Chrome\User Data\Default\Default\aaggdjdfgedcdaggdbdjddgcdedcdjdg\background.html

Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\Imagine\AppData\Roaming\Mozilla\Firefox\Profiles\7b9pmvso.default\extensions\dclxqkizsa@dclxqkizsa.org.xpi

JS/Redirector.NCA trojan deleted - quarantined
C:\Users\Imagine\AppData\Roaming\Mozilla\Firefox\Profiles\qfgjd40b.default-1340353282062\extensions

\dclxqkizsa@dclxqkizsa.org.xpi JS/Redirector.NCA trojan deleted - quarantined

Your computer should be clean. Are there any other issues before we clean up?

No, everything is working great now. Thank you for all your help

Good, let's cleanup.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
*********************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
********************************************************
To set a new Restore Point.

Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.
Click the Start button , click Control Panel, click System and Maintenance, and then click System.
In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
This will give you a new, clean Restore Point.
************************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!