litlcntrygrl

We actually ended up just installing Ubuntu on his computer. It's safer for him. I did install Microsoft Security Essentials on my computer, tho. I was using Avast, but didn't really care for it. I would love to purchase mbam pro, but as I mentioned in one of my previous posts, I recently lost my job, and have no money to purchase with. Thank you for all your help.

Yes, I can do the factory restore, thank you for your help.

Also, what free antivirus do you recommend? I just lost my job, so I can't afford to purchase one.

This is a 13 year old's computer, so there's no sensitive information being transferred, so that's not too big a worry. We can do the system restore to factory settings, will that take care of the problem? We no longer have the reinstall disc.

My 13 year old managed to get infected with the live security platinum virus, and we followed instructions from bleepingcomputer.com to remove it. After running MBAM in safe mode and rebooting as it asked, I ran it again (not in safe mode). It still showed a couple of rootkits and a trojan. I told it to delete them, rebooted and ran another scan. Same results. Here is one of the mbam logs, please let me know if you'd like to see all three from this evening: Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.14.07 Windows Vista Service Pack 1 x86 NTFS (Safe Mode/Networking) Internet Explorer 7.0.6001.18000 Steven :: STEVEN-PC [administrator] Protection: Disabled 9/5/2012 9:08:19 PM mbam-log-2012-09-05 (21-08-19).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 177250 Time elapsed: 3 minute(s), 20 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 24 HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> No action taken. HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> No action taken. HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully. HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Quarantined and deleted successfully. HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully. HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Trojan.LameShield) -> Quarantined and deleted successfully. HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully. Registry Values Detected: 3 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully. HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\Steven\AppData\Local\{3b0d92c1-1b95-7295-3272-f9acd3e5357b}\n. -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully. Files Detected: 16 C:\Users\Steven\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> No action taken. C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> No action taken. C:\Users\Steven\AppData\Local\funmoods.crx (PUP.Funmoods) -> No action taken. C:\Users\Steven\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> No action taken. C:\ProgramData\6F63A5DB03152415EF6D2A556C44B161\6F63A5DB03152415EF6D2A556C44B161.exe (Trojan.LameShield) -> Quarantined and deleted successfully. C:\Users\Steven\AppData\Local\Temp\~!#1152.tmp (Trojan.Winlock.P) -> Quarantined and deleted successfully. C:\Users\Steven\AppData\Local\Temp\~!#81A3.tmp (Trojan.LameShield) -> Quarantined and deleted successfully. C:\Users\Steven\Local Settings\Temporary Internet Files\Content.IE5\VXR3W59B\Shopping-Sidekick[1] (PUP.215Apps) -> Quarantined and deleted successfully. C:\Windows\Installer\{3b0d92c1-1b95-7295-3272-f9acd3e5357b}\U\00000004.@ (Rootkit.Zaccess) -> Quarantined and deleted successfully. C:\Windows\Installer\{3b0d92c1-1b95-7295-3272-f9acd3e5357b}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. C:\Windows\Installer\{3b0d92c1-1b95-7295-3272-f9acd3e5357b}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Windows\Installer\{3b0d92c1-1b95-7295-3272-f9acd3e5357b}\U\80000000.@ (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Windows\Installer\{3b0d92c1-1b95-7295-3272-f9acd3e5357b}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Users\Steven\AppData\Local\Temp\wpbt0.dll (Exploit.Drop.GS) -> Quarantined and deleted successfully. C:\Users\Steven\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully. C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully. (end) Here is the dds log: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 10.5.1 Run by Steven at 21:40:25 on 2012-09-05 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2813.1817 [GMT -4:00] . SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe C:\Program Files\DefaultTab\DefaultTabSearch.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Acer\Empowering Technology\Service\ETService.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Acer\Mobility Center\MobilityService.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\System32\rundll32.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\taskeng.exe C:\Users\Steven\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wermgr.exe C:\Windows\System32\wsqmcons.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0BtBtByDyE0CtD0A0A0ByCtN0D0Tzu0CtBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1361412526 uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0812&m=aspire_5515 mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0BtBtByDyE0CtD0A0A0ByCtN0D0Tzu0CtBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1361412526 mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0812&m=aspire_5515 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\programdata\partner\partner.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter uRun: [Google Update] "c:\users\steven\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [kbtpt] rundll32.exe "c:\users\steven\appdata\roaming\kbtpt.dll",IDrawText uRun: [prtcs] "c:\windows\system32\rundll32.exe" "c:\users\steven\appdata\roaming\prtcs.dll",GetCode mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [bkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup mRun: [eRecoveryService] mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: mswsock.dll TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{1D69327A-41BE-45F5-9F83-B01C419E94E5} : DhcpNameServer = 192.168.0.1 . ================= FIREFOX =================== . FF - ProfilePath - c:\users\steven\appdata\roaming\mozilla\firefox\profiles\us3kx7qw.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\dtplugin\npdeployJava1.dll FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll FF - plugin: c:\users\steven\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll . ============= SERVICES / DRIVERS =============== . R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384] R2 DefaultTabSearch;DefaultTabSearch;c:\program files\defaulttab\DefaultTabSearch.exe [2012-7-17 562688] R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2012-8-24 24576] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-5 655944] R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-26 45056] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-26 131072] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-5 22344] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-5 40776] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-9-2 250056] S3 Partner Service;Partner Service;c:\programdata\partner\partner.exe [2012-8-24 110576] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-09-06 01:27:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-09-06 00:39:09 -------- d-----w- c:\users\steven\appdata\roaming\Malwarebytes 2012-09-06 00:38:58 -------- d-----w- c:\programdata\Malwarebytes 2012-09-06 00:38:57 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-06 00:38:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-09-06 00:17:28 -------- d-----w- c:\users\steven\appdata\local\{77DE08F3-E66E-11E1-8270-B8AC6F996F26} 2012-09-06 00:17:28 -------- d-----w- c:\users\steven\appdata\local\{77DDCDC3-E66E-11E1-8270-B8AC6F996F26} 2012-09-06 00:16:55 -------- d-----w- c:\programdata\6F63A5DB03152415EF6D2A556C44B161 2012-09-06 00:16:41 480256 ----a-w- c:\users\steven\appdata\roaming\prtcs.dll 2012-09-06 00:15:36 164864 --sha-w- c:\users\steven\appdata\roaming\kbtpt.dll 2012-09-05 20:43:50 -------- d-----w- c:\program files\Oracle 2012-09-02 04:41:20 -------- d-----w- c:\users\steven\appdata\local\Macromedia 2012-09-02 04:40:26 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-02 04:40:26 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-01 23:30:27 -------- d-----w- c:\program files\NCH Software 2012-09-01 23:30:24 -------- d-----w- c:\users\steven\appdata\roaming\NCH Software 2012-09-01 23:28:48 -------- d-----w- c:\program files\CamStudio 2.6b 2012-09-01 22:41:42 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ce030673-f171-48fd-82bd-62ecb52ca377}\mpengine.dll 2012-08-31 20:55:57 -------- d-----w- c:\users\steven\appdata\local\Adobe 2012-08-31 03:28:43 -------- d-----w- c:\users\steven\appdata\roaming\Helios 2012-08-31 03:28:38 49152 ----a-r- c:\users\steven\appdata\roaming\microsoft\installer\{3f04067f-0da5-4f48-9a89-6fcfd2a9e040}\NewShortcut1.exe 2012-08-31 03:28:38 49152 ----a-r- c:\users\steven\appdata\roaming\microsoft\installer\{3f04067f-0da5-4f48-9a89-6fcfd2a9e040}\ARPPRODUCTICON.exe 2012-08-31 03:28:38 262144 ----a-r- c:\users\steven\appdata\roaming\microsoft\installer\{3f04067f-0da5-4f48-9a89-6fcfd2a9e040}\NewShortcut2_E92C273FB9F642AAB106402602207308.exe 2012-08-31 03:28:33 -------- d-----w- c:\program files\TextPad 6 2012-08-26 07:03:51 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2012-08-26 07:03:51 49472 ----a-w- c:\windows\system32\netfxperf.dll 2012-08-26 07:03:51 297808 ----a-w- c:\windows\system32\mscoree.dll 2012-08-26 07:03:51 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2012-08-26 07:03:51 1130824 ----a-w- c:\windows\system32\dfshim.dll 2012-08-26 02:54:08 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll 2012-08-25 22:21:00 -------- d-----w- c:\users\steven\.smplayer 2012-08-25 22:18:39 125952 ----a-w- c:\windows\system32\srvsvc.dll 2012-08-25 22:18:38 17920 ----a-w- c:\windows\system32\netevent.dll 2012-08-25 21:56:59 378368 ----a-w- c:\windows\system32\winhttp.dll 2012-08-25 03:14:40 -------- d-----w- c:\program files\DefaultTab 2012-08-25 03:09:19 -------- d-----w- c:\program files\Yontoo 2012-08-25 03:09:09 -------- d-----w- c:\programdata\Tarma Installer 2012-08-25 03:06:06 411136 ----a-w- c:\windows\system32\drivers\http.sys 2012-08-25 03:06:04 31232 ----a-w- c:\windows\system32\httpapi.dll 2012-08-25 03:06:00 24064 ----a-w- c:\windows\system32\nshhttp.dll 2012-08-25 01:16:56 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-08-24 23:35:14 97800 ----a-w- c:\windows\system32\infocardapi.dll 2012-08-24 23:35:13 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2012-08-24 23:35:11 622080 ----a-w- c:\windows\system32\icardagt.exe 2012-08-24 23:35:11 37384 ----a-w- c:\windows\system32\infocardcpl.cpl 2012-08-24 23:35:11 11264 ----a-w- c:\windows\system32\icardres.dll 2012-08-24 23:35:08 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll 2012-08-24 23:24:48 158720 ----a-w- c:\windows\system32\mscorier.dll 2012-08-24 23:24:40 83968 ----a-w- c:\windows\system32\mscories.dll 2012-08-24 23:20:40 231936 ----a-w- c:\windows\system32\msshsq.dll 2012-08-24 23:18:43 -------- d-----w- c:\program files\MSXML 4.0 2012-08-24 23:11:15 -------- d-----w- c:\users\steven\appdata\roaming\.minecraft 2012-08-24 23:10:12 2927104 ----a-w- c:\windows\explorer.exe 2012-08-24 23:10:01 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2012-08-24 23:08:33 104960 ----a-w- c:\windows\system32\netiohlp.dll 2012-08-24 23:08:30 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2012-08-24 23:08:30 19968 ----a-w- c:\windows\system32\ARP.EXE 2012-08-24 23:08:29 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2012-08-24 23:08:28 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2012-08-24 23:08:28 10240 ----a-w- c:\windows\system32\finger.exe 2012-08-24 23:08:27 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2012-08-24 23:08:26 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2012-08-24 23:06:50 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2012-08-24 23:05:08 3548048 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-24 23:05:07 3600272 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-24 23:05:07 1205080 ----a-w- c:\windows\system32\ntdll.dll 2012-08-24 23:05:07 -------- d-sh--w- c:\users\steven\appdata\local\{3b0d92c1-1b95-7295-3272-f9acd3e5357b} 2012-08-24 23:03:48 213504 ----a-w- c:\windows\system32\msv1_0.dll 2012-08-24 23:03:31 -------- d-----w- c:\windows\system32\Adobe 2012-08-24 23:03:20 168960 ----a-w- c:\program files\windows media player\wmplayer.exe 2012-08-24 23:03:17 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2012-08-24 23:01:37 766464 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll 2012-08-24 23:01:30 157184 ----a-w- c:\windows\system32\t2embed.dll 2012-08-24 23:01:25 531968 ----a-w- c:\windows\system32\comctl32.dll 2012-08-24 23:01:17 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll 2012-08-24 23:01:17 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2012-08-24 23:01:17 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2012-08-24 23:01:05 2067456 ----a-w- c:\windows\system32\mstscax.dll 2012-08-24 23:01:04 677888 ----a-w- c:\windows\system32\mstsc.exe 2012-08-24 23:01:00 61440 ----a-w- c:\windows\system32\msasn1.dll 2012-08-24 22:59:59 17408 ----a-w- c:\windows\system32\iashost.exe 2012-08-24 22:58:57 1136640 ----a-w- c:\windows\system32\mfc42.dll 2012-08-24 22:57:48 67072 ----a-w- c:\windows\system32\asycfilt.dll 2012-08-24 22:56:49 954752 ----a-w- c:\windows\system32\mfc40.dll 2012-08-24 22:55:56 443392 ----a-w- c:\windows\system32\win32spl.dll 2012-08-24 22:55:52 430080 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 22:55:48 171520 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 22:55:43 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll 2012-08-24 22:55:42 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe 2012-08-24 22:55:34 69632 ----a-w- c:\windows\system32\drivers\bowser.sys 2012-08-24 22:55:31 375808 ----a-w- c:\windows\system32\winsrv.dll 2012-08-24 22:55:30 49152 ----a-w- c:\windows\system32\csrsrv.dll 2012-08-24 22:54:15 98304 ----a-w- c:\windows\system32\cabview.dll 2012-08-24 22:54:11 1645568 ----a-w- c:\windows\system32\connect.dll 2012-08-24 22:54:07 1169408 ----a-w- c:\windows\system32\sdclt.exe 2012-08-24 22:54:04 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys 2012-08-24 22:54:01 36352 ----a-w- c:\windows\system32\rtutils.dll 2012-08-24 22:44:01 772544 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-08-24 22:44:01 687544 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-24 22:37:53 866816 ----a-w- c:\windows\system32\wmpmde.dll 2012-08-24 22:37:18 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe 2012-08-24 22:37:17 310784 ----a-w- c:\windows\system32\unregmp2.exe 2012-08-24 22:37:11 7680 ----a-w- c:\windows\system32\spwmp.dll 2012-08-24 22:37:10 107520 ----a-w- c:\program files\windows media player\wmpshare.exe 2012-08-24 22:37:10 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe 2012-08-24 22:37:08 4096 ----a-w- c:\windows\system32\msdxm.ocx 2012-08-24 22:37:08 4096 ----a-w- c:\windows\system32\dxmasf.dll 2012-08-24 22:36:14 66048 ----a-w- c:\program files\windows mail\wabmig.exe 2012-08-24 22:36:14 515584 ----a-w- c:\program files\windows mail\wab.exe 2012-08-24 22:36:14 33280 ----a-w- c:\program files\windows mail\wabfind.dll 2012-08-24 22:33:34 81920 ----a-w- c:\windows\system32\iccvid.dll 2012-08-24 22:25:09 276992 ----a-w- c:\windows\system32\schannel.dll 2012-08-24 22:05:01 -------- d-----w- c:\users\steven\appdata\local\Deployment 2012-08-24 22:05:01 -------- d-----w- c:\users\steven\appdata\local\Apps 2012-08-24 21:54:32 -------- d-----w- c:\program files\common files\InterVideo 2012-08-24 21:53:10 -------- d-----w- c:\program files\InterVideo 2012-08-24 21:52:09 255848 ----a-w- c:\windows\system32\xactengine2_6.dll 2012-08-24 21:52:07 251672 ----a-w- c:\windows\system32\xactengine2_5.dll 2012-08-24 21:52:05 440080 ----a-w- c:\windows\system32\d3dx10.dll 2012-08-24 21:52:04 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2012-08-24 21:52:02 237848 ----a-w- c:\windows\system32\xactengine2_4.dll 2012-08-24 21:52:02 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll 2012-08-24 21:52:01 68888 ----a-w- c:\windows\system32\xinput1_3.dll 2012-08-24 21:52:00 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll 2012-08-24 21:48:41 487424 ----a-w- c:\windows\system32\INT15.dll 2012-08-24 21:47:35 17952 ----a-w- c:\windows\system32\drivers\int15_64.sys 2012-08-24 21:47:35 12832 ----a-w- c:\windows\system32\drivers\int15.sys 2012-08-24 21:46:12 -------- d-----w- c:\users\steven\appdata\local\ATI 2012-08-24 21:45:46 -------- d-----w- c:\users\steven\appdata\roaming\Acer 2012-08-24 21:45:45 -------- d-----w- c:\users\steven\appdata\local\Google 2012-08-24 21:45:30 -------- d-sh--w- C:\$RECYCLE.BIN 2012-08-24 21:44:16 -------- d-----w- c:\programdata\Partner 2012-08-24 21:44:12 -------- d-----w- c:\users\steven\appdata\local\VirtualStore 2012-08-24 21:44:00 -------- d-----w- c:\program files\Acer . ==================== Find3M ==================== . . ============= FINISH: 21:41:13.60 ===============

Thank you so much for your help. I have MBAM installed, and my antivirus and Windows update automatically. I very rarely use Internet Explorer, but it is updated along with Windows. I will check out the other recommended programs.

One threat: C:\Program Files\Games\Leeloo's Talent Agency\LeeloosTalentAgency.exe probably a variant of Win32/Agent.MPNCBJY trojan cleaned by deleting - quarantined

I updated Java and did a full MBAM scan. My browsing is faster now and my hard drive doesn't seem to be running for no apparent reason now. MBAM found no malicious items, but since you asked me to post the results, here they are. I appreciate all your help. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5003 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 10/30/2010 11:24:14 PM mbam-log-2010-10-30 (23-24-14).txt Scan type: Full scan (C:\|) Objects scanned: 212576 Time elapsed: 1 hour(s), 18 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Browsing seems to be better, but I haven't been on much, as I've been cleaning up around the house. I guess I can let you know if I have any more problems?

ComboFix 10-10-29.03 - Guest1 10/30/2010 11:29:48.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1014.214 [GMT -4:00] Running from: c:\users\Guest1\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 ))))))))))))))))))))))))))))))) . 2010-10-30 15:48 . 2010-10-30 15:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-10-30 15:23 . 2010-10-30 15:24 -------- d-----w- C:\32788R22FWJFW 2010-10-29 11:12 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65D77D35-516F-4685-87B9-D9E6B604A9B2}\mpengine.dll 2010-10-27 00:16 . 2010-10-27 00:16 -------- d-----w- c:\users\Guest1\AppData\Roaming\Malwarebytes 2010-10-27 00:15 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-27 00:15 . 2010-10-27 00:15 -------- d-----w- c:\programdata\Malwarebytes 2010-10-27 00:15 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-27 00:15 . 2010-10-27 00:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-26 23:07 . 2010-10-26 23:07 -------- d-----w- c:\program files\Microsoft.NET 2010-10-26 23:05 . 2010-10-26 23:06 -------- d-----w- C:\e43db75c607a9d54628388008c 2010-10-26 21:43 . 2010-10-26 21:43 -------- d-----w- C:\76020dcdee7c96ecd8bb7d7c9d5366 2010-10-26 19:29 . 2010-10-26 19:29 -------- d-----w- c:\program files\Common Files\Adobe 2010-10-25 16:27 . 2010-10-25 16:27 -------- d-----w- c:\programdata\WorldWinner.com 2010-10-18 01:37 . 2010-10-18 03:08 -------- d-----w- c:\users\Guest1\Calibre Library 2010-10-18 01:36 . 2010-10-18 01:38 -------- d-----w- c:\users\Guest1\AppData\Roaming\calibre 2010-10-12 22:08 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe 2010-10-12 22:08 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll 2010-10-12 22:06 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll 2010-10-12 22:06 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll 2010-10-12 22:06 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll 2010-10-12 22:05 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2010-10-12 22:05 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL 2010-10-12 22:05 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys 2010-10-12 22:05 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll 2010-10-12 22:05 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys 2010-10-12 22:05 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-10-12 22:05 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-10-12 22:05 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll 2010-10-12 22:05 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll 2010-10-06 22:14 . 2010-10-12 23:08 -------- d-----w- c:\users\Guest1\AppData\Roaming\GrabIt 2010-10-06 22:07 . 2010-10-06 22:07 -------- d-----w- c:\program files\GrabIt 2010-10-06 19:23 . 2010-09-02 12:17 196608 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll 2010-10-06 19:21 . 2010-10-06 19:21 -------- d-----w- c:\users\Guest1\AppData\Local\Eastman_Kodak_Company 2010-10-06 19:20 . 2010-10-21 18:35 -------- d-----w- c:\users\Guest1\AppData\Local\Microsoft Corporation 2010-10-06 19:13 . 2010-10-06 19:13 -------- d-----w- c:\windows\system32\kodak 2010-10-06 19:09 . 2010-10-06 19:11 -------- d-----w- c:\program files\Kodak 2010-10-06 19:08 . 2010-10-06 19:08 -------- d-----w- c:\program files\Bonjour 2010-10-06 19:08 . 2010-10-06 19:08 -------- d-----w- c:\programdata\Apple 2010-10-06 19:07 . 2010-10-27 02:09 -------- d-----w- c:\programdata\Kodak 2010-10-06 19:04 . 2010-10-06 19:21 -------- d-----w- c:\users\Guest1\AppData\Local\Eastman Kodak Company 2010-10-03 07:01 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys 2010-10-03 07:01 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-19 15:41 . 2010-05-27 21:13 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-09-07 15:12 . 2010-06-29 18:33 38848 ----a-w- c:\windows\avastSS.scr 2010-09-07 15:11 . 2010-05-27 22:09 167592 ----a-w- c:\windows\system32\aswBoot.exe 2010-09-07 14:52 . 2010-05-27 22:11 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-09-07 14:52 . 2010-05-27 22:11 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-09-07 14:47 . 2010-05-27 22:11 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-09-07 14:47 . 2010-05-27 22:11 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2010-09-07 14:47 . 2010-05-27 22:11 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-09-02 12:21 . 2010-09-02 12:21 131072 ----a-w- c:\windows\system32\EKIJCOINST09.dll 2010-09-02 12:17 . 2010-09-02 12:17 421888 ----a-w- c:\windows\system32\EKIJ5000MON.dll 2010-08-21 05:32 . 2010-09-16 13:54 316928 ----a-w- c:\windows\system32\spoolsv.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-06 7600672] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-06 1833504] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-09-03 1557800] "NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2009-10-30 47456] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Norton Ghost 15.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2009-10-02 2596712] "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] c:\users\Guest1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [2010-09-13 308656] R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [2009-09-22 1571336] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 167424] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 7168] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-27 1343400] S0 bdisk;C.O.M.O.D.O. Disk Raw Access Filter;c:\windows\system32\drivers\bdisk.sys [2010-01-07 69672] S0 CBUfs;CBUfs;c:\windows\system32\DRIVERS\CBUFS.sys [2010-01-07 121696] S1 aswSP;aswSP; [x] S1 nnfwdk;Nielsen WFP Driver;c:\program files\NetRatingsNetSight\NetSight\meter1\nnfwdk.sys [2009-12-29 20560] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768] S2 SynchronizationService.exe;Comodo BackUp Service;c:\program files\COMODO\COMODO BackUp\SynchronizationService.exe [2010-01-07 942328] S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2009-09-22 46192] S3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2009-09-22 1964528] --- Other Services/Drivers In Memory --- *NewlyCreated* - NORMANDY *Deregistered* - Normandy . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\users\Guest1\AppData\Roaming\Mozilla\Firefox\Profiles\epft05m0.default\ FF - component: c:\program files\NetRatingsNetSight\NetSight\meter1\FFAddon\components\nsgkff36_meter1.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol400.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - HKLM-Run-Conime - c:\windows\system32\conime.exe . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2010-10-30 11:56:52 ComboFix-quarantined-files.txt 2010-10-30 15:56 Pre-Run: 126,324,469,760 bytes free Post-Run: 126,787,682,304 bytes free - - End Of File - - 19BAD9154B006ED98839B9CAC6529726

I tried to paste all three logs into this message, but I was told the post was too long. I am going to attach them, and if that's a problem, then please let me know how you'd like me to post the logs. I included about as detailed a description as I could give in my original post, so I'm going to leave that out of this post. If you need anything else, please let me know. Logs.zip

I'm not 100% sure that I have a virus, but my browsing recently became very slow and I've been getting errors when trying to install MBAM. My hard drive also runs frequently for no apparent reason. I did finally get MBAM to install, and it couldn't find anything, but I ran the other suggested programs as a precaution and would appreciate some feedback. My hard drive is less than 25% full, and I run ccleaner and defrag regularly, so I can't think of any other reason for the decreased speed. Thank you in advance for your help, and here is the DDS info, the rest is attached: DDS (Ver_10-10-21.02) - NTFSx86 Run by Guest1 at 19:18:46.01 on Tue 10/26/2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1014.83 [GMT -4:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe C:\Program Files\Norton Ghost\Agent\VProTray.exe C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\StikyNot.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Guest1\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe mRun: [skytel] c:\program files\realtek\audio\hda\Skytel.exe mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [NielsenOnline] c:\program files\netratingsnetsight\netsight\NielsenOnline.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Norton Ghost 15.0] "c:\program files\norton ghost\agent\VProTray.exe" mRun: [Conime] %windir%\system32\conime.exe mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\users\guest1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Notify: igfxcui - igfxdev.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\guest1\appdata\roaming\mozilla\firefox\profiles\epft05m0.default\ FF - component: c:\program files\netratingsnetsight\netsight\meter1\ffaddon\components\nsgkff36_meter1.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified ============= SERVICES / DRIVERS =============== R0 bdisk;C.O.M.O.D.O. Disk Raw Access Filter;c:\windows\system32\drivers\bdisk.sys [2010-1-7 69672] R0 CBUfs;CBUfs;c:\windows\system32\drivers\cbufs.sys [2010-1-7 121696] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-27 165584] R1 nnfwdk;Nielsen WFP Driver;c:\program files\netratingsnetsight\netsight\meter1\nnfwdk.sys [2010-6-12 20560] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-27 17744] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-5-27 50768] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-9 40384] R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-9-13 308656] R2 SynchronizationService.exe;Comodo BackUp Service;c:\program files\comodo\comodo backup\SynchronizationService.exe [2010-1-7 942328] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-9 40384] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-9 40384] R3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [2009-9-21 46192] R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2009-9-21 1964528] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 GenericMount Helper Service;GenericMount Helper Service;c:\program files\norton ghost\shared\drivers\GenericMountHelper.exe [2009-9-21 1571336] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-4-22 167424] S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-7-13 7168] =============== Created Last 30 ================ 2010-10-26 23:05:59 -------- d-----w- C:\e43db75c607a9d54628388008c 2010-10-26 22:46:37 -------- d-----w- c:\windows\system32\appmgmt 2010-10-26 21:43:18 -------- d-----w- C:\76020dcdee7c96ecd8bb7d7c9d5366 2010-10-26 16:50:49 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{d27367e1-5c2d-4a9c-936d-b8eb8288fd74}\mpengine.dll 2010-10-25 16:27:30 -------- d-----w- c:\progra~2\WorldWinner.com 2010-10-18 01:37:04 -------- d-----w- c:\users\guest1\Calibre Library 2010-10-18 01:36:41 -------- d-----w- c:\users\guest1\appdata\roaming\calibre 2010-10-12 22:08:10 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe 2010-10-12 22:08:09 1413632 ----a-w- c:\windows\system32\ole32.dll 2010-10-12 22:06:37 530432 ----a-w- c:\windows\system32\comctl32.dll 2010-10-12 22:06:32 954752 ----a-w- c:\windows\system32\mfc40.dll 2010-10-12 22:06:31 954288 ----a-w- c:\windows\system32\mfc40u.dll 2010-10-12 22:05:56 164864 ----a-w- c:\program files\windows media player\wmplayer.exe 2010-10-12 22:05:52 12625408 ----a-w- c:\windows\system32\wmploc.DLL 2010-10-12 22:05:42 2327552 ----a-w- c:\windows\system32\win32k.sys 2010-10-12 22:05:18 310784 ----a-w- c:\windows\system32\drivers\srv.sys 2010-10-12 22:05:18 308736 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-10-12 22:05:18 168448 ----a-w- c:\windows\system32\srvsvc.dll 2010-10-12 22:05:17 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-10-12 22:05:14 738816 ----a-w- c:\windows\system32\wmpmde.dll 2010-10-12 22:05:11 363520 ----a-w- c:\windows\system32\StructuredQuery.dll 2010-10-06 22:14:08 -------- d-----w- c:\users\guest1\appdata\roaming\GrabIt 2010-10-06 22:07:25 -------- d-----w- c:\program files\GrabIt 2010-10-06 19:23:39 196608 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll 2010-10-06 19:21:14 -------- d-----w- c:\users\guest1\appdata\local\Eastman_Kodak_Company 2010-10-06 19:20:37 -------- d-----w- c:\users\guest1\appdata\local\Microsoft Corporation 2010-10-06 19:13:32 -------- d-----w- c:\windows\system32\kodak 2010-10-06 19:09:22 -------- d-----w- c:\program files\Kodak 2010-10-06 19:08:53 -------- d-----w- c:\program files\Bonjour 2010-10-06 19:07:43 -------- d-----w- c:\progra~2\Kodak 2010-10-06 19:04:54 -------- d-----w- c:\users\guest1\appdata\roaming\Temp 2010-10-06 19:04:50 -------- d-----w- c:\users\guest1\appdata\local\Eastman Kodak Company 2010-10-03 07:01:38 190976 ----a-w- c:\windows\system32\drivers\ks.sys 2010-10-03 07:01:38 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys 2010-09-29 10:34:43 2048 ----a-w- c:\windows\system32\tzres.dll 2010-09-29 10:34:27 13312 ----a-w- c:\program files\internet explorer\iecompat.dll ==================== Find3M ==================== 2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll 2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec 2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr 2010-09-02 12:21:58 131072 ----a-w- c:\windows\system32\EKIJCOINST09.dll 2010-09-02 12:17:46 421888 ----a-w- c:\windows\system32\EKIJ5000MON.dll 2010-08-26 04:39:58 109056 ----a-w- c:\windows\system32\t2embed.dll 2010-08-21 05:36:24 224256 ----a-w- c:\windows\system32\schannel.dll 2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe 2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll 2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll ============= FINISH: 19:20:35.73 =============== Attach.zip