Open Cloud Security- am I fixed?

[fishConservation]

Hi,

I was recently infected with OpenCloud Security, a fake malware program. Prior to finding this helpful forum, I attempted multiple techniques to remove the malware, including Microsoft Security Sweep Tool. This found a number of viruses, but even after restarting I was unable to run MalwareBytes (or any other protection program). Within seconds of opening, it would quit the scan, and I was unable to open again. This also occurred in safe mode. After using GMER Rootkit Scanner, I deleted an identified rootkit virus (again, this was prior to finding this forum that states NOT to do that). However, since doing this, I have been able to use MalwareBytes (after re-installing), which did find more viruses, which were removed successfully.

Although I am able to run my anti-malware/virusware (MalwareBytes and Avira), I am getting frequent messages about viruses being found. And by reading about Rootkit viruses, I am concerned about the integrity of my system. Hopefully I have followed all the protocol for the forum correctly (My DDMS and GMER results are posted). Please let me know if there is any other information I can provide. Thank you for your time.

DDS txt file

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 1.6.0_26

Run by Nathan at 7:41:56 on 2011-09-30

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2519.1802 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Microsoft Security Essentials *Enabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://lenovo.live.com

uDefault_Page_URL = hxxp://lenovo.live.com

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll

BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

BHO: 1 (0x1) - No File

BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [win2119b744] c:\users\nathan\appdata\local\temp\win2119b744.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r

mRun: [intelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray

mRun: [<NO NAME>]

mRun: [TpShocks] TpShocks.exe

mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe

mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe

mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe

mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe

mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup

mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor

mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog

mRun: [CreateLMBCShortCut] "c:\program files\lenovo\mobile broadband connect\UserShortcutCreator.exe"

mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe

mRun: [ACWlIcon] c:\program files\thinkpad\connectutilities\ACWlIcon.exe

mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey

mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [snpstd3] c:\windows\vsnpstd3.exe

mRun: [tsnpstd3] c:\windows\tsnpstd3.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\users\nathan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\users\nathan\appdata\roaming\micros~1\windows\startm~1\programs\startup\win211~1.lnk - c:\users\nathan\appdata\local\temp\win2119b744.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{a7091e1d-36a4-47f1-a739-173cc341414f}\Icon3E5562ED7.ico

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{AE9638A1-0706-4AA2-A99C-34A4FB6A3D10} : DhcpNameServer = 66.78.202.254 66.78.210.254

TCP: Interfaces\{B5BDE8C5-7E39-438A-ACFA-2CB78DEDEBB7} : DhcpNameServer = 75.75.76.76 75.75.75.75

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

LSA: Notification Packages = scecli ACGina

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\nathan\appdata\roaming\mozilla\firefox\profiles\huo5uhcn.default\

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.gmail.com

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - plugin: c:\users\nathan\appdata\roaming\facebook\npfbplugin_1_0_1.dll

FF - plugin: c:\users\nathan\appdata\roaming\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\users\nathan\appdata\roaming\move networks\plugins\071802000001\npqmp071802000001.dll

FF - plugin: c:\users\nathan\appdata\roaming\move networks\plugins\npqmp071505000010.dll

FF - plugin: c:\users\nathan\appdata\roaming\move networks\plugins\npqmp071505000011.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

============= SERVICES / DRIVERS ===============

.

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-3-27 221824]

R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2009-6-6 81280]

R3 MUXMP;My WiFi PAN MUX-IM Virtual Miniport Driver;c:\windows\system32\drivers\mux.sys [2009-2-9 29232]

R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2009-2-9 3715072]

S0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-12-14 344712]

S0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-8-21 53816]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-19 13480]

S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

S1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\29574\RapportCerberus32_29574.sys [2011-8-7 216912]

S1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-8-21 66360]

S1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-8-21 158904]

S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2009-6-6 48192]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-9-25 136360]

S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-9-26 269480]

S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-9-25 66616]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-24 136176]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-4-16 45424]

S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]

S2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-10-22 22816]

S2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-8-25 103744]

S2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-10-22 147984]

S2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-10-22 66880]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-12-14 69192]

S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-6-6 66848]

S2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-8-21 870200]

S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]

S2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-4-16 62320]

S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-24 520192]

S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-24 360448]

S2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-6-6 2058776]

S2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-5-10 110592]

S2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-5-10 1858048]

S2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-5-10 482304]

S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2009-6-6 3881472]

S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2009-6-6 54784]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-24 136176]

S3 intelkmd;intelkmd;c:\windows\system32\drivers\igdkmd32.sys [2009-6-6 2381312]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-12-14 91896]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-12-14 43192]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-12-14 66536]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]

S3 MUXP;My WiFi PAN Mux-IM Protocol Driver;c:\windows\system32\drivers\mux.sys [2009-2-9 29232]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\intel\wifi\bin\PanDhcpDns.exe [2009-2-11 204800]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-15 1120752]

S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-09-30 12:40:02 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6428307d-2137-41b6-ba3d-0767a2ef079b}\offreg.dll

2011-09-30 12:39:59 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0815784f-d10b-46c0-9671-447ed49a176e}\offreg.dll

2011-09-30 12:33:50 439632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8f6768f4-f2c4-4734-a010-515f5d051f57}\gapaengine.dll

2011-09-30 12:33:31 7269712 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0815784f-d10b-46c0-9671-447ed49a176e}\mpengine.dll

2011-09-30 12:10:07 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-29 20:16:58 -------- d-----w- C:\TDSSKiller_Quarantine

2011-09-28 00:56:03 -------- d-----w- c:\program files\Microsoft Security Client

2011-09-28 00:55:17 221568 ----a-w- c:\windows\system32\drivers\netio.sys

2011-09-28 00:38:43 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6428307d-2137-41b6-ba3d-0767a2ef079b}\mpengine.dll

2011-09-27 02:01:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware3

2011-09-27 00:40:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2

2011-09-26 23:44:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-26 05:11:19 -------- d-----w- c:\windows\Standalone System Sweeper

2011-09-25 21:34:09 -------- d-----w- c:\users\nathan\appdata\roaming\Avira

2011-09-25 21:32:55 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-09-25 21:32:55 -------- d-----w- c:\programdata\Avira

2011-09-25 21:32:55 -------- d-----w- c:\program files\Avira

2011-09-13 23:59:53 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

.

==================== Find3M ====================

.

2011-09-29 20:17:51 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2011-09-11 15:37:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-21 15:00:36 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2011-07-23 11:04:29 916480 ----a-w- c:\windows\system32\wininet.dll

2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll

2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll

2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec

2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-11 13:25:35 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

.

============= FINISH: 7:43:40.73 ===============

GMER txt file

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-09-29 21:01:02

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0084

Running: dlmdi1m4.exe; Driver: C:\Users\Nathan\AppData\Local\Temp\kgriqpog.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0559cba7

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB30660$\1281546711 0 bytes

File C:\Windows\$NtUninstallKB30660$\4137123500 0 bytes

File C:\Windows\$NtUninstallKB30660$\4137123500\@ 2048 bytes

File C:\Windows\$NtUninstallKB30660$\4137123500\bckfg.tmp 849 bytes

File C:\Windows\$NtUninstallKB30660$\4137123500\cfg.ini 359 bytes

File C:\Windows\$NtUninstallKB30660$\4137123500\Desktop.ini 4608 bytes

File C:\Windows\$NtUninstallKB30660$\4137123500\keywords 0 bytes

File C:\Windows\$NtUninstallKB30660$\4137123500\kwrd.dll 208896 bytes

File C:\Windows\$NtUninstallKB30660$\4137123500\L 0 bytes

File C:\Windows\$NtUninstallKB30660$\4137123500\L\ogejidap 54784 bytes

File C:\Windows\$NtUninstallKB30660$\4137123500\lsflt7.ver 1199 bytes

File C:\Windows\$NtUninstallKB30660$\4137123500\U 0 bytes

File C:\Windows\$NtUninstallKB30660$\4137123500\U\00000001.@ 2048 bytes

File C:\Windows\$NtUninstallKB30660$\4137123500\U\00000002.@ 209920 bytes

File C:\Windows\$NtUninstallKB30660$\4137123500\U\80000000.@ 1024 bytes

File C:\Windows\$NtUninstallKB30660$\4137123500\U\80000032.@ 71168 bytes

---- EOF - GMER 1.0.15 ----

I also have the "attach.txt" file from DDS; there are mixed messages on the forums about whether or not to attach this. I will leave it out until instructed to do so. Thank you again.

[daledoc1]

Hello, and welcome to Malwarebytes, fishConservation:

Sorry to hear that your computer may be infected.

Alas, we cannot review scan logs or work on malware detection/removal in this part of the General MBAM forum.

If you would like expert assistance with cleaning your system, there are 3 support options from which to choose:

• Option 1 -- Free, Expert advice in the Malware Removal Forum
  
• Option 2 -- Free support for paying customers using MBAM PRO -- Contact MBAM Support via email
  
• Option 3 -- Premium, Fee-Based Support
  

OPTION 1

As we don't deal with malware removal in this General MBAM Forum, you need to start a topic in the Malware Removal forum so that a qualified helper can help you fix any malware related problems/infections you may have.

• First, please print out, read and follow the directions here, skipping any steps you are unable to complete. You've obviously already done much of this.
  
• Please post a NEW topic in the Malware Removal forum, using copy/paste to include your scan logs, rather than attaching them to your post.
  
• When posting your new thread, please make sure that, under "options", you select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post.
  
• One of the expert helpers there will give you free, one-on-one assistance when one becomes available.
  

IMPORTANT NOTE: Please do NOT make any further changes to your computer such as (Install/Uninstall programs; use special fix tools; delete files; edit the registry; OR use temp file cleaners, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.

IMPORTANT NOTE: Please DO NOT post back to your topic or "bump" it within the first 48 hours.

Replying to your own posts changes the post count from zero. Helpers are looking for topics with zero replies. If you reply to your own post, helpers may think that you're already being helped and thus may overlook your post. This will only delay your obtaining assistance.

• 
  o If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
  Or
  o You may send a Private Message to a Moderator asking for assistance.
  

OPTION 2

Alternatively, as a paying customer using MBAM PRO, you can contact the help desk at support@malwarebytes.org or here.

OPTION 3

If you would like to use the Malwarebytes Premium Services (Comprehensive solutions to all your computer support needs -- from installation and set-up to troubleshooting and tune-ups), please go to the Malwarebytes Premium Services support site.

Please be patient -- someone will assist you as soon as it is possible.

Thanks very much!

daledoc1

PS: Please use the button instead of other ones when you reply here and at the other forums, so that it will be easier to read.