know I have a virus, don't know anything else about it.

[faerieem]

I visited back in January; this was my experience:
http://www.computerhope.com/forum/index.php/topic,115115.msg770237.html#msg770237

I have a nearly 4 year old Toshiba Satellite A135 running Windows Vista, 32-bit, SP2.  1.5 GB of RAM and a 110 GB hard drive that has 2.3 GB free, which I know is part of the super super slowness on the machine.  I'm happy to accept suggestions of good external drives under $100 or so.

I have kept MSE running carefully since then & I use Web of Trust on the internet, which I browse with Firefox.  The only new program that I have installed since my January visit here is Skype, which my father-in-law installed in March.  I try to be diligent about shutting our computer down at night, which helps some with the slowness.

Our internet usage is typically limited to trusted commerce sites, facebook, a couple of vbulletin forums, twitter, and gmail.  Neither my husband nor I are idiots about internet usage/visiting sites that could be dangerous, etc, so I feel sort of stupid even being back here again so soon, especially as prior to the malware incident in January, we have never had trouble with viruses or spyware.

For the last few weeks, my computer has run ever slower.  Now I am unable to install new programs or updates to existing programs, notably Firefox and Thunderbird, both of which have updates that they repeatedly try to install, but I am told I don't have permission to
access the downloaded files.

A few weeks ago, I took the computer to a local tech shop, which ran scans and told me I had a virus, but $200 is more than I want to spend to repair a machine that isn't new and was only about 3 times that much new.  We're talking about buying a new machine, but until then, I'd love to get this one running properly and a bit faster.

I ran MSE and it quarantined and removed something it found as a threat, but I continue to have trouble with the installation of new items.  Fortunately, I had all of the assessment tools still installed after last time.

Logs below.
Thanks for the help!
emily

-------------
Super AntiSpyware
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/24/2011 at 00:17 AM

Application Version : 4.48.1000

Core Rules Database Version : 7125
Trace Rules Database Version: 4937

Scan type       : Complete Scan
Total Scan Time : 04:21:56



Memory items scanned      : 779
Memory threats detected   : 0
Registry items scanned    : 8390
Registry threats detected : 0
File items scanned        : 187520
File threats detected     : 22

Adware.Tracking Cookie
   ia.media-imdb.com [ C:\Users\Brett\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FAKC2BUB ]
   media2.wah.fm [ C:\Users\Brett\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FAKC2BUB ]
   secure-us.imrworldwide.com [ C:\Users\Brett\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FAKC2BUB ]
   .adserver.adtechus.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .bs.serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .doubleclick.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .chitika.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .invitemedia.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .invitemedia.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .invitemedia.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .atdmt.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .atdmt.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .tribalfusion.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .collective-media.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .imrworldwide.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .imrworldwide.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]

-----

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6662

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

5/24/2011 8:13:36 AM
mbam-log-2011-05-24 (08-13-36).txt

Scan type: Quick scan
Objects scanned: 200738
Time elapsed: 15 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\ndo8thb2ikwe (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:36:09 PM, on 5/24/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\TrendMicro\Trend Micro\HiJackThis\sniper.exe.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-21-961768651-989949159-2568054308-1000\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R (User '?')
O4 - HKUS\S-1-5-21-961768651-989949159-2568054308-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-21-961768651-989949159-2568054308-1000\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - S-1-5-21-961768651-989949159-2568054308-1000 Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (User '?')
O4 - Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: CabCCT - https://oct.collaborationhost.net//codebase/ActCtrl_Apptix.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device -   - C:\Windows\system32\lxcgcoms.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Emsisoft\Online Armor\oasrv.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10470 bytes

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
****************************************************

110 GB hard drive that has 2.3 GB free,

Windows requires 15% (17 Gb) or more to operate properly. I'm surprised that you can even boot that computer. You will need to free up some space. You can do this by removing unused programs. You can also off-load important documents, files, videos, music and pictures to DVD's. There's not much I can do with the computer until you free up some space. You can start by uninstalling SAS and MBAM. You can also get a lite version of QuickTime here. Please let me know when you are able to free up some space.
In the meantime, you can do this below. You can also run MRT which should be already on your computer.

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
*********************************************
* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.

[faerieem]

Windows requires 15% (17 Gb) or more to operate properly. I'm surprised that you can even boot that computer. You will need to free up some space. You can do this by removing unused programs. You can also off-load important documents, files, videos, music and pictures to DVD's. There's not much I can do with the computer until you free up some space. You can start by uninstalling SAS and MBAM. You can also get a lite version of QuickTime here. Please let me know when you are able to free up some space.

done.  I have 19.6 GB free now.  I wasn't able to uninstall anything except one set of printer drivers for a printer I no longer use.  using the control panel / programs to uninstall brought up an assortment of error messages, largely telling me that the uninstall process failed.  I can attempt the process again if you want me to provide verbatim messages.

I largely moved off a huge amount of old photos, which are backed up on DVDs and a second older desktop.

Open HijackThis and select Do a system scan only
Place a check mark next to the following entries: (if there)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

Important: Close all open windows except for HijackThis and then click Fix checked.

done.

* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.

I received an error message on trying to start the program.  It reads "An error has occurred.  Please visit the Malicious Software Removal  Tool Help Page for more details" however clicking on the link did nothing.

[SuperDave]

using the control panel / programs to uninstall brought up an assortment of error messages, largely telling me that the uninstall process failed.  I can attempt the process again if you want me to provide verbatim messages.

A lot of programs have their own uninstaller. You can find them by going to All Programs and put your mouse pointer on the progam in question. If there is an uninstaller, you will find under a drop-down.

largely moved off a huge amount of old photos, which are backed up on DVDs and a second older desktop.

That's a safer method of saving them.

I received an error message on trying to start the program.  It reads "An error has occurred.  Please visit the Malicious Software Removal  Tool Help Page for more details" however clicking on the link did nothing.

It's probably not installed. You can download it, if you wish and you have the space.

Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[faerieem]

when I try to install any new program, including Combo Fix and the Malicious Software Removal Tool, I receive this message:
Windows cannot access the specified device, path, or file.  You may not have the appropriate permissions to access the item.

I am logged in with my own user account, which has always had administrator rights.

[SuperDave]

Please try it in Safe Mode.

[faerieem]

done in safe mode.  still in safe mode.  returning to regular mode yielded the same response as above on trying to open Firefox.
------
ComboFix 11-05-25.01 - Emily 05/26/2011  18:06:38.4.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1525.978 [GMT -5:00]
Running from: c:\users\Emily\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: Online Armor Firewall *Enabled* {5841EF60-F43F-AE8D-642F-D79F12883626}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
.
.
(((((((((((((((((((((((((   Files Created from 2011-04-26 to 2011-05-26  )))))))))))))))))))))))))))))))
.
.
2011-05-26 23:14 . 2011-05-26 23:14   --------   d-----w-   c:\users\Emily\AppData\Local\temp
2011-05-26 23:14 . 2011-05-26 23:14   --------   d-----w-   c:\users\Public\AppData\Local\temp
2011-05-26 22:59 . 2011-05-26 23:00   --------   d-----w-   C:\32788R22FWJFW
2011-05-26 13:05 . 2011-05-09 20:46   6962000   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B72339B-629A-48A2-A890-A46368978DE6}\mpengine.dll
2011-05-23 00:59 . 2011-05-23 01:00   --------   d-----w-   c:\users\test
2011-05-20 13:10 . 2010-11-30 16:43   439632   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E9CE9344-25FB-4A95-9F56-050877A81D7F}\gapaengine.dll
2011-05-11 13:55 . 2011-04-07 12:01   2409784   ----a-w-   c:\program files\Windows Mail\OESpamFilter.dat
2011-04-30 20:26 . 2011-04-30 20:27   --------   d-----w-   c:\users\Brett\AppData\Roaming\HpUpdate
2011-04-29 22:19 . 2011-04-29 22:19   --------   d-----w-   c:\users\Emily\AppData\Roaming\QuickScan
2011-04-27 19:34 . 2011-03-03 15:40   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
2011-04-27 19:34 . 2011-03-03 13:35   4240384   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 19:34 . 2011-03-12 21:55   876032   ----a-w-   c:\windows\system32\XpsPrint.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-26 22:56 . 2009-08-29 01:07   17408   ----a-w-   c:\windows\system32\rpcnetp.exe
2011-05-26 22:56 . 2009-08-29 01:25   56680   ----a-w-   c:\windows\system32\rpcnet.dll
2011-05-09 20:46 . 2011-01-19 16:34   6962000   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-04 12:39 . 2010-06-24 16:33   18328   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-03 17:39 . 2011-04-03 17:39   161792   ----a-w-   c:\windows\system32\msls31.dll
2011-04-03 17:39 . 2011-04-03 17:39   1126912   ----a-w-   c:\windows\system32\wininet.dll
2011-04-03 17:39 . 2011-04-03 17:39   86528   ----a-w-   c:\windows\system32\iesysprep.dll
2011-04-03 17:39 . 2011-04-03 17:39   76800   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2011-04-03 17:39 . 2011-04-03 17:39   74752   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2011-04-03 17:39 . 2011-04-03 17:39   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2011-04-03 17:39 . 2011-04-03 17:39   63488   ----a-w-   c:\windows\system32\tdc.ocx
2011-04-03 17:39 . 2011-04-03 17:39   367104   ----a-w-   c:\windows\system32\html.iec
2011-04-03 17:39 . 2011-04-03 17:39   74752   ----a-w-   c:\windows\system32\iesetup.dll
2011-04-03 17:39 . 2011-04-03 17:39   23552   ----a-w-   c:\windows\system32\licmgr10.dll
2011-04-03 17:39 . 2011-04-03 17:39   1427456   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-04-03 17:39 . 2011-04-03 17:39   152064   ----a-w-   c:\windows\system32\wextract.exe
2011-04-03 17:39 . 2011-04-03 17:39   150528   ----a-w-   c:\windows\system32\iexpress.exe
2011-04-03 17:39 . 2011-04-03 17:39   420864   ----a-w-   c:\windows\system32\vbscript.dll
2011-04-03 17:39 . 2011-04-03 17:39   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2011-04-03 17:39 . 2011-04-03 17:39   142848   ----a-w-   c:\windows\system32\ieUnatt.exe
2011-04-03 17:39 . 2011-04-03 17:39   11776   ----a-w-   c:\windows\system32\mshta.exe
2011-04-03 17:39 . 2011-04-03 17:39   101888   ----a-w-   c:\windows\system32\admparse.dll
2011-04-03 17:39 . 2011-04-03 17:39   35840   ----a-w-   c:\windows\system32\imgutil.dll
2011-04-03 17:39 . 2011-04-03 17:39   1797632   ----a-w-   c:\windows\system32\jscript9.dll
2011-04-03 17:39 . 2011-04-03 17:39   110592   ----a-w-   c:\windows\system32\IEAdvpack.dll
2011-03-10 17:03 . 2011-04-14 16:17   1162240   ----a-w-   c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-14 16:17   1136640   ----a-w-   c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-14 16:16   739328   ----a-w-   c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-27 19:34   173056   ----a-w-   c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 19:34   458752   ----a-w-   c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 19:34   542720   ----a-w-   c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 19:34   2159616   ----a-w-   c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25 . 2011-04-14 16:16   2041856   ----a-w-   c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-14 16:16   86528   ----a-w-   c:\windows\system32\dnsrslvr.dll
2011-05-26 22:58 . 2011-04-04 18:40   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-03-02 16949128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"NDSTray.exe"="NDSTray.exe" [BU]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-01-19 421888]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"PINGER"="c:\toshiba\IVP\ISM\pinger.exe" [2006-07-20 151552]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
.
c:\users\Brett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [N/A]
Skyscape SmartUpdate.lnk - c:\program files\Common Files\Skyscape\SmartUpdate.exe [N/A]
.
c:\users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2008-10-7 656896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-8-20 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Emsisoft\ONLINE~1\oaevent.dll" [2010-07-07 924488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@OnlineArmor GUI]
2010-07-07 18:52   6854984   ----a-w-   c:\program files\Emsisoft\Online Armor\oaui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-961768651-989949159-2568054308-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-961768651-989949159-2568054308-1001]
"EnableNotificationsRef"=dword:00000001
.
R1 MpKsl03424119;MpKsl03424119;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0BB4EACC-A5A3-4F7F-B797-644282BC17C1}\MpKsl03424119.sys

R1 MpKsl426faf11;MpKsl426faf11;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B19B3529-1F4D-4A28-A373-E8D5DD345EAC}\MpKsl426faf11.sys

R1 MpKsl9740c8cb;MpKsl9740c8cb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{035DE9EF-62E7-4BDD-9D5C-BE7A20C09D7F}\MpKsl9740c8cb.sys

R1 MpKsl97cc59aa;MpKsl97cc59aa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7DC0349C-A123-4915-88F6-C5760DABBD64}\MpKsl97cc59aa.sys

R1 MpKsl98d3fb52;MpKsl98d3fb52;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D116C21-CBB6-4EC3-B876-83CB4D1F411C}\MpKsl98d3fb52.sys

R1 MpKslc093615b;MpKslc093615b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33E8D659-5C96-4CEB-9406-D3E8DEA6CB14}\MpKslc093615b.sys

R1 MpKslc7d03e3e;MpKslc7d03e3e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{14BB1A6F-DF0E-4158-B709-4B88A99C9C3C}\MpKslc7d03e3e.sys

R1 MpKslf4303622;MpKslf4303622;c:\windows\system32\MpEngineStore\MpKslf4303622.sys [2011-03-03 28752]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-07-07 236104]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-07-07 22600]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 136176]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SvcOnlineArmor;Online Armor;c:\program files\Emsisoft\Online Armor\oasrv.exe [2010-07-07 3364680]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2010-07-07 29256]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

R4 OAcat;Online Armor Helper Service;c:\program files\Emsisoft\Online Armor\OAcat.exe [2010-07-07 1283400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
HPService   REG_MULTI_SZ      HPSLPSVC
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 22:15]
.
2011-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 22:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
mStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = <local>;*.local
DPF: CabCCT - hxxps://oct.collaborationhost.net//codebase/ActCtrl_Apptix.cab
FF - ProfilePath - c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\fsxq9ver.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-26 18:14
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-05-26  18:17:08
ComboFix-quarantined-files.txt  2011-05-26 23:16
ComboFix2.txt  2011-01-20 02:13
.
Pre-Run: 20,647,481,344 bytes free
Post-Run: 20,733,378,560 bytes free
.
- - End Of File - - 386EE067DC261FDC2043DE4364CC26A8

[faerieem]

should I run MRT now?

[SuperDave]

Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  

  KillAll::
  
  Registry::
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
  "DisableMonitoring"=-
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-961768651-989949159-2568054308-1000]
  "EnableNotificationsRef"=-
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-961768651-989949159-2568054308-1001]
  "EnableNotificationsRef"=-
  Driver::
  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

should I run MRT now?

Yes. Please try it now.

[faerieem]

ComboFix 11-05-28.01 - Emily 05/29/2011  11:55:31.5.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1525.960 [GMT -5:00]
Running from: c:\users\Emily\Desktop\ComboFix.exe
Command switches used :: c:\users\Emily\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: Online Armor Firewall *Enabled* {5841EF60-F43F-AE8D-642F-D79F12883626}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2011-04-28 to 2011-05-29  )))))))))))))))))))))))))))))))
.
.
2011-05-29 17:05 . 2011-05-29 17:19   --------   d-----w-   c:\users\Emily\AppData\Local\temp
2011-05-29 17:05 . 2011-05-29 17:05   --------   d-----w-   c:\users\Public\AppData\Local\temp
2011-05-29 17:05 . 2011-05-29 17:05   --------   d-----w-   c:\users\Guest\AppData\Local\temp
2011-05-29 17:05 . 2011-05-29 17:05   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-05-29 17:05 . 2011-05-29 17:05   --------   d-----w-   c:\users\Brett\AppData\Local\temp
2011-05-27 18:36 . 2011-05-27 18:36   --------   d-----w-   c:\users\Brett\AppData\Roaming\skypePM
2011-05-27 18:32 . 2011-05-27 18:39   --------   d-----w-   c:\users\Brett\AppData\Roaming\Skype
2011-05-27 17:17 . 2011-05-09 20:46   6962000   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2112E809-728B-43DB-A3D1-574A1BD7516D}\mpengine.dll
2011-05-23 00:59 . 2011-05-23 01:00   --------   d-----w-   c:\users\test
2011-05-20 13:10 . 2010-11-30 16:43   439632   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E9CE9344-25FB-4A95-9F56-050877A81D7F}\gapaengine.dll
2011-05-11 13:55 . 2011-04-07 12:01   2409784   ----a-w-   c:\program files\Windows Mail\OESpamFilter.dat
2011-04-30 20:26 . 2011-04-30 20:27   --------   d-----w-   c:\users\Brett\AppData\Roaming\HpUpdate
2011-04-29 22:19 . 2011-04-29 22:19   --------   d-----w-   c:\users\Emily\AppData\Roaming\QuickScan
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 17:17 . 2009-08-29 01:07   17408   ----a-w-   c:\windows\system32\rpcnetp.exe
2011-05-29 17:17 . 2009-08-29 01:25   56680   ----a-w-   c:\windows\system32\rpcnet.dll
2011-05-09 20:46 . 2011-01-19 16:34   6962000   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-04 12:39 . 2010-06-24 16:33   18328   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-03 17:39 . 2011-04-03 17:39   161792   ----a-w-   c:\windows\system32\msls31.dll
2011-04-03 17:39 . 2011-04-03 17:39   1126912   ----a-w-   c:\windows\system32\wininet.dll
2011-04-03 17:39 . 2011-04-03 17:39   86528   ----a-w-   c:\windows\system32\iesysprep.dll
2011-04-03 17:39 . 2011-04-03 17:39   76800   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2011-04-03 17:39 . 2011-04-03 17:39   74752   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2011-04-03 17:39 . 2011-04-03 17:39   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2011-04-03 17:39 . 2011-04-03 17:39   63488   ----a-w-   c:\windows\system32\tdc.ocx
2011-04-03 17:39 . 2011-04-03 17:39   367104   ----a-w-   c:\windows\system32\html.iec
2011-04-03 17:39 . 2011-04-03 17:39   74752   ----a-w-   c:\windows\system32\iesetup.dll
2011-04-03 17:39 . 2011-04-03 17:39   23552   ----a-w-   c:\windows\system32\licmgr10.dll
2011-04-03 17:39 . 2011-04-03 17:39   1427456   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-04-03 17:39 . 2011-04-03 17:39   152064   ----a-w-   c:\windows\system32\wextract.exe
2011-04-03 17:39 . 2011-04-03 17:39   150528   ----a-w-   c:\windows\system32\iexpress.exe
2011-04-03 17:39 . 2011-04-03 17:39   420864   ----a-w-   c:\windows\system32\vbscript.dll
2011-04-03 17:39 . 2011-04-03 17:39   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2011-04-03 17:39 . 2011-04-03 17:39   142848   ----a-w-   c:\windows\system32\ieUnatt.exe
2011-04-03 17:39 . 2011-04-03 17:39   11776   ----a-w-   c:\windows\system32\mshta.exe
2011-04-03 17:39 . 2011-04-03 17:39   101888   ----a-w-   c:\windows\system32\admparse.dll
2011-04-03 17:39 . 2011-04-03 17:39   35840   ----a-w-   c:\windows\system32\imgutil.dll
2011-04-03 17:39 . 2011-04-03 17:39   1797632   ----a-w-   c:\windows\system32\jscript9.dll
2011-04-03 17:39 . 2011-04-03 17:39   110592   ----a-w-   c:\windows\system32\IEAdvpack.dll
2011-03-12 21:55 . 2011-04-27 19:34   876032   ----a-w-   c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-14 16:17   1162240   ----a-w-   c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-14 16:17   1136640   ----a-w-   c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-14 16:16   739328   ----a-w-   c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-27 19:34   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
2011-03-03 15:40 . 2011-04-27 19:34   173056   ----a-w-   c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 19:34   458752   ----a-w-   c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 19:34   542720   ----a-w-   c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 19:34   2159616   ----a-w-   c:\windows\apppatch\AcGenral.dll
2011-03-03 13:35 . 2011-04-27 19:34   4240384   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-03 13:25 . 2011-04-14 16:16   2041856   ----a-w-   c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-14 16:16   86528   ----a-w-   c:\windows\system32\dnsrslvr.dll
2011-05-26 22:58 . 2011-04-04 18:40   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-03-02 16949128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"NDSTray.exe"="NDSTray.exe" [BU]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-01-19 421888]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"PINGER"="c:\toshiba\IVP\ISM\pinger.exe" [2006-07-20 151552]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
.
c:\users\Brett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [N/A]
Skyscape SmartUpdate.lnk - c:\program files\Common Files\Skyscape\SmartUpdate.exe [N/A]
.
c:\users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2008-10-7 656896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-8-20 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Emsisoft\ONLINE~1\oaevent.dll" [2010-07-07 924488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@OnlineArmor GUI]
2010-07-07 18:52   6854984   ----a-w-   c:\program files\Emsisoft\Online Armor\oaui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2010-11-30 19:20   997408   ----a-w-   c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-961768651-989949159-2568054308-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-961768651-989949159-2568054308-1001]
"EnableNotificationsRef"=dword:00000001
.
R1 MpKsl03424119;MpKsl03424119;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0BB4EACC-A5A3-4F7F-B797-644282BC17C1}\MpKsl03424119.sys

R1 MpKsl426faf11;MpKsl426faf11;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B19B3529-1F4D-4A28-A373-E8D5DD345EAC}\MpKsl426faf11.sys

R1 MpKsl9740c8cb;MpKsl9740c8cb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{035DE9EF-62E7-4BDD-9D5C-BE7A20C09D7F}\MpKsl9740c8cb.sys

R1 MpKsl97cc59aa;MpKsl97cc59aa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7DC0349C-A123-4915-88F6-C5760DABBD64}\MpKsl97cc59aa.sys

R1 MpKsl98d3fb52;MpKsl98d3fb52;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D116C21-CBB6-4EC3-B876-83CB4D1F411C}\MpKsl98d3fb52.sys

R1 MpKslc093615b;MpKslc093615b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33E8D659-5C96-4CEB-9406-D3E8DEA6CB14}\MpKslc093615b.sys

R1 MpKslc7d03e3e;MpKslc7d03e3e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{14BB1A6F-DF0E-4158-B709-4B88A99C9C3C}\MpKslc7d03e3e.sys

R1 MpKslf4303622;MpKslf4303622;c:\windows\system32\MpEngineStore\MpKslf4303622.sys [2011-03-03 28752]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-07-07 236104]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 136176]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SvcOnlineArmor;Online Armor;c:\program files\Emsisoft\Online Armor\oasrv.exe [2010-07-07 3364680]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

R4 OAcat;Online Armor Helper Service;c:\program files\Emsisoft\Online Armor\OAcat.exe [2010-07-07 1283400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-07-07 22600]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2010-07-07 29256]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
HPService   REG_MULTI_SZ      HPSLPSVC
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 22:15]
.
2011-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 22:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
mStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.1.1
DPF: CabCCT - hxxps://oct.collaborationhost.net//codebase/ActCtrl_Apptix.cab
FF - ProfilePath - c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\fsxq9ver.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
.
**************************************************************************
.
Completion time: 2011-05-29  12:26:27 - machine was rebooted
ComboFix-quarantined-files.txt  2011-05-29 17:25
ComboFix2.txt  2011-05-26 23:17
ComboFix3.txt  2011-01-20 02:13
.
Pre-Run: 19,847,061,504 bytes free
Post-Run: 19,735,728,128 bytes free
.
- - End Of File - - FF721FF789FD9B453A2EA0669CA10D5A

and I am running MRT now.

[SuperDave]

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

[faerieem]

Ran it.  Also got this message, though, when running in safe mode: "failed to start service.  SysProt AntiRootKit needs to be run with Admin privileges!"

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hidden files/folders found

[SuperDave]

Ran it.  Also got this message, though, when running in safe mode: "failed to start service.  SysProt AntiRootKit needs to be run with Admin privileges!"

That's strange. You should only get that message when you have a 64 bit computer. Let's try this.

Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

[faerieem]

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows Vista Home Edition (6.0.6002) Service Pack 2
[32_bits] - x86 Family 6 Model 14 Stepping 12, GenuineIntel
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Disabled !
Windows Defender -> Disabled !
User Account Control (UAC) -> Disabled !
.
Internet Explorer 9.0.8112.16421
Mozilla Firefox 4.0.1 (en-US)
.
C:\  [Fixed-NTFS] .. ( Total:110 Go - Free:18 Go )
D:\  [CD_Rom]
.
Scan : 20:58.33
Path : C:\Users\Emily\Desktop\Rooter.exe
User : Emily ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (356)
______ C:\Windows\system32\csrss.exe (484)
______ C:\Windows\system32\csrss.exe (520)
______ C:\Windows\system32\wininit.exe (528)
______ C:\Windows\system32\winlogon.exe (572)
______ C:\Windows\system32\services.exe (604)
______ C:\Windows\system32\lsass.exe (616)
______ C:\Windows\system32\lsm.exe (624)
______ C:\Windows\system32\svchost.exe (760)
______ C:\Windows\system32\svchost.exe (816)
______ c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (892)
______ C:\Windows\System32\svchost.exe (992)
______ C:\Windows\system32\svchost.exe (1020)
______ C:\Windows\System32\svchost.exe (1060)
______ C:\Windows\system32\svchost.exe (1108)
______ C:\Windows\system32\svchost.exe (1124)
______ C:\Windows\system32\svchost.exe (1304)
______ C:\Windows\system32\svchost.exe (1420)
______ C:\Windows\Explorer.EXE (1796)
______ C:\Users\Emily\Desktop\Rooter.exe (1624)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:1048576 | Length:1572864000)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:1573912576 | Length:118459727872)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
C:\Windows\joke.gif
==> KoobFace <==
.
----------------------\\ Scan completed at 21:00.12
.
C:\Rooter$\Rooter_1.txt - (29/05/2011 | 21:00.12)

[SuperDave]

Please update and run another scan with MBAM and post the log.