FBI virus, black screen for desktop, etc HELP

[katlyn]

It finally showed up on screen. Here are the logs.



Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.24.03

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Hailey :: HAILEY-PC [administrator]

1/23/2013 11:59:06 PM
mbar-log-2013-01-23 (23-59-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27716
Time elapsed: 1 hour(s), 26 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[katlyn]

Malwarebytes Anti-Rootkit BETA 1.01.0.1016

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6001 Windows Vista Service Pack 1 x86

Account is Administrative

Internet Explorer version: 8.0.6001.19088

Java version: 1.6.0_26

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.712000 GHz
Memory total: 937172992, free: 102539264

------------ Kernel report ------------
     01/23/2013 21:25:56
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\nvstor32.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\drivers\amdk8.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\drivers\usbohci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvmfdx32.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\HSXHWBS3.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\HSX_DP.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor32.sys
\SystemRoot\system32\drivers\usbprint.sys
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff84ef48e0
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000050\
Lower Device Object: 0xffffffff83a6d030
Lower Device Driver Name: \Driver\nvstor32\
Driver name found: nvstor32
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\Storport.sys (0x0)
IRP handler 0 hooked
IRP handler 2 hooked
IRP handler 14 hooked
IRP handler 15 hooked
IRP handler 22 hooked
IRP handler 23 hooked
IRP handler 27 hooked
Load Function returned 0x0
Downloaded database version: v2013.01.24.03
Downloaded database version: v2013.01.23.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff84ef48e0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84ef45d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff84ef48e0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff847fdb68, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff83a6d030, DeviceName: \Device\00000050\, DriverName: \Driver\nvstor32\
------------ End ----------
Upper DeviceData: 0xffffffffa5ced120, 0xffffffff84ef48e0, 0xffffffff83ba2ac8
Lower DeviceData: 0xffffffffa5d063d8, 0xffffffff83a6d030, 0xffffffff8c46dd80
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 464230242
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 464230305  Numsec = 24161760

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Done!
Performing system, memory and registry scan...
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011341191} --> [PUP.GamePlayLab]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal successful. No system shutdown is required.
=======================================

[katlyn]

2nd Scan....


Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.24.04

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Hailey :: HAILEY-PC [administrator]

1/24/2013 2:15:00 AM
mbar-log-2013-01-24 (02-15-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27715
Time elapsed: 1 hour(s), 49 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[katlyn]

Rebooted but still have a black desktop.   Haven't run the fixdamage yet.   Thanks for being so patient with me!

[SuperDave]

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply

[katlyn]

I did not download the AVAST Anti-virus program, just scanned and saved log.




aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-24 15:06:39
-----------------------------
15:06:39.847    OS Version: Windows 6.0.6001 Service Pack 1
15:06:39.847    Number of processors: 1 586 0x7F02
15:06:39.850    ComputerName: HAILEY-PC  UserName: Hailey
15:07:37.902    Initialize success
15:08:23.450    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000004f
15:08:23.460    Disk 0 Vendor: ST325031 3.AH Size: 238475MB BusType: 3
15:08:23.500    Disk 0 MBR read successfully
15:08:23.500    Disk 0 MBR scan
15:08:23.510    Disk 0 unknown MBR code
15:08:23.520    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       226674 MB offset 63
15:08:23.560    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        11797 MB offset 464230305
15:08:23.610    Disk 0 scanning sectors +488392065
15:08:23.720    Disk 0 scanning C:\Windows\system32\drivers
15:08:30.060    Service scanning
15:08:45.370    Modules scanning
15:09:26.860    Disk 0 trace - called modules:
15:09:26.900    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
15:09:26.920    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84efcac8]
15:09:27.270    3 CLASSPNP.SYS[8612f745] -> nt!IofCallDriver -> [0x847fd700]
15:09:27.290    5 acpi.sys[8600c6a0] -> nt!IofCallDriver -> \Device\0000004f[0x83a7b030]
15:09:27.310    Scan finished successfully
15:09:58.320    Disk 0 MBR has been saved successfully to "C:\Users\Hailey\Documents\MBR.dat"
15:09:58.340    The log file has been saved successfully to "C:\Users\Hailey\Documents\aswMBR.txt"

[SuperDave]

We need to fix the Master Boot Record using aswMBR now.

• Double click aswMBR.exe to run it like before
  
• Once the scan finishes click FixMBR to remove the infection as illustrated below
  

• Once the scan finishes click Save log to save the log to your Desktop
  
  
  
  
• Copy and paste the contents of aswMBR.txt back here for review
  

.

[katlyn]

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-24 18:02:01
-----------------------------
18:02:01.753    OS Version: Windows 6.0.6001 Service Pack 1
18:02:01.753    Number of processors: 1 586 0x7F02
18:02:01.763    ComputerName: HAILEY-PC  UserName: Hailey
18:03:02.143    Initialize success
18:03:11.439    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000004f
18:03:11.449    Disk 0 Vendor: ST325031 3.AH Size: 238475MB BusType: 3
18:03:11.509    Disk 0 MBR read successfully
18:03:11.509    Disk 0 MBR scan
18:03:11.519    Disk 0 unknown MBR code
18:03:11.539    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       226674 MB offset 63
18:03:11.579    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        11797 MB offset 464230305
18:03:11.619    Disk 0 scanning sectors +488392065
18:03:11.819    Disk 0 scanning C:\Windows\system32\drivers
18:03:22.561    Service scanning
18:03:49.341    Modules scanning
18:04:25.611    Disk 0 trace - called modules:
18:04:25.711    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys dxgkrnl.sys nvlddmkm.sys tcpip.sys NETIO.SYS
18:04:25.721    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84efcac8]
18:04:26.131    3 CLASSPNP.SYS[8612e745] -> nt!IofCallDriver -> [0x8366a390]
18:04:26.151    5 acpi.sys[8600b6a0] -> nt!IofCallDriver -> \Device\0000004f[0x83a8f798]
18:04:26.181    Scan finished successfully
18:04:59.626    Verifying
18:05:09.676    Disk 0 Windows 600 MBR fixed successfully
18:05:59.396    Disk 0 MBR has been saved successfully to "C:\Users\Hailey\Documents\MBR.dat"
18:05:59.406    The log file has been saved successfully to "C:\Users\Hailey\Documents\aswMBR2.txt"


Rebooted... still black desktop.

[SuperDave]

Did you click on"FixMBR" ?

[katlyn]

yes, but I'll do it again.



aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-24 15:06:39
-----------------------------
15:06:39.847    OS Version: Windows 6.0.6001 Service Pack 1
15:06:39.847    Number of processors: 1 586 0x7F02
15:06:39.850    ComputerName: HAILEY-PC  UserName: Hailey
15:07:37.902    Initialize success
15:08:23.450    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000004f
15:08:23.460    Disk 0 Vendor: ST325031 3.AH Size: 238475MB BusType: 3
15:08:23.500    Disk 0 MBR read successfully
15:08:23.500    Disk 0 MBR scan
15:08:23.510    Disk 0 unknown MBR code
15:08:23.520    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       226674 MB offset 63
15:08:23.560    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        11797 MB offset 464230305
15:08:23.610    Disk 0 scanning sectors +488392065
15:08:23.720    Disk 0 scanning C:\Windows\system32\drivers
15:08:30.060    Service scanning
15:08:45.370    Modules scanning
15:09:26.860    Disk 0 trace - called modules:
15:09:26.900    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
15:09:26.920    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84efcac8]
15:09:27.270    3 CLASSPNP.SYS[8612f745] -> nt!IofCallDriver -> [0x847fd700]
15:09:27.290    5 acpi.sys[8600c6a0] -> nt!IofCallDriver -> \Device\0000004f[0x83a7b030]
15:09:27.310    Scan finished successfully
15:09:58.320    Disk 0 MBR has been saved successfully to "C:\Users\Hailey\Documents\MBR.dat"
15:09:58.340    The log file has been saved successfully to "C:\Users\Hailey\Documents\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-24 21:11:10
-----------------------------
21:11:10.128    OS Version: Windows 6.0.6001 Service Pack 1
21:11:10.128    Number of processors: 1 586 0x7F02
21:11:10.138    ComputerName: HAILEY-PC  UserName: Hailey
21:12:07.557    Initialize success
21:12:23.480    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000004f
21:12:23.480    Disk 0 Vendor: ST325031 3.AH Size: 238475MB BusType: 3
21:12:23.510    Disk 0 MBR read successfully
21:12:23.520    Disk 0 MBR scan
21:12:23.520    Disk 0 Windows VISTA default MBR code
21:12:23.530    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       226674 MB offset 63
21:12:23.570    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        11797 MB offset 464230305
21:12:23.580    Disk 0 scanning sectors +488392065
21:12:23.800    Disk 0 scanning C:\Windows\system32\drivers
21:12:31.523    Service scanning
21:12:59.746    Modules scanning
21:13:55.354    Disk 0 trace - called modules:
21:13:55.385    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
21:13:55.385    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84efcac8]
21:13:55.884    3 CLASSPNP.SYS[86130745] -> nt!IofCallDriver -> [0x847fe700]
21:13:55.900    5 acpi.sys[8600d6a0] -> nt!IofCallDriver -> \Device\0000004f[0x83a8c878]
21:13:55.900    Scan finished successfully
21:14:17.604    Verifying
21:14:27.666    Disk 0 Windows 600 MBR fixed successfully
21:14:30.746    Verifying
21:14:40.761    Disk 0 Windows 600 MBR fixed successfully
21:15:09.663    Disk 0 MBR has been saved successfully to "C:\Users\Hailey\Documents\MBR.dat"
21:15:09.710    The log file has been saved successfully to "C:\Users\Hailey\Documents\aswMBR.txt"

[katlyn]

Rebooted, still same...... black desktop, access thru task manager, screen hiccups and mouse freezes

[SuperDave]

I'd like to scan your machine with ESET OnlineScan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

•Please go then click on the: button.

••Select the option YES, I accept the Terms of Use then click on: button.

•When prompted allow the

Add-On/Active X to install.
[/list]
•Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
•Now click on Advanced Settings and select the following:

•Scan for potentially unwanted applications
•Scan for potentially unsafe applications
•Enable Anti-Stealth Technology
[/list]
•Push the Start button.
•The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

•When completed the Online Scan will begin automatically.

•Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

•When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

•Push
•Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

•Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

[katlyn]

 I'm sorry to be so inept at this, but I am having trouble disabling the anti-malware... I believe I have successfully disabled IObit and malwarebytes, and I have now turned off windows defender.  But when I click on the above link for ESET ONLINE Scanner, I get nothing, and if I right click, I only have the options to

 View Image
 Copy Image
 Copy Image Location
 Save Image As
 Send Image
 Set as Desktop Background
 View Image Info
 Inspect Element (Q)

[SuperDave]

I'm sorry. Please try this one.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[katlyn]

I found a way to get to it thru search here on ch before i saw your post.  The first time I ran it, it found 39 threats, but I had a problem and couldn't copy it, so I ran it again and it only found 19. I don't know what happened.  Should I only re-enable malwarebytes & windows defender?







ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=5b65017ef216894fb4d9a2802c35a60c
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-01-27 02:06:04
# local_time=2013-01-26 08:06:04 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776573 100 100 0 195859892 0 0
# scanned=309387
# found=39
# cleaned=0
# scan_time=6560
C:\Program Files\FriendsChecker\friendschecker_cloudcanvas_wl_5342862.exe   a variant of Win32/InstallIQ application   E35BE760C56EB9E25689375780B32CEC8BF3EF4 C   I
C:\Program Files\Optimizer Pro\OptimizerPro.exe   a variant of Win32/SpeedingUpMyPC application   DA713D3101989FDBD5FF92D91CD539363AD1508 2   I
C:\Program Files\ReImageCompanion\jsloader.dll   Win32/BrowserCompanion.B application   EB7B5593D49E756C1C8D066996AC55F3ADB105D F   I
C:\Program Files\ReImageCompanion\toolbar.dll   Win32/BrowserCompanion.D application   E2B75B281F99F9768173D98A03CD3F8E0FD6013 D   I
C:\Program Files\ReImageCompanion\widgetserv.exe   Win32/BrowserCompanion.F application   CEAE79E91B7A7FBFC8EBD1BF9460B31FEFB5BF2 D   I
C:\ProgramData\wxDownload\5071feb9426ce.ocx   Win32/Adware.MultiPlug.C application   65B47ED5EC889E0E558C79A13A81193FC59B8CE 9   I
C:\ProgramData\wxDownload\5071feb942707.html   Win32/Adware.MultiPlug.H application   3692BFA387491557EC5BC615F018156F2FA5CB8 E   I
C:\ProgramData\wxDownload\507551326769d.ocx   Win32/Adware.MultiPlug.C application   65B47ED5EC889E0E558C79A13A81193FC59B8CE 9   I
C:\ProgramData\wxDownload\50755132676d6.html   Win32/Adware.MultiPlug.H application   462EEDCA615BD1F47F7EEC1E146B9A82169BDDB A   I
C:\Users\All Users\wxDownload\5071feb9426ce.ocx   Win32/Adware.MultiPlug.C application   65B47ED5EC889E0E558C79A13A81193FC59B8CE 9   I
C:\Users\All Users\wxDownload\5071feb942707.html   Win32/Adware.MultiPlug.H application   3692BFA387491557EC5BC615F018156F2FA5CB8 E   I
C:\Users\All Users\wxDownload\507551326769d.ocx   Win32/Adware.MultiPlug.C application   65B47ED5EC889E0E558C79A13A81193FC59B8CE 9   I
C:\Users\All Users\wxDownload\50755132676d6.html   Win32/Adware.MultiPlug.H application   462EEDCA615BD1F47F7EEC1E146B9A82169BDDB A   I
C:\Users\Hailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgonadmnfmkoadiofbmpechmaopjfgck\4_0\5071fe4ee73731349647950.js   Win32/Adware.MultiPlug.H application   83CAEAED0253386E4F8F65C25156997AA358C50 7   I
C:\Users\Hailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfinlhcgcnnahoepljkhheknbhlgoli\4_0\50755124a2c7e1349865764.js   Win32/Adware.MultiPlug.H application   43E7F647647BF8FF67C75B223301E6931D987EB 0   I
C:\Users\Hailey\AppData\Local\Temp\7A8F54FE-BAB0-7891-B0AC-18C9C467FEF3\Latest\MyBabylonTB.exe   Win32/Toolbar.Babylon application   0AA6AC612462168968370C0DC98B5BE4251B8C8 F   I
C:\Users\Hailey\AppData\Local\Temp\{97B49818-AF16-29C6-1F3F-AB2B93986965}\Addons\babylon_setup.exe   a variant of Win32/Toolbar.Babylon.A application   5EECAE4A2A56FBB439B24211F06C15339E09DED 6   I
C:\Users\Hailey\AppData\Local\Temp\{97B49818-AF16-29C6-1F3F-AB2B93986965}\Addons\OptimizerProInstaller.exe   a variant of Win32/Adware.SpeedingUpMyPC.A application   89BE2B41D0F17493D721CD0B5F1A9B1E91604CF A   I
C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\extensions\[email protected]\content\bg.js   Win32/Adware.MultiPlug.H application   88311A0875F246C31E12671702170BDBA52D2C9 9   I
C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\extensions\[email protected]\content\bg.js   Win32/Adware.MultiPlug.H application   AB4DBEFCADBB9C212B334F415A9A77CB4821CD4 1   I
C:\Users\Hailey\Documents\My Stuff\Senior Stuff\frzfonts_1335.exe   a variant of Win32/InstallIQ application   DAFA9249BB8666135F29FAAA69A5207F8B76E91 B   I
C:\Users\Hailey\Downloads\ArcadeCandyGames(1).exe   a variant of Win32/Adware.Gamevance.DD application   1528FF7366082A52DEDCA8C181CC5DD79C04D8A 9   I
C:\Users\Hailey\Downloads\ArcadeCandyGames(2).exe   a variant of Win32/Adware.Gamevance.DD application   1528FF7366082A52DEDCA8C181CC5DD79C04D8A 9   I
C:\Users\Hailey\Downloads\ArcadeCandyGames(3).exe   a variant of Win32/Adware.Gamevance.DD application   1528FF7366082A52DEDCA8C181CC5DD79C04D8A 9   I
C:\Users\Hailey\Downloads\ArcadeCandyGames(4).exe   a variant of Win32/Adware.Gamevance.DD application   1528FF7366082A52DEDCA8C181CC5DD79C04D8A 9   I
C:\Users\Hailey\Downloads\asc-setup-2011pro.exe   a variant of Win32/Toolbar.Widgi application   122C278D46C92D7C9F4A551D1275624C6729684 4   I
C:\Users\Hailey\Downloads\asc-setup.exe   a variant of Win32/ELEX application   38D920413DA6977CEC22A54F59C537D61FB5E3A 7   I
C:\Users\Hailey\Downloads\FastDownload(1).exe   Win32/InstallMate application   A55E2FB7B05A2D22B590F273E38F25F99B2CE95 9   I
C:\Users\Hailey\Downloads\FastDownload.exe   Win32/InstallMate application   12022AC559C16E4E266E4A15F2F7E336E7F403B B   I
C:\Users\Hailey\Downloads\iLividSetup(1).exe   Win32/Toolbar.SearchSuite application   3E8A01AF421E74FEDA7024FD6233355A5EFCAA0 2   I
C:\Users\Hailey\Downloads\iLividSetup(2).exe   Win32/Toolbar.SearchSuite application   3E8A01AF421E74FEDA7024FD6233355A5EFCAA0 2   I
C:\Users\Hailey\Downloads\iLividSetup(3).exe   Win32/Toolbar.SearchSuite application   3E8A01AF421E74FEDA7024FD6233355A5EFCAA0 2   I
C:\Users\Hailey\Downloads\iLividSetup.exe   Win32/Toolbar.SearchSuite application   52F814443453A0453C2FE9D88A881514EEF299A 0   I
C:\Users\Hailey\Downloads\iLividSetupV1.exe   Win32/Toolbar.SearchSuite application   BCD02770DB9E9BBB00F4B1C6A2C45A54AFB8AFC 8   I
C:\Users\Hailey\Downloads\mplayer_tuguu_1271.exe   a variant of Win32/InstallIQ application   80297A532CB2D3C03654ABD396421C2C1ABA893 A   I
C:\Users\Hailey\Downloads\PCPerformerSetup.exe   a variant of Win32/InstallBrain.Q application   EE0E2427278CFBFE8EDE6581E87B0AA3479AE7E 6   I
C:\Users\Hailey\Downloads\setup(1).exe   Win32/InstalleRex.E.Gen application   EB97D78F23D366485CE9FE17CB4E566BF48C8E8 6   I
C:\Users\Hailey\Downloads\Setup.exe   a variant of Win32/InstallIQ application   EA70E4FA1F81654E0CADCF6A64F0F93E176EC88 0   I
C:\Users\Hailey\Downloads\tvshows.exe   a variant of Win32/InstallIQ application   DF491C26AE3E02B84F5595C8AAC2C0BD34D4EA7 C   I
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=5b65017ef216894fb4d9a2802c35a60c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-27 05:22:11
# local_time=2013-01-26 11:22:11 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776573 100 100 0 195871659 0 0
# scanned=309412
# found=19
# cleaned=0
# scan_time=9330
C:\Program Files\Optimizer Pro\OptimizerPro.exe   a variant of Win32/SpeedingUpMyPC application   DA713D3101989FDBD5FF92D91CD539363AD1508 2   I
C:\ProgramData\wxDownload\5071feb9426ce.ocx   Win32/Adware.MultiPlug.C application   65B47ED5EC889E0E558C79A13A81193FC59B8CE 9   I
C:\ProgramData\wxDownload\5071feb942707.html   Win32/Adware.MultiPlug.H application   3692BFA387491557EC5BC615F018156F2FA5CB8 E   I
C:\ProgramData\wxDownload\507551326769d.ocx   Win32/Adware.MultiPlug.C application   65B47ED5EC889E0E558C79A13A81193FC59B8CE 9   I
C:\ProgramData\wxDownload\50755132676d6.html   Win32/Adware.MultiPlug.H application   462EEDCA615BD1F47F7EEC1E146B9A82169BDDB A   I
C:\ProgramData\wxDownload\fgonadmnfmkoadiofbmpechmaopjfgck.crx   Win32/Adware.MultiPlug.H application   A8904ACC7E93AF390F674253322551E9D3AD224 E   I
C:\ProgramData\wxDownload\ibfinlhcgcnnahoepljkhheknbhlgoli.crx   Win32/Adware.MultiPlug.H application   E79507D687049591F93B879C05E5D7246FED054 7   I
C:\Users\All Users\wxDownload\5071feb9426ce.ocx   Win32/Adware.MultiPlug.C application   65B47ED5EC889E0E558C79A13A81193FC59B8CE 9   I
C:\Users\All Users\wxDownload\5071feb942707.html   Win32/Adware.MultiPlug.H application   3692BFA387491557EC5BC615F018156F2FA5CB8 E   I
C:\Users\All Users\wxDownload\507551326769d.ocx   Win32/Adware.MultiPlug.C application   65B47ED5EC889E0E558C79A13A81193FC59B8CE 9   I
C:\Users\All Users\wxDownload\50755132676d6.html   Win32/Adware.MultiPlug.H application   462EEDCA615BD1F47F7EEC1E146B9A82169BDDB A   I
C:\Users\All Users\wxDownload\fgonadmnfmkoadiofbmpechmaopjfgck.crx   Win32/Adware.MultiPlug.H application   A8904ACC7E93AF390F674253322551E9D3AD224 E   I
C:\Users\All Users\wxDownload\ibfinlhcgcnnahoepljkhheknbhlgoli.crx   Win32/Adware.MultiPlug.H application   E79507D687049591F93B879C05E5D7246FED054 7   I
C:\Users\Hailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgonadmnfmkoadiofbmpechmaopjfgck\4_0\5071fe4ee73731349647950.js   Win32/Adware.MultiPlug.H application   83CAEAED0253386E4F8F65C25156997AA358C50 7   I
C:\Users\Hailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfinlhcgcnnahoepljkhheknbhlgoli\4_0\50755124a2c7e1349865764.js   Win32/Adware.MultiPlug.H application   43E7F647647BF8FF67C75B223301E6931D987EB 0   I
C:\Users\Hailey\AppData\Local\Temp\{97B49818-AF16-29C6-1F3F-AB2B93986965}\Addons\OptimizerProInstaller.exe   a variant of Win32/Adware.SpeedingUpMyPC.A application   89BE2B41D0F17493D721CD0B5F1A9B1E91604CF A   I
C:\Users\Hailey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\51d1c3f7-5b90c2f6   a variant of Java/TrojanDownloader.OpenStream.NCE trojan   06B0E97D9554E6330272B6EAF2630A95F1B9D62 3   I
C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\extensions\[email protected]\content\bg.js   Win32/Adware.MultiPlug.H application   88311A0875F246C31E12671702170BDBA52D2C9 9   I
C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\extensions\[email protected]\content\bg.js   Win32/Adware.MultiPlug.H application   AB4DBEFCADBB9C212B334F415A9A77CB4821CD4 1   I