Hello,
The computer in question may have been infected by VirusDoctor (aka WinFixer which is covered here (http://en.wikipedia.org/wiki/WinFixer) by Wikipedia.

I was surfing a wiki from wikia.com in the most recent Firefox browser when I was hit suddenly by popups asking me to download VirusDoctor to fix problems with my machine. I'm no novice and did not download this by clicking Yes, No, or the X Button in the upper right hand corner of the window. Instead, I killed the Firefox process in task manager, which caused the popups to die with it. Upon loading Firefox again, it would try to go to the VirusDoctor site again (apparently a saved session) where I'd repeat the process. As a test, I opened up Internet Explorer 7, which appeared to be unaffected. Upon reading the Wikipedia article given above, I saw that a security exploit in Firefox was abused.

Well, by this point, I had neglected to install Spybot on a relatively fresh install of Windows. I did have a fully updated Norton AV/Firewall and a fully updated Windows Vista Business SP2. I then went to download Spybot and used the immunize function. I then opened up Firefox, which tried to connect to the VirusDoctor site, but was blocked by the immunization. This caused Firefox to say that it was unable to restore my session, giving me the option to start a new session. I did so, and everything seemed to be working perfectly. However, it takes significantly longer to boot up or shut down this machine now and a USB flashdrive was mysteriously formatted upon plugging it in, so now I'm a little wary of what's really going on inside my machine.

I've scanned with Windows Defender, Spybot, and Norton. All found nothing worse than your garden variety tracking cookies.

Here's an HJT log. See if you can find anything wrong. I couldn't find anything too fishy myself. Might just format this machine.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:08 AM, on 9/27/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Matthew\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.134\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 6306 bytes

hi bearsfan092,

Sorry for the delay, no shortage of posters. Your log is several days old. Reply to post if you still need help for possible malware.

hi bearsfan092,

Sorry for the delay, no shortage of posters. Your log is several days old. Reply to post if you still need help for possible malware.
Yes, I haven't touched the computer since the log was posted, so the log should be accurate for the current state of the machine.

hi,

ok. Lets see what MBAM can dig up on your computer. Link and directions:
Please download Malwarebytes (http://www.malwarebytes.org/mbam.php) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items.If prompted chose yes to restart.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

Post the log in your reply.

Well, this computer seems to be working rather normally. Boot up and shut down speeds seem back to normal, and I've checked just about everything I can think of, including registry entries. Malwarebyte's Anti-Malware appears to agree with me. Should I still be suspicious?

Malwarebytes' Anti-Malware 1.41
Database version: 2902
Windows 6.0.6002 Service Pack 2

10/3/2009 8:26:59 PM
mbam-log-2009-10-03 (20-26-59).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 217134
Time elapsed: 49 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

hi bearsfan092,

if MBAM, Spybot your AV etc are coming up clean and all appears to be ok then i would say your malware free. Appears you didnt download/install anything anyway. You would be noticing things if you did. MBAM must be updated manually. The paid version offers auto-updates.

Some of the signs (http://www.virusvault.us/signs1.html)of malware.

Very well then. Consider this issue closed. Thanks for all your help!

ok. your welcome. Some tips to help remain malware free:

10 Tips for Reducing/Preventing Your Risk To Malware:


Simply knowing what constitutes a safe action on a computer and what may not will help you tremendously.


1) It is essential to Keep your OS (http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us),(Windows) browser (IE, FireFox) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the auto-update feature. Staying updated is also necessary for web based applications like Java, Adobe Flash/Reader, QuickTime etc. Check there version status here. (http://secunia.com/vulnerability_scanning/online/)

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and your then prompted to install software to remedy this. See also the signs (http://www.virusvault.us/signs1.html)that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. Scanning frequency is a function of your computer habits. If you frequently have malware then you should review your computer habits.

4) Refrain from clicking on links or attachments you receive via E-Mail, IM, IRC, Chat Rooms or Social Networking Sites, no matter how tempting or legitimate the message may seem.

5) Don't click on ads/pop ups or offers from websites requesting that you need to install software, media players or codecs to your computer--for any reason.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website?

7) Set up and use limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.*

8) Install and understand the limitations of a software firewall.

9) Consider using an alternate browser and E-mail client. Internet Explorer and OutLook Express are popular targets for malicious code because they are widely used. All browsers can have vulnerabilities but statistically it is the most commonly used browser that will tend to be targeted the most. See also: Hardening or Securing Internet Explorer. (http://www.microsoft.com/downloads/details.aspx?FamilyID=6AA4C1DA-6021-468E-A8CF-AF4AFE4C84B2&displaylang=en)

10) Warez, cracks etc are very popular for carrying malware payloads. Avoid. If you install files via p2p (http://www.virusvault.us/p2p.html) networks then you are much more likely to encounter malicious code. Do you trust the source of the file? Do you really need another malware source?

A longer version in link below.

Happy Safe Surfing.