Malware attack (worried about consequences)

[blingdawg]

Left my laptop with my dad for a month. Big mistake. Since getting it back I've done a scan with spybot and malwarebyte's anti-malware, and removed the problems they found. But it seems like the malware erased much of my hardrive. I tried to get back the files with Restoration, but it looks like I don't have access to the C drive. I couldn't figure out how to zip the Attach file with my current restrictions, but I have it saved to desktop if it needs to be posted.
Here is my DDS log, please help me. :

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 19:20:31.70 on Thu 04/21/2011
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.1353 [GMT -4:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Alamgir\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.sony.com/vaiopeople
uDefault_Page_URL = hxxp://www.sony.com/vaiopeople
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_en-US;_rv:1.9.2.14)_Gecko/20110218_Firefox/3.6.14_(_.NET_CLR_3.5.30729;_.NET4.0C)" -"http://www2.warnerbros.com/spacejam/movie/cmp/bball/shoot.html"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [VAIOMyMemCenter] "c:\program files\sony\vaio my memory center\VAIO MyMemCenter.exe" 1
mRun: [VWLASU] "c:\program files\sony\vaio wireless wizard\AutoLaunchWLASU.exe"
mRun: [VAIO Help and Support Demo] "c:\program files\sony\vaio help and support demo\LaunchVHSD.exe"
mRun: [VAIORegistration] "c:\program files\sony\first experience\WelcomeLauncher.exe"
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BackupNowEZtray] "c:\program files\newtech infosystems\backup now ez\BackupNowEZtray.exe" -k
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\alamgir\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: ms-its50 - {F8606A00-F5CF-11D1-B6BB-0000F80149F6} - c:\program files\common files\microsoft shared\information retrieval\itss50.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\alamgir\appdata\roaming\mozilla\firefox\profiles\fkxmamnt.default\
FF - plugin: c:\users\alamgir\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\alamgir\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\alamgir\appdata\roaming\move networks\plugins\npqmp071705000014.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Move Media Player: - c:\users\alamgir\appdata\roaming\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\newtech infosystems\backup now ez\BackupNowEZSvr.exe [2010-2-22 45312]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2008-11-5 25968]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-3-21 1153368]
R3 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2008-11-4 53168]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-3-31 9344]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-3-31 812544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-4-25 104288]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-4-25 350048]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-4-25 63328]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-3-31 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-3-31 87328]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-04-20 20:31:22 -------- d-----w- c:\program files\Veetle
2011-04-19 11:49:48 -------- d-----w- C:\Restoration
2011-04-19 11:48:36 234966 ----a-w- c:\users\alamgir\REST2514.EXE
2011-04-19 11:48:07 -------- d-----w- c:\program files\Restoration
2011-04-09 19:46:05 -------- d--h--w- c:\users\alamgir\appdata\roaming\Pokemon Lab
.
==================== Find3M ====================
.
2011-04-01 15:16:17 101 ---ha-w- c:\windows\wpd99.drv
2011-03-10 16:12:54 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 16:12:54 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:00:15 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 12:53:48 2040832 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 14:49:43 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-18 15:48:42 833024 ----a-w- c:\windows\system32\wininet.dll
2011-02-18 15:45:02 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-18 14:09:54 389632 ----a-w- c:\windows\system32\html.iec
2011-02-18 13:48:10 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-16 15:35:41 430080 ----a-w- c:\windows\system32\vbscript.dll
2011-02-16 15:29:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 13:24:56 292864 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 19:21:19.99 ===============

[Blade81]

Since getting it back I've done a scan with spybot and malwarebyte's anti-malware, and removed the problems they found.

Any logs available about those detected findings?

I couldn't figure out how to zip the Attach file with my current restrictions, but I have it saved to desktop if it needs to be posted.

Copy-paste its contents, please.

[blingdawg]

I appreciate the quick response.
Here are the requested logs.

The spybot checks log:

18.04.2011 10:12:44 - ##### check started #####
18.04.2011 10:12:45 - ### Version: 1.6.2
18.04.2011 10:12:45 - ### Date: 4/18/2011 10:12:45 AM
18.04.2011 10:12:49 - ##### checking bots #####
18.04.2011 10:15:59 - found: Fraud.WindowsRecovery Settings
18.04.2011 10:15:59 - found: Fraud.WindowsRecovery Settings
18.04.2011 10:15:59 - found: Fraud.WindowsRecovery Executable
18.04.2011 10:15:59 - found: Fraud.WindowsRecovery Data
18.04.2011 10:15:59 - found: Fraud.WindowsRecovery Link
18.04.2011 10:15:59 - found: Fraud.WindowsRecovery Link
18.04.2011 10:15:59 - found: Fraud.WindowsRecovery Link
18.04.2011 10:27:44 - ##### check finished #####

Another spybot checks log:

--- Report generated: 2011-04-18 10:27 ---

Fraud.WindowsRecovery: [SBI $9C8FE954] Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1210161747-1486601787-1693808793-1000\Software\75fa38b7-8b94-4995-ad32-52e938867954

Fraud.WindowsRecovery: [SBI $597FC39E] Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1210161747-1486601787-1693808793-1000\Software\BD

Fraud.WindowsRecovery: [SBI $939FB2CB] Executable (File, nothing done)
C:\ProgramData\36626184.exe
Properties.size=487424
Properties.md5=7843BAD13766F44C640EF03ECABE5744
Properties.filedate=1303134752
Properties.filedatetext=2011-04-18 09:52:31

Fraud.WindowsRecovery: [SBI $A3F9078E] Data (File, nothing done)
C:\ProgramData\36626184
Properties.size=344
Properties.md5=1D328AF3EEC9786B9A5F9A054A4E4DDC
Properties.filedate=1303134753
Properties.filedatetext=2011-04-18 09:52:33

Fraud.WindowsRecovery: [SBI $3E218978] Link (File, nothing done)
C:\Users\Alamgir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery\Uninstall Windows Recovery.lnk
Properties.size=691
Properties.md5=256BFD537A76EFB221BB26DE34697703
Properties.filedate=1303134756
Properties.filedatetext=2011-04-18 09:52:35

Fraud.WindowsRecovery: [SBI $3E218978] Link (File, nothing done)
C:\Users\Alamgir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery\Windows Recovery.lnk
Properties.size=619
Properties.md5=7ACCAEE4A6C31E322A820155A6271693
Properties.filedate=1303134756
Properties.filedatetext=2011-04-18 09:52:35

Fraud.WindowsRecovery: [SBI $F71BD628] Link (File, nothing done)
C:\Users\Alamgir\Desktop\Windows Recovery.lnk
Properties.size=583
Properties.md5=058FAA7F37965EDEADAC2E6E8428DF78
Properties.filedate=1303134756
Properties.filedatetext=2011-04-18 09:52:35


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-03-21 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-03-22 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-03-29 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-04-12 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-15 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-04-12 Includes\TrojansC-02.sbi (*)
2011-04-11 Includes\TrojansC-03.sbi (*)
2011-03-08 Includes\TrojansC-04.sbi (*)
2011-04-11 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

The spybot fixes log:

--- Report generated: 2011-04-18 10:27 ---

Fraud.WindowsRecovery: [SBI $9C8FE954] Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1210161747-1486601787-1693808793-1000\Software\75fa38b7-8b94-4995-ad32-52e938867954

Fraud.WindowsRecovery: [SBI $597FC39E] Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1210161747-1486601787-1693808793-1000\Software\BD

Fraud.WindowsRecovery: [SBI $939FB2CB] Executable (File, nothing done)
C:\ProgramData\36626184.exe
Properties.size=487424
Properties.md5=7843BAD13766F44C640EF03ECABE5744
Properties.filedate=1303134752
Properties.filedatetext=2011-04-18 09:52:31

Fraud.WindowsRecovery: [SBI $A3F9078E] Data (File, nothing done)
C:\ProgramData\36626184
Properties.size=344
Properties.md5=1D328AF3EEC9786B9A5F9A054A4E4DDC
Properties.filedate=1303134753
Properties.filedatetext=2011-04-18 09:52:33

Fraud.WindowsRecovery: [SBI $3E218978] Link (File, nothing done)
C:\Users\Alamgir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery\Uninstall Windows Recovery.lnk
Properties.size=691
Properties.md5=256BFD537A76EFB221BB26DE34697703
Properties.filedate=1303134756
Properties.filedatetext=2011-04-18 09:52:35

Fraud.WindowsRecovery: [SBI $3E218978] Link (File, nothing done)
C:\Users\Alamgir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery\Windows Recovery.lnk
Properties.size=619
Properties.md5=7ACCAEE4A6C31E322A820155A6271693
Properties.filedate=1303134756
Properties.filedatetext=2011-04-18 09:52:35

Fraud.WindowsRecovery: [SBI $F71BD628] Link (File, nothing done)
C:\Users\Alamgir\Desktop\Windows Recovery.lnk
Properties.size=583
Properties.md5=058FAA7F37965EDEADAC2E6E8428DF78
Properties.filedate=1303134756
Properties.filedatetext=2011-04-18 09:52:35


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-03-21 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-03-22 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-03-29 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-04-12 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-15 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-04-12 Includes\TrojansC-02.sbi (*)
2011-04-11 Includes\TrojansC-03.sbi (*)
2011-03-08 Includes\TrojansC-04.sbi (*)
2011-04-11 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Anti-Malware log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6390

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000

4/18/2011 11:34:29 AM
mbam-log-2011-04-18 (11-34-29).txt

Scan type: Quick scan
Objects scanned: 150562
Time elapsed: 2 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Spyware.Passwords.XGen) -> Value: wuaucldt -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PFmPbJoHGuT (Trojan.Agent) -> Value: PFmPbJoHGuT -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Value: Regedit32 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\Alamgir\AppData\Roaming\microsoft\Windows\start menu\Programs\Win Scan (Rogue.WinScan) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\Alamgir\wuaucldt.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\programdata\pfmpbjohgut.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Alamgir\local settings\temporary internet files\Content.IE5\B2SDH2TW\load[3].html (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Alamgir\local settings\temporary internet files\Content.IE5\FM4GL1AJ\load[1].html (Spyware.Spyeyes) -> Quarantined and deleted successfully.
c:\Users\Alamgir\AppData\Roaming\microsoft\Windows\start menu\Programs\Win Scan\uninstall win scan.lnk (Rogue.WinScan) -> Quarantined and deleted successfully.

Attach log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/23/2008 11:23:00 PM
System Uptime: 4/20/2011 10:36:40 AM (33 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | N/A | 2000/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 225 GiB total, 91.411 GiB free.
D: is Removable
E: is Removable
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0001
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #2
PNP Device ID: ROOT\*6TO4MP\0001
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0003
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #4
PNP Device ID: ROOT\*6TO4MP\0003
Service: tunnel
.
==== System Restore Points ===================
.
RP746: 4/2/2011 3:00:15 AM - Windows Update
RP747: 4/3/2011 3:00:18 AM - Windows Update
RP748: 4/3/2011 3:47:20 PM - Scheduled Checkpoint
RP749: 4/4/2011 3:00:19 AM - Windows Update
RP750: 4/5/2011 3:00:22 AM - Windows Update
RP751: 4/5/2011 4:14:58 PM - Scheduled Checkpoint
RP752: 4/6/2011 3:00:17 AM - Windows Update
RP753: 4/7/2011 3:00:16 AM - Windows Update
RP754: 4/8/2011 3:00:11 AM - Windows Update
RP755: 4/9/2011 3:00:16 AM - Windows Update
RP756: 4/9/2011 5:15:57 PM - Scheduled Checkpoint
RP757: 4/10/2011 3:00:17 AM - Windows Update
RP758: 4/11/2011 3:00:18 AM - Windows Update
RP759: 4/12/2011 3:00:16 AM - Windows Update
RP760: 4/13/2011 3:00:15 AM - Windows Update
RP761: 4/14/2011 9:10:38 AM - Scheduled Checkpoint
RP762: 4/15/2011 3:00:30 AM - Windows Update
RP763: 4/16/2011 1:45:42 AM - Scheduled Checkpoint
RP764: 4/16/2011 3:00:11 AM - Windows Update
RP765: 4/17/2011 3:00:17 AM - Windows Update
RP766: 4/18/2011 3:00:17 AM - Windows Update
RP767: 4/19/2011 3:00:20 AM - Windows Update
RP768: 4/20/2011 3:00:18 AM - Windows Update
RP769: 4/20/2011 3:12:33 PM - Scheduled Checkpoint
RP770: 4/21/2011 3:00:16 AM - Windows Update
.
==== Installed Programs ======================
.
.
1999 CD Estimator Heavy
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.3
Adobe Shockwave Player 11.5
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Alps Pointing-device for VAIO
Amazon Kindle For PC
AOL Toolbar 5.0
Apple Software Update
BufferChm
Click to Disc
Click to Disc Editor
Compatibility Pack for the 2007 Office system
Copy
Corel Paint Shop Pro Photo X2
DataFile
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
Encarta Encyclopedia 99
ERUNT 1.1j
eSupportQFolder
F300
F300_Help
F300Trb
Fax
GameRanger
GameTap Web Player
GMATPrep(TM)
GTOneCare
H&R Block Deluxe + Efile + State 2009
H&R Block Georgia 2009
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Product Assistant
HP Solution Center 8.0
HP Update
HPProductAssistant
ICCup Launcher
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) SE Runtime Environment 6
LucasArts' Rogue Squadron
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Age of Empires Gold
Microsoft Age of Empires II
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Outlook 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Protection Service
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Live OneCare Resources v2.5.2900.20
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Windows OneCare Live v2.5.2900.20
Microsoft Windows OneCare Live v2.5.2900.20 Idcrl Install
Microsoft Works
Move Media Player
Mozilla Firefox (3.6.16)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Napster
Napster Burn Engine
NTI Backup Now EZ
OGA Notifier 2.0.0048.0
OpenMG Secure Module 5.0.00
Pdf995
PdfEdit995
Pokemon Lab
PX Engine
Quest for Glory II
QuickBooks Simple Start 2008
QuickTime
R-BOOKS (Richardson Books on CD) 2001 Edition
R-BOOKS Setup
Realtek High Definition Audio Driver
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Setting Utility Series
Shoddy Battle
SolutionCenter
SonicStage Mastering Studio Audio Filter Custom Preset
Sony Video Shared Library
Spybot - Search & Destroy
StarCraft
Status
SupportSoft Assisted Service
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB977724)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Outlook 2007 Junk Email Filter (kb979895)
VAIO Content Folder Setting
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO DVD Menu Data Basic
VAIO Entertainment Platform
VAIO Event Service
VAIO Help and Support
VAIO Launcher
VAIO Media plus
VAIO Movie Story
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO My Memory Center
VAIO OOBE and Welcome Center
VAIO Original Function Setting
VAIO Power Management
VAIO Startup Assistant
VAIO Survey
VAIO Update 3
VAIO Wallpaper Contents
VAIO Wireless Wizard
Veetle TV 0.9.18
WebReg
Windows Live OneCare
Windows Media Player Firefox Plugin
WinDVD for VAIO
.
==== Event Viewer Messages From Past Week ========
.
4/18/2011 11:53:41 AM, Error: yukonwlh [101] - Driver has encountered an internal error
4/18/2011 10:10:49 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DMICall spldr Wanarpv6
4/18/2011 10:10:49 AM, Error: Service Control Manager [7001] - The VAIO Entertainment File Import Service service depends on the VAIO Entertainment Database Service service which failed to start because of the following error: The dependency service or group failed to start.
4/18/2011 10:10:49 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/18/2011 10:10:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/18/2011 10:10:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
4/18/2011 10:10:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/18/2011 10:10:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/15/2011 3:32:05 AM, Error: Service Control Manager [7000] - The X4HSX32 service failed to start due to the following error: The system cannot find the path specified.
4/15/2011 3:32:05 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/15/2011 3:04:50 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070663: Security Update for Microsoft Office 2007 System (KB2509488).
4/14/2011 11:13:39 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer SYED that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C3A03636-9B1C-4B17-9E9D-71E76A8B7933}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================

[Blade81]

Hi,

Windows Live OneCare is not supported anymore so it can be uninstalled.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

[blingdawg]

The contents of my desktop and hard-drive seem to have been restored. Here is the combofix logfile:

ComboFix 11-04-25.03 - Alamgir 04/26/2011 10:20:45.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.1951 [GMT -4:00]
Running from: c:\users\Alamgir\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\restoration\Restoration.exe
c:\users\Alamgir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
c:\users\Alamgir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool\System Tool 2011.lnk
c:\users\Alamgir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
c:\users\Alamgir\REST2514.EXE
.
.
((((((((((((((((((((((((( Files Created from 2011-03-26 to 2011-04-26 )))))))))))))))))))))))))))))))
.
.
2011-04-26 14:27 . 2011-04-26 14:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-21 23:18 . 2011-04-21 23:18 -------- d-----w- c:\program files\ERUNT
2011-04-20 20:31 . 2011-04-20 20:31 -------- d-----w- c:\program files\Veetle
2011-04-19 11:49 . 2011-04-26 14:26 -------- d-----w- C:\Restoration
2011-04-19 11:48 . 2011-04-19 11:48 -------- d-----w- c:\program files\Restoration
2011-04-09 19:46 . 2011-04-09 19:46 -------- d--h--w- c:\users\Alamgir\AppData\Roaming\Pokemon Lab
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2008-02-03 00:27 303104 ---h--w- c:\ddi\OverIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 137752]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-23 4718592]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-11-21 311296]
"VAIOMyMemCenter"="c:\program files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" [2008-02-29 679936]
"VWLASU"="c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [2008-02-19 24576]
"VAIO Help and Support Demo"="c:\program files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe" [2007-08-28 290816]
"VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"BackupNowEZtray"="c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" [2010-02-22 577792]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\Alamgir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-13 972064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 03:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-03-05 104288]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-03-05 350048]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-03-05 63328]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-03-03 333088]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-03-03 87328]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [2010-02-22 45312]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-12-17 9344]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sony.com/vaiopeople
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Handler: ms-its50 - {F8606A00-F5CF-11D1-B6BB-0000F80149F6} - c:\program files\Common Files\microsoft shared\Information Retrieval\itss50.dll
FF - ProfilePath - c:\users\Alamgir\AppData\Roaming\Mozilla\Firefox\Profiles\fkxmamnt.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Alamgir\AppData\Roaming\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1 - c:\program files\GameTap Web Player\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-26 10:27
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-04-26 10:31:46
ComboFix-quarantined-files.txt 2011-04-26 14:31
.
Pre-Run: 97,842,864,128 bytes free
Post-Run: 98,232,233,984 bytes free
.
- - End Of File - - 2FC85738CD5D36340DC76B7DB6AE1620

[blingdawg]

Also I tried to run DDS from my desktop. A black command prompt opened momentarily, then disappeared.

[blingdawg]

I addition, I am now able to access and save files to the C drive.

[Blade81]

Hi,

Please reboot and run DDS after that.

[blingdawg]

Here is the new DDS log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Alamgir at 5:09:55.38 on Wed 04/27/2011
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.1680 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxext.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Alamgir\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.sony.com/vaiopeople
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [VAIOMyMemCenter] "c:\program files\sony\vaio my memory center\VAIO MyMemCenter.exe" 1
mRun: [VWLASU] "c:\program files\sony\vaio wireless wizard\AutoLaunchWLASU.exe"
mRun: [VAIO Help and Support Demo] "c:\program files\sony\vaio help and support demo\LaunchVHSD.exe"
mRun: [VAIORegistration] "c:\program files\sony\first experience\WelcomeLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BackupNowEZtray] "c:\program files\newtech infosystems\backup now ez\BackupNowEZtray.exe" -k
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\alamgir\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: ms-its50 - {F8606A00-F5CF-11D1-B6BB-0000F80149F6} - c:\program files\common files\microsoft shared\information retrieval\itss50.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\alamgir\appdata\roaming\mozilla\firefox\profiles\fkxmamnt.default\
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\users\alamgir\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\alamgir\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\alamgir\appdata\roaming\move networks\plugins\npqmp071705000014.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\alamgir\appdata\roaming\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\newtech infosystems\backup now ez\BackupNowEZSvr.exe [2010-2-22 45312]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-3-21 1153368]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-3-31 9344]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-3-31 812544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-4-25 104288]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-4-25 350048]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-4-25 63328]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-3-31 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-3-31 87328]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-04-26 14:31:49 -------- d-sh--w- C:\$RECYCLE.BIN
2011-04-26 14:18:24 98816 ----a-w- c:\windows\sed.exe
2011-04-26 14:18:24 89088 ----a-w- c:\windows\MBR.exe
2011-04-26 14:18:24 256512 ----a-w- c:\windows\PEV.exe
2011-04-26 14:18:24 161792 ----a-w- c:\windows\SWREG.exe
2011-04-20 20:31:22 -------- d-----w- c:\program files\Veetle
2011-04-19 11:49:48 -------- d-----w- C:\Restoration
2011-04-19 11:48:07 -------- d-----w- c:\program files\Restoration
2011-04-09 19:46:05 -------- d-----w- c:\users\alamgir\appdata\roaming\Pokemon Lab
.
==================== Find3M ====================
.
2011-04-01 15:16:17 101 ----a-w- c:\windows\wpd99.drv
2011-03-10 16:12:54 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 16:12:54 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:00:15 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 12:53:48 2040832 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 14:49:43 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-18 15:48:42 833024 ----a-w- c:\windows\system32\wininet.dll
2011-02-18 15:45:02 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-18 14:09:54 389632 ----a-w- c:\windows\system32\html.iec
2011-02-18 13:48:10 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-16 15:35:41 430080 ----a-w- c:\windows\system32\vbscript.dll
2011-02-16 15:29:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 13:24:56 292864 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 5:11:09.30 ===============

[Blade81]

Hi again,


Uninstall old Adobe Reader versions and get the latest one ((Adobe Reader X + 10.0.1 update for it)) here or get Foxit Reader here. Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 25.
• Click the
  Download
  button to the right.
• Select Windows on platform combobox and check the box that says:
  Accept License Agreement. Click continue.
  
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u25-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.

* Go here to run an online scanner from ESET.

• Note: You will need to use Internet explorer for this scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is UNchecked.
• Click Scan
• Wait for the scan to finish.

Post back its report & a fresh dds.txt log. How's the system running?