MSE keeps detecting Trojan:JS/Medfos.B

I keep getting popups from MSE every 5 minutes saying that "Detected threats are being cleaned. No action needed". When I look under the History tab on MSE, I find that the quarantined items are all Trojan:JS/Medfos.B. My DDS.txt log is below.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 1.6.0_29
Run by sipseal at 8:40:46 on 2012-11-23
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1963.384 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\Panasonic\PNotif\PNotif.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\EtmService.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\System32\svchost.exe -k LPDService
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Panasonic\PPlanEx\opdoffsv.exe
C:\Program Files (x86)\Panasonic\pcinfo\PCInfoPi.exe
C:\Program Files (x86)\Panasonic\pcinfo\PCInfoSV.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Panasonic\Selsussv\selsussv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\tskman.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Panasonic\Hotkey Appendix\HKeyApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Panasonic\PPlanEx\PPlanEx.exe
C:\Program Files\Panasonic\WSwitch\WSwitch.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Panasonic\OptiView\FS_ZOOMFilt.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Panasonic\PPopup\ppopup.exe
C:\Program Files\Panasonic\PPlanEx\ChgBmode.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Panasonic\Hotkey Appendix\hkeyapp.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Panasonic\WheelPad\Touchpad.exe
C:\Users\sipseal\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Panasonic\OptiView\ViewPnl.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Users\sipseal\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.nytimes.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Google Update] "C:\Users\sipseal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [tinlb] "C:\Windows\System32\rundll32.exe" "C:\Users\sipseal\AppData\Roaming\tinlb.dll",Import
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [Panasonic Hotkey Manager] C:\Program Files (x86)\Panasonic\Hotkey Appendix\HKEYAPP.EXE
mRun: [PCinfo] C:\Program Files (x86)\Panasonic\pcinfo\PcInfoUt.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\sipseal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\sipseal\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\sipseal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\OPTIMI~1.LNK - C:\Program Files\Panasonic\OptiView\FS_ZOOMFilt.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PCINFO~1.LNK - C:\Program Files (x86)\Panasonic\PPopup\ppopup.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOUCHP~1.LNK - C:\Program Files (x86)\Panasonic\WheelPad\Touchpad.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: NoAutorun = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoAutorun = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{08B8ED23-201F-45B9-B756-36DFEA2AB2A9} : DHCPNameServer = 134.174.141.2 134.174.17.6
TCP: Interfaces\{3E2926BD-7107-4742-B8D6-F73FCFE2AADD} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3E2926BD-7107-4742-B8D6-F73FCFE2AADD}\0527F66796E6365647F677E60294E6E6028294E6E602C4F626269792 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{3E2926BD-7107-4742-B8D6-F73FCFE2AADD}\36F666665656F4 : DHCPNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe /tray
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [PPlanEx] C:\Program Files\Panasonic\PPlanEx\PPlanEx.exe
x64-Run: [WSwitch] C:\Program Files\Panasonic\WSwitch\WSwitch.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223}
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\sipseal\AppData\Roaming\Mozilla\Firefox\Profiles\4udgjyrw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/calendar/
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Users\sipseal\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\sipseal\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\sipseal\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
FF - plugin: D:\Program Files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: D:\Program Files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: D:\Program Files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: D:\Program Files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: D:\Program Files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: D:\Program Files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: D:\Program Files\QuickTime\Plugins\npqtplugin7.dll
FF - ExtSQL: 2012-11-23 08:20; {56702f58-5620-4c32-a906-4271537ab80f}; C:\Users\sipseal\AppData\Roaming\Mozilla\Firefox\Profiles\4udgjyrw.default\extensions\{56702f58-5620-4c32-a906-4271537ab80f}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R2 ETMService;Intel® Dynamic Power Performance Management Service Application;C:\Windows\SysWOW64\etmservice.exe [2010-3-7 223768]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-13 13336]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456]
R2 OPDOFFSV;Panasonic Opdoff Utility;C:\Program Files\Panasonic\PPlanEx\opdoffsv.exe [2010-3-7 636736]
R2 PcInfoPi;Panasonic PC Information Viewer Service 2;C:\Program Files (x86)\Panasonic\pcinfo\PcInfoPi.exe [2010-3-7 46912]
R2 PcInfoSV;Panasonic PC Information Viewer;C:\Program Files (x86)\Panasonic\pcinfo\PCInfoSV.exe [2010-3-7 235392]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-4-15 1153368]
R2 SELSUSSV;Panasonic USB Selective Suspend Manager;C:\Program Files (x86)\Panasonic\Selsussv\selsussv.exe [2010-3-7 76672]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2010-3-7 287960]
R3 EtmCpu;EtmCpu;C:\Windows\System32\drivers\EtmDevCpu.sys [2010-3-7 32256]
R3 EtmDevGen;EtmDevGen;C:\Windows\System32\drivers\EtmDevGen.sys [2010-3-7 23552]
R3 EtmDrvMgr;EtmDrvMgr;C:\Windows\System32\drivers\EtmDrvMgr.sys [2010-3-7 58368]
R3 EtmFan;EtmFan;C:\Windows\System32\drivers\EtmDevFan.sys [2010-3-7 13824]
R3 EtmGmchMem;EtmGmchMem;C:\Windows\System32\drivers\EtmDevGmch.sys [2010-3-7 108032]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2010-3-7 5435904]
R3 NewMisc;Panasonic Misc Driver;C:\Windows\System32\drivers\nmisc64.sys [2010-3-7 66112]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2010-3-7 292864]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-10-31 16776]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-10-31 9096]
S3 LVUVC64;Logitech Webcam C260(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-8-19 4869024]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-10 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-12 1255736]
SUnknown zwttqoru;zwttqoru; [x]
.
=============== Created Last 30 ================
.
2012-11-23 13:21:09 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1E5EB3B-4094-481B-88E5-C044F270CD1B}\offreg.dll
2012-11-23 13:09:40 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1E5EB3B-4094-481B-88E5-C044F270CD1B}\mpengine.dll
2012-11-22 22:44:16 579880 ----a-w- C:\Windows\System32\dsNcSmartCardProv.dll
2012-11-22 22:44:16 405288 ----a-w- C:\Windows\System32\dsNcCredProv.dll
2012-11-22 22:43:28 -------- d-----w- C:\Program Files (x86)\Juniper Networks
2012-11-22 22:42:48 -------- d-----w- C:\Users\sipseal\AppData\Roaming\Juniper Networks
2012-11-22 04:05:48 9125352 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-21 19:27:55 -------- d-----w- C:\Windows\rescache
2012-11-21 01:59:09 527360 ----a-w- C:\Users\sipseal\AppData\Roaming\tinlb.dll
2012-11-17 12:54:57 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-17 12:54:57 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-17 12:54:56 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-17 12:54:56 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-17 12:40:45 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-17 12:40:45 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-17 12:40:44 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-17 12:40:44 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-17 12:40:41 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-17 12:40:41 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-17 12:40:40 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-14 06:48:36 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-14 06:48:36 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-11-02 03:56:19 -------- d-----w- C:\Program Files (x86)\DNASTAR
2012-11-01 22:40:38 -------- d-----w- C:\Users\sipseal\AppData\Local\DNASTAR
2012-11-01 22:18:00 -------- d-----w- C:\ProgramData\SafeNet Sentinel
2012-11-01 22:18:00 -------- d-----w- C:\ProgramData\DNASTAR
2012-11-01 12:08:45 -------- d-----w- C:\Users\sipseal\AppData\Roaming\PerformerSoft
2012-11-01 12:08:44 19000 ----a-w- C:\Windows\System32\roboot64.exe
2012-11-01 12:08:20 -------- d-----w- C:\Users\sipseal\AppData\Roaming\BitZipper
2012-11-01 01:22:10 9096 ----a-w- C:\Windows\System32\EuGdiDrv.sys
2012-11-01 01:22:10 3316736 ----a-w- C:\Windows\System32\BootMan.exe
2012-11-01 01:22:10 3316736 ----a-w- C:\Windows\System32\¸´¼þ BootMan.exe
2012-11-01 01:22:10 2468520 ----a-w- C:\Windows\SysWow64\BootMan.exe
2012-11-01 01:22:10 2468520 ----a-w- C:\Windows\SysWow64\¸´¼þ BootMan.exe
2012-11-01 01:22:10 19840 ----a-w- C:\Windows\SysWow64\EuEpmGdi.dll
2012-11-01 01:22:10 16776 ----a-w- C:\Windows\System32\epmntdrv.sys
2012-11-01 01:22:10 16256 ----a-w- C:\Windows\System32\EuEpmGdi.dll
2012-11-01 01:22:10 100232 ----a-w- C:\Windows\System32\setupempdrvx64.exe
2012-11-01 01:22:09 86408 ----a-w- C:\Windows\SysWow64\setupempdrv03.exe
2012-11-01 01:22:09 8456 ----a-w- C:\Windows\SysWow64\EuGdiDrv.sys
2012-11-01 01:22:09 14216 ----a-w- C:\Windows\SysWow64\epmntdrv.sys
2012-11-01 01:21:55 -------- d-----w- C:\Program Files (x86)\EaseUS
2012-10-29 11:07:21 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-10-29 11:07:21 157272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-10-29 11:06:19 16192 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
2012-10-29 11:06:19 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
2012-10-29 11:06:19 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
2012-10-29 11:06:19 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2012-10-29 11:06:19 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2012-10-29 11:06:19 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2012-10-29 11:06:19 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2012-10-29 11:06:19 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2012-10-29 11:06:19 103904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-10-29 11:06:18 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
.
==================== Find3M ====================
.
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-31 02:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 02:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 8:41:32.25 ===============

Hello sipseal, ! Welcome to BleepingComputer Forums!

My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

• I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
• The logs can take some time to research, so please be patient with me.
• Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
• Instructions that I give are for your system only!
• Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
• Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
• Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

Please follow the instructions below:

• Please download OTL from the link below:
  • OTL
• Save it to your desktop/
• Double click on the icon on your desktop.
• OTL should now start. Change the following settings:
  - Click on Scan All Users checkbox given at the top.
  - Under File Scans, change File age to 90
  - Change Standard Registry to All
  - Check the boxes beside LOP Check and Purity Check
• Copy and Paste the following code into the textbox.
• Don't copy the word "quoted"
  

  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  %SYSTEMDRIVE%\*.*
  %USERPROFILE%\*.*
  %USERPROFILE%\temp\*.exe
  %USERPROFILE%\AppData\Local\*.*
  %USERPROFILE%\AppData\Local\*.
  %USERPROFILE%\AppData\Local\temp\*.exe
  %USERPROFILE%\AppData\Roaming\*.*
  %USERPROFILE%\AppData\Roaming\*.
  %Public%\Documents\Softwrap\YOYOGAMESGM70FINAL\*.exe
  %Public%\Documents\Fonts\*.exe
  %Public%\Documents\Config\*.exe
  %Public%\Documents\*.*
  %ProgramData%\*.*
  %ProgramData%\*.
  %CommonProgramFiles%\*.*
  %CommonProgramFiles%\ComObjects*.exe
  %commonprogramfiles(x86)%\*.*
  %programfiles%\*.*
  %programfiles%\*.
  %ProgramFiles(x86)%\*.*
  %ProgramFiles(x86)%\*.
  %systemroot%\system32\config\systemprofile\AppData\Local\*.*
  %systemroot%\system32\config\systemprofile\AppData\Roaming\*.*
  %windir%\SysWOW64\config\systemprofile\AppData\Local\*.*
  %windir%\SysWOW64\config\systemprofile\AppData\Roaming\*.*
  %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb
  %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb
  %windir%\temp\*.exe
  %windir%\*.
  %windir%\installer\*.
  %windir%\system32\*.
  %windir%\sysnative\*.
  %Temp%\smtmp\1\*.*
  %Temp%\smtmp\2\*.*
  %Temp%\smtmp\3\*.*
  %Temp%\smtmp\4\*.*
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\syswow64\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /90
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\syswow64\drivers\*.sys /90
  %systemroot%\syswow64\drivers\*.sys /lockedfiles
  %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
  %systemroot%\*. /rp /s
  %systemroot%\assembly\tmp\*.* /S /MD5
  %systemroot%\assembly\temp\*.* /S /MD5
  %systemroot%\assembly\GAC\*.ini
  %systemroot%\assembly\GAC_32\*.ini
  %systemroot%\assembly\GAC_64\*.ini
  %SystemRoot%\assembly\GAC_MSIL\*.ini
  wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn
  %systemdrive%\$Recycle.Bin|@;true;true;true /fp
  HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
  HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
  HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
  HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
  HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
  HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
  HKEY_CURRENT_USER\Software\Classes\clsid\{12d0253a-7c96-815c-11e0-3034bbd97cc0}] /s
  HKEY_CURRENT_USER\Software\MSOLoad /s
  bcdedit /enum all /v >C:\boot.txt /c
  >C:\commands.txt echo list vol /raw /hide /c
  /wait
  >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
  /wait
  type c:\diskreport.txt /c
  /wait
  erase c:\commands.txt /hide /c
  /wait
  erase c:\diskreport.txt /hide /c
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  consrv.dll
  services.exe
  explorer.exe
  lsass.exe
  svchost.exe
  wininit.exe
  winlogon.exe
  userinit.exe
  atapi.sys
  iaStor.sys
  serial.sys
  volsnap.sys
  disk.sys
  redbook.sys
  i8042prt.sys
  afd.sys
  netbt.sys
  csc.sys
  tcpip.sys
  dfsc.sys
  hlp.dat
  str.sys
  crexv.ocx
  /md5stop
  

• Push the button.
• One report will open, copy and paste it in a reply here:
  • OTL.txt <-- Will be opened

Regards,
Georgi

Unfortunately the report did not open. I received the following error message:

Cannot create file "C:\users\sipseal\Desktop\cmd.bat"

Hi,

Usually, it's happens only the first time.
Can you please restart the computer and try again...if no joy use the script below - it should works out:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.*
%USERPROFILE%\*.*
%USERPROFILE%\temp\*.exe
%USERPROFILE%\AppData\Local\*.*
%USERPROFILE%\AppData\Local\*.
%USERPROFILE%\AppData\Local\temp\*.exe
%USERPROFILE%\AppData\Roaming\*.*
%USERPROFILE%\AppData\Roaming\*.
%Public%\Documents\Softwrap\YOYOGAMESGM70FINAL\*.exe
%Public%\Documents\Fonts\*.exe
%Public%\Documents\Config\*.exe
%Public%\Documents\*.*
%ProgramData%\*.*
%ProgramData%\*.
%CommonProgramFiles%\*.*
%CommonProgramFiles%\ComObjects*.exe
%commonprogramfiles(x86)%\*.*
%programfiles%\*.*
%programfiles%\*.
%ProgramFiles(x86)%\*.*
%ProgramFiles(x86)%\*.
%systemroot%\system32\config\systemprofile\AppData\Local\*.*
%systemroot%\system32\config\systemprofile\AppData\Roaming\*.*
%windir%\SysWOW64\config\systemprofile\AppData\Local\*.*
%windir%\SysWOW64\config\systemprofile\AppData\Roaming\*.*
%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb
%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb
%windir%\temp\*.exe
%windir%\*.
%windir%\installer\*.
%windir%\system32\*.
%windir%\sysnative\*.
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\syswow64\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\syswow64\drivers\*.sys /90
%systemroot%\syswow64\drivers\*.sys /lockedfiles
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /rp /s
%systemroot%\assembly\tmp\*.* /S /MD5
%systemroot%\assembly\temp\*.* /S /MD5
%systemroot%\assembly\GAC\*.ini
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
%SystemRoot%\assembly\GAC_MSIL\*.ini
wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
HKEY_CURRENT_USER\Software\Classes\clsid\{12d0253a-7c96-815c-11e0-3034bbd97cc0}] /s
HKEY_CURRENT_USER\Software\MSOLoad /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
consrv.dll
services.exe
explorer.exe
lsass.exe
svchost.exe
wininit.exe
winlogon.exe
userinit.exe
atapi.sys
iaStor.sys
serial.sys
volsnap.sys
disk.sys
redbook.sys
i8042prt.sys
afd.sys
netbt.sys
csc.sys
tcpip.sys
dfsc.sys
hlp.dat
str.sys
crexv.ocx
/md5stop

Regards,
Georgi

Here are the contents of OTL.txt:

http://pastebin.com/f6evsQKs

Another report was generated as Extras.txt:

http://pastebin.com/Qpxibmhj

Hi,


We need to run an OTL Fix

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox. Do not include the word "Code"
  

  :OTL
  MOD - [2012/11/20 20:59:10 | 000,527,360 | ---- | M] () -- C:\Users\sipseal\AppData\Roaming\tinlb.dll
  FF - prefs.js..extensions.enabledAddons: {56702f58-5620-4c32-a906-4271537ab80f}:2.0.14
  [2010/03/21 18:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sipseal\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
  [2012/11/23 08:20:40 | 000,002,391 | ---- | M] () (No name found) -- C:\Users\sipseal\AppData\Roaming\mozilla\firefox\profiles\4udgjyrw.default\extensions\{56702f58-5620-4c32-a906-4271537ab80f}.xpi
  O4 - HKLM..\Run: [] File not found
  O4 - HKU\S-1-5-21-3866111677-935689091-1683429776-1001..\Run: [tinlb] C:\Users\sipseal\AppData\Roaming\tinlb.dll ()
  [2010/05/12 06:04:13 | 000,000,000 | -HSD | M] -- C:\Windows\system32\%APPDATA%
  [2011/08/11 07:45:57 | 000,000,000 | -HSD | M] -- C:\Windows\sysnative\%APPDATA%
  :commands
  [emptytemp]
  

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click .
• A report will open. Copy and Paste that report in your next reply.
• If a report is not shown please navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present.
• Copy/paste the content of the log back here in your next post.
• Now can you please go to C:\_OTL\MovedFiles and right click on the folder, select send to compressed(zip) folder that will make a zipped copy of this folder.
• Then please upload it to http://www.bleepingcomputer.com/submit-malware.php?channel=122 so we can examine the files and submit to antivirus companies if needed.
• After that please delete the zip files you just created.

Regards,
Georgi

Thank you for your reply. I have submitted the .zip file.

All processes killed
========== OTL ==========
Releasing module C:\Users\sipseal\AppData\Roaming\tinlb.dll
C:\Users\sipseal\AppData\Roaming\tinlb.dll moved successfully.
Prefs.js: {56702f58-5620-4c32-a906-4271537ab80f}:2.0.14 removed from extensions.enabledAddons
C:\Users\sipseal\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully.
C:\Users\sipseal\AppData\Roaming\mozilla\firefox\profiles\4udgjyrw.default\extensions\{56702f58-5620-4c32-a906-4271537ab80f}.xpi moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_USERS\S-1-5-21-3866111677-935689091-1683429776-1001\Software\Microsoft\Windows\CurrentVersion\Run\\tinlb deleted successfully.
File C:\Users\sipseal\AppData\Roaming\tinlb.dll not found.
Folder C:\Windows\system32\%APPDATA%\ not found.
Folder C:\Windows\sysnative\%APPDATA%\ not found.
File ptytemp] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 11242012_095441

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Hello,


Nice work.
Can you please rerun OTL and post the newest log when done scanning?
Thanks!



Regards,
Georgi

I wasn't sure if I was supposed to run the fix (the 2nd code you gave me) or the scan (the 1st)... I ran the fix. I hope that's the right one!

All processes killed
========== OTL ==========
Prefs.js: {56702f58-5620-4c32-a906-4271537ab80f}:2.0.14 removed from extensions.enabledAddons
Folder C:\Users\sipseal\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\ not found.
File C:\Users\sipseal\AppData\Roaming\mozilla\firefox\profiles\4udgjyrw.default\extensions\{56702f58-5620-4c32-a906-4271537ab80f}.xpi not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_USERS\S-1-5-21-3866111677-935689091-1683429776-1001\Software\Microsoft\Windows\CurrentVersion\Run\\tinlb deleted successfully.
File C:\Users\sipseal\AppData\Roaming\tinlb.dll not found.
Folder C:\Windows\system32\%APPDATA%\ not found.
Folder C:\Windows\sysnative\%APPDATA%\ not found.
File ptytemp] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 11242012_140820

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Hi,


No, I meant to have you run a new scan (not fix) with otl as described here.



Regards,
Georgi

Sorry for the confusion. Here it is:

http://pastebin.com/JB1XHnm9

Hi,


Good. The log is clean.
How are the things now?


Next let's check for leftovers.
The most of them should take no more than 5 minutes each.
Eset could take up to an hour or two depending on the size of your hard drive and the speed of your computer.
You can run these scans at night when you are not there and the computer is idle.



STEP 1



Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
• Put a checkmark beside loaded modules.
  
• A reboot will be needed to apply the changes. Do it.
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
• Then click on Change parameters in TDSSKiller.
• Check all boxes then click OK.
  
• Click the Start Scan button.
  
• The scan should take no longer than 2 minutes.
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

STEP 2

• Please download the newest version of Malwarebytes' Anti-Malware and install it.
• Please start the application by double-click on it's icon.
• Once the program has loaded go to the UPDATE tab and check for updates.
• When the update is complete, select the Scanner tab
• Select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad.
• Please save it to a convenient location and post the results in your next reply.

STEP 3


I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the Run ESET Online Scanner button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
• Check
• Click the button.
• Accept any security warnings from your browser.
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:

• • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Push the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Push the button.
• Push

STEP 4



Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

STEP 5



Download Security Check by screen317 from here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Regards,
Georgi

Hi,


Are you still with me?



Regards,
Georgi

Yes I am! Sorry for the delay, it's taking me some time to get to doing all the scans. Thanks for your help so far!

Hi,


Thank you for letting me know.


Regards,
Georgi