Win32:Malware-gen, and others in virus chest but still having problems

[misash]

Hi there, thank you so much for any help and direction you give me.  I screwed up and and downloaded a keylogger.  I may have made it worse by using system restore to go back.  Internet pages are appearing in Chinese although my settings are for English and the page translation fails. I am using windows 7 and google chrome. I ran the quick scan and the full scan and both came back clean. Web pages just do not look the same.  The settings in chrome look different. Here are my logs.  Please let me know what I should do next please!!
Thank you so much
Melissa

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.09.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mis :: MIS-HP [administrator]

Protection: Enabled

12/9/2012 5:39:30 AM
mbam-log-2012-12-09 (05-39-30).txt

Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: Registry | File System
Objects scanned: 170716
Time elapsed: 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.09.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mis :: MIS-HP [administrator]

Protection: Enabled

12/9/2012 5:14:17 AM
mbam-log-2012-12-09 (05-14-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206230
Time elapsed: 20 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[Pondus]

follow the guide here and attach the logs  http://forum.avast.com/index.php?topic=53253.0

when done the malware experts will be notified

[misash]

Yes I am sorry I am running the OTL now...but it keeps getting hung up and stops responding on the firefox settings...so not sure what else to do...skip on to the next step?

[misash]

nevermind it got over that as soon as I hit enter....I will follow the rest of the logs to help and then post.

[misash]

Not sure what just happened but there was some error it said when I tried to post my reply.  After several restarts due to system not responding..I think I have all the logs now.  although I never could find the extras.txt.  Not sure what I need to do about that.  I will wait to hear from you.

Thank you,
Melissa

[essexboy]

There is an indication there of a keylogger, from a clean computer reset all your passwords and do not use them on this computer until I can see it is clean

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:OTL
[2012/12/08 17:53:12 | 000,037,914 | ---- | M] () (No name found) -- C:\Users\Mis\AppData\Roaming\Mozilla\Firefox\Profiles\dzz2fzri.default\extensions\trash\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
[2012/11/24 09:56:25 | 000,554,789 | ---- | M] () (No name found) -- C:\Users\Mis\AppData\Roaming\Mozilla\Firefox\Profiles\dzz2fzri.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}.xpi
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
[2012/09/28 17:54:49 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
@Alternate Data Stream - 168 bytes -> C:\Users\Mis\Documents\poolreciept2.tiff:3or4kl4x13tuuug3Byamue2s4b

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[misash]

Well I got as far as the quickscan, but 7 times now it has hung up on scanning firefox settings.  It will stay on that for about 5 minutes and then it stops responding and proceeds to lock the computer up that a shutdown is the only option.  Then 3 times the computer restarted and brought up the desktop only to stop responding again causing another shutdown.  I started in safemode and ran a startup repair and amazingly I got here!!:)  Right now it is still hung up on the scanning fire fox settings.....so I guess the next step

[misash]

I am on my phone now.  Got the combofix to run except now it has displayed that is preparing log report for almost 45 mins. It had apx 58 lines. What should I do? Does it take this long normally?

[essexboy]

No it does not .. Reboot the computer please and locate the combofix log at C:\combofix.txt

[misash]

The file finally opened. Thank you for your patience.

[essexboy]

A few more bits to remove, once done could you let me know how the system is behaving

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:Files
c:\program files\IB Updater
c:\users\Mis\AppData\Roaming\Mozilla\Firefox\Profiles\dzz2fzri.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
c:\users\Mis\AppData\Roaming\Mozilla\Firefox\Profiles\dzz2fzri.default\extensions\crossriderapp4493@crossrider.com
c:\users\Mis\AppData\Roaming\Mozilla\Firefox\Profiles\dzz2fzri.default\extensions\ffxtlbr@incredibar.com

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[misash]

So sorry, did not mean to leave you hanging...but my problem was just a tad more serious and got worse....he or his code was causing my system to stop responding, and by the time I would finally get restarted...all his virus trojan crap was right back...then when I came back to post...it was not allowing me to post anything....so computer is at an outside hospital!! ..Thank you for all of your help!!:)

[essexboy]

Sorry about that, they will probably reformat the system so it should be squeaky clean