[Jamazz]

I wasn't sure which Malwarebytes log to submit, so I pasted pre and post "remove" logs. The others are also pasted.

JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows ™ Vista Home Premium x64
Ran by karen hastings on Sun 06/30/2013 at 13:35:29.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pc optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\surf canyon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2612669
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BF5CDBD7-EC78-41F8-A1B1-01829572104D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



~~~ Files

Successfully deleted [File] C:\Windows\svchost.exe [Check for TDL4 Rootkit!]



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\wecarereminder"
Successfully deleted: [Folder] "C:\Users\karen hastings\AppData\Roaming\fighters"
Successfully deleted: [Folder] "C:\Users\karen hastings\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\karen hastings\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\free offers from freeze.com"
Successfully deleted: [Empty Folder] C:\Users\karen hastings\appdata\local\{0559D804-F08E-49CF-B8ED-ACFB11B88207}
Successfully deleted: [Empty Folder] C:\Users\karen hastings\appdata\local\{0F8FCEC9-4EDB-4C4F-B9F6-2BE507154869}
Successfully deleted: [Empty Folder] C:\Users\karen hastings\appdata\local\{1DB04C60-160C-4385-970C-65202C2C9D03}
Successfully deleted: [Empty Folder] C:\Users\karen hastings\appdata\local\{300E8C7B-B967-4E7A-9B61-257E3904A3AD}
Successfully deleted: [Empty Folder] C:\Users\karen hastings\appdata\local\{34FCEEE6-7F01-4A82-89D1-8AB07C9F9D2D}
Successfully deleted: [Empty Folder] C:\Users\karen hastings\appdata\local\{64F83BA5-2BF4-4F3B-B9BE-869F2CE49B6A}
Successfully deleted: [Empty Folder] C:\Users\karen hastings\appdata\local\{7DEA55D7-7618-401E-A783-3D93C5DFC0E4}
Successfully deleted: [Empty Folder] C:\Users\karen hastings\appdata\local\{88E1CD2A-ADB5-422C-A7BE-DD6385A90CC5}
Successfully deleted: [Empty Folder] C:\Users\karen hastings\appdata\local\{8BD36CFD-152A-4415-8998-94A8EA4E2BF7}
Successfully deleted: [Empty Folder] C:\Users\karen hastings\appdata\local\{8D4CE712-8F9A-471C-91C2-93D96A6E97AE}
Successfully deleted: [Empty Folder] C:\Users\karen hastings\appdata\local\{997C3A25-4DFB-4749-8786-D4680CEFB900}
Successfully deleted: [Empty Folder] C:\Users\karen hastings\appdata\local\{9A31E02E-B1AF-4ED9-9087-AC3794BE0BB0}
Successfully deleted: [Empty Folder] C:\Users\karen hastings\appdata\local\{9E4CA768-DD53-4F2E-A03F-0E4C43B42DF8}
Successfully deleted: [Empty Folder] C:\Users\karen hastings\appdata\local\{B37FCBF4-94AA-41F9-AC50-991848597953}
Successfully deleted: [Empty Folder] C:\Users\karen hastings\appdata\local\{BAC8216E-059B-42D5-B05B-7A0C52394B7F}
Successfully deleted: [Empty Folder] C:\Users\karen hastings\appdata\local\{C1AD4DB2-91CE-42B3-AB06-E4095430B9F5}
Successfully deleted: [Empty Folder] C:\Users\karen hastings\appdata\local\{CB923DAE-70B9-4EC7-8A4B-207F65F133EF}
Successfully deleted: [Empty Folder] C:\Users\karen hastings\appdata\local\{EFAD7B83-61C6-45A2-9015-1C99B78721A1}
Successfully deleted: [Empty Folder] C:\Users\karen hastings\appdata\local\{F96EB297-D5AF-488E-AEDB-20BEC686C19D}
Successfully deleted: [Empty Folder] C:\Users\karen hastings\appdata\local\{FE88FBBE-E25B-44C9-8323-A25445AB0A88}
Successfully deleted: [Folder] "C:\ProgramData\ask"



~~~ FireFox

Successfully deleted: [File] C:\Users\karen hastings\AppData\Roaming\mozilla\firefox\profiles\f8fx7ukf.default\extensions\[email protected] [Tracur]
Emptied folder: C:\Users\karen hastings\AppData\Roaming\mozilla\firefox\profiles\f8fx7ukf.default\minidumps [208 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/30/2013 at 13:40:38.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwcCleaner log

# AdwCleaner v2.303 - Logfile created 06/30/2013 at 13:43:08
# Updated 08/06/2013 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : karen hastings - TOMDELLSTUDIO
# Boot Mode : Normal
# Running from : C:\Users\karen hastings\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\karen hastings\AppData\Roaming\Mozilla\Firefox\Profiles\f8fx7ukf.default\prefs.js

Deleted : user_pref("browser.newtabpage.blocked", "{\"bo4iF8X7cw640HqVn22zWg==\":1,\"Bfd7+tG331O7t9j+XXmwMw==\[...]

*************************

AdwCleaner[S1].txt - [2549 octets] - [30/06/2013 13:43:08]

########## EOF - C:\AdwCleaner[S1].txt - [2609 octets] ##########

Malwarebytes log 1

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.30.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
karen hastings :: TOMDELLSTUDIO [administrator]

Protection: Enabled

6/30/2013 1:50:58 PM
MBAM-log-2013-06-30 (14-05-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216781
Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\AH (Rogue.MultipleAV) -> No action taken.

Registry Values Detected: 4
HKCU\SOFTWARE\Mozilla\Firefox\Extensions\{59A40AC9-E67D-4155-B31D-4B7330FCD2D6} (Trojan.Agent) -> Data: -> No action taken.
HKCU\SOFTWARE\Mozilla\Firefox\Extensions|{59A40AC9-E67D-4155-B31D-4B7330FCD2D6} (Trojan.Agent) -> Data: C:\Program Files (x86)\Outerinfo\FF\ -> No action taken.
HKCR\.exe\shell\open\command| (Hijack.ExeFile) -> Data: "C:\Users\karen hastings\AppData\Local\lsu.exe" -a "%1" %* -> No action taken.
HKCR\ah|Content Type (Rogue.MultipleAV) -> Data: application/x-msdownload -> No action taken.

Registry Data Items Detected: 2
HKCR\.exe| (Hijacked.exeFile) -> Bad: (vH4) Good: (exefile) -> No action taken.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\karen hastings\AppData\Local\lsu.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.

Folders Detected: 3
C:\Program Files (x86)\Outerinfo (Adware.PurityScan) -> No action taken.
C:\Program Files (x86)\Outerinfo\FF (Adware.PurityScan) -> No action taken.
C:\Program Files (x86)\Outerinfo\FF\components (Adware.PurityScan) -> No action taken.

Files Detected: 5
C:\Program Files (x86)\Outerinfo\outerinfo.ico (Adware.PurityScan) -> No action taken.
C:\Program Files (x86)\Outerinfo\Terms.rtf (Adware.PurityScan) -> No action taken.
C:\Program Files (x86)\Outerinfo\FF\chrome.manifest (Adware.PurityScan) -> No action taken.
C:\Program Files (x86)\Outerinfo\FF\install.rdf (Adware.PurityScan) -> No action taken.
C:\Program Files (x86)\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.PurityScan) -> No action taken.

(end)

Malwarebytes log 2

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.30.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
karen hastings :: TOMDELLSTUDIO [administrator]

Protection: Enabled

6/30/2013 1:50:58 PM
mbam-log-2013-06-30 (13-50-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216781
Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\AH (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Values Detected: 4
HKCU\SOFTWARE\Mozilla\Firefox\Extensions\{59A40AC9-E67D-4155-B31D-4B7330FCD2D6} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Mozilla\Firefox\Extensions|{59A40AC9-E67D-4155-B31D-4B7330FCD2D6} (Trojan.Agent) -> Data: C:\Program Files (x86)\Outerinfo\FF\ -> Quarantined and deleted successfully.
HKCR\.exe\shell\open\command| (Hijack.ExeFile) -> Data: "C:\Users\karen hastings\AppData\Local\lsu.exe" -a "%1" %* -> Quarantined and deleted successfully.
HKCR\ah|Content Type (Rogue.MultipleAV) -> Data: application/x-msdownload -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCR\.exe| (Hijacked.exeFile) -> Bad: (vH4) Good: (exefile) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\karen hastings\AppData\Local\lsu.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and repaired successfully.

Folders Detected: 3
C:\Program Files (x86)\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Outerinfo\FF (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Outerinfo\FF\components (Adware.PurityScan) -> Quarantined and deleted successfully.

Files Detected: 5
C:\Program Files (x86)\Outerinfo\outerinfo.ico (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Outerinfo\Terms.rtf (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Outerinfo\FF\chrome.manifest (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Outerinfo\FF\install.rdf (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.PurityScan) -> Quarantined and deleted successfully.

(end)

[Advertisements]

Nice going. Quite a few bad entries. We should continue scanning with different tools.

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

• Click the green ESET Online Scanner box
• Tick the box next to YES, I accept the Terms of Use
  then click on: Start
• You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
• Make sure that the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click on Start
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close, make sure you copy the logfile first!
• Then click on: Finish
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

[JSntgRvr]

Nice going. Quite a few bad entries. We should continue scanning with different tools.

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

• Click the green ESET Online Scanner box
• Tick the box next to YES, I accept the Terms of Use
  then click on: Start
• You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
• Make sure that the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click on Start
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close, make sure you copy the logfile first!
• Then click on: Finish
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

[Jamazz]

The scan has been completed. It seems to have deleted already quarantined files. The program did not automatically leave a logfile in the path you mentioned, but I did copy the results to clipboard.

ESET log

C:\TDSSKiller_Quarantine\29.06.2013_08.47.28\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.06.2013_08.47.28\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.06.2013_08.47.28\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.06.2013_08.47.28\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.06.2013_08.47.28\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.06.2013_08.47.28\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.06.2013_08.47.28\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.06.2013_08.47.28\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\Users\karen hastings\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe Win32/InstallCore.BN.Gen application cleaned by deleting - quarantined
C:\Users\karen hastings\AppData\Local\Temp\jF+JkcmW.exe.part Win32/Adware.iBryte.G application cleaned by deleting - quarantined
C:\Users\karen hastings\Downloads\avira_free_antivirus_en(1).exe a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
C:\Users\karen hastings\Downloads\avira_free_antivirus_en.exe a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
C:\Users\karen hastings\Downloads\WinZip175.exe a variant of Win32/OpenInstall application cleaned by deleting - quarantined
C:\Users\karen hastings\Downloads\ZipOpenerSetup.exe Win32/InstallCore.BN.Gen application cleaned by deleting - quarantined

[JSntgRvr]

Thanks.

Read here on how to handle ESET's Quarantine.

How is the computer doing?

[Jamazz]

I already deleted the quarantined files and opted to utilize the auto-uninstall feature of ESET's scan at the time it finished.

The computer is running smooth. Of course, I'm not really sure how well it used to operate before I was asked to fix it, so I have no basis for comparison. But, from what I can tell, it's running loads faster than it did and doesn't pop-up with all kinds of junk. After we blew the MBR virus away, I was able to successfully update Window's Security patches that were long overdue. Also, some Apple applications automatically updated. The virus was blocking that stuff from happening.

I truly appreciate all your help!

I will keep an eye on it for a few more days, and if nothing turns up, I will be giving it back to the owner with some instructions on how to operate it better and safer. Thanks again!

[JSntgRvr]

Congratulations.

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Run OTL. Click on the Cleanup button and follow the prompts.

Remove the C:\FRST folder

Manually remove any tool left.

Here are some suggestions.

• Always keep your JAVA updated. Older versions will make your computer vulnerable.
  
• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Best wishes!

[Jamazz]

I can't thank you enough.

...followed the last bit of instructions. Updated everything I saw, backed up the registry, and ran a final virus scan. It's all clean.

I learned a lot, and I have much to do with my other computers just to see what I could find on those.

Take care dude!

[JSntgRvr]

You are welcome.