Problems w/ keylogger, cont. (Laptop)

As mentioned in my thread about my desktop, shown here: http://forums.majorgeeks.com/showthread.php?t=232539, I've been having the same problems with both of my computers.

To recap, a few days ago I logged onto my computer to find a lot of my email accounts and other login information compromised. Having been through this situation before several months back, I was familiar with how to deal with it, and under a friend's supervision, I downloaded Avira, which promptly took care of the situation.

This time, however, I can't find any signs of any viruses using most scanners. I've tried the Panda online scanner, as well as Avira and avast! (both of which I foolishly ran at first; now, I only run Avira).

Attached is the logs for my laptop, in the hopes that maybe the virus/keylogger can in fact be found, so I can actually remove this and work towards securing my computers again. Any help would be greatly appreciated.

Thank you.

-DB

 

After updating and re-scanning, it found a PUM.Bad.Proxy registry value. Seemed to fix with no problems, however? I attached the log as requested.

Just a lone folder that says "CrashReport". The folder is empty.

HJT ran without issues.

fixME.reg also ran with success.

I received an error when running the MGtools, however, when running it - I have attached the error message in the form of a picture along with the logs just to give visual to it. I assume it was right to click "Okay", which I did, as the rest of the operation proceeded without incident.

I appreciate the help you've given me on both of these issues. I hope this can get resolved somehow, even though so far there's been no luck.

 

GMER ran without finding anything.

I'm kind of perturbed that neither of my computers are registering any kind of virus, because I -know- that at least one of them, if not both, contain a keylogger. There's no other way possible that my emails and login information could have been found; I don't use public computers, and no one else has access to my information but myself (and whoever in China hacked me, apparently).

Do you have any suggestions for further pursuing this issue, perhaps? Maybe some other programs? Though I appreciate everything you've done, and I know you've done your best, the fact that we haven't found anything doesn't seem to explain why my information was hacked by someone on the other side of the planet.

*EDIT* - the log didn't save as it should have; give me a moment to re-run the scan and get another copy of the log, and I'll have it uploaded.

 

Odd that I can't edit previous posts. Hrm. Anyways, the GMER logs came up completely blank - I assume that's its version of what they look like when they don't find anything? It's attached as a .txt file - I had to re-save it as apparently .log files aren't supported in attachments.

Do you have any idea what might have happened to jeopardize my information, then? It's driving me up the wall that there isn't any evidence of any keyloggers on either machine. Like I said, I don't use public computers (I have my own), and I keep login and password information very close to my chest, as I use my computers regularly to make purchases online, among other things.

I just don't want to feel like there's nothing to be found, but not know what went wrong, you know? I worry that I'll go back to my normal routine and it'll happen again, or worse, I won't catch it the next time until it's too late.

It's driving me nuts here, to say the least.

EDIT: I also don't get this whole GMER log idea. It keeps saving them, but they have a 0 byte file size, and everytime I try to upload them, it fails (I assume because they're just blank notepad files at this point).

 

My online surfing habits aren't even really surfing, to be honest - daily, the only sites I regularly visit are my emails (Hotmail and Gmail), Facebook, and forums. Nothing out of the ordinary, and when I sort through emails, I almost never open any of them, preventing me from getting any virus from that.

As for what got hacked, my emails were compromised, as well as my Facebook, and a couple of gaming accounts I use regularly - mainly World of Warcraft, which is what I assume the keylogger was directed towards, however Gmail flagged an alert telling me not only that I was online at multiple locations, but it has a feature that also shows where I'm logged in at. In this case, one such location happened to be an "undisclosed" location in China.

 

Thank you, at least, for helping me as much as you have. I appreciate you taking the time to help me If I have any other major issues, or it happens again, I'll make sure to give a holler if it peeks its head out in the future.

If nothing else, CCleaner got rid of a good 4 or 5GB of random temp files off of each computer. Hopefully my computers can run a bit faster now? Haha.

Thanks again!

 

Not until you linked it for me; however, the information isn't really new to me. I don't even read emails that say they're about World of Warcraft anymore unless I specifically request feedback; I probably delete about a half dozen or so fake emails a day without even glancing at them.

I have my accounts for email and whatnot secure, so I'm not terribly worried at this point. Everything's as it should be. I'm just getting mildly pissed that I feel I'm pretty safe with my computer, and yet even though I have things like Avira up-to-date on a daily basis, that these viruses keep getting through the cracks.

I digress, though.

The reason I posted was to give an update on my laptop. Ever since installing Comodo's firewall on my computer, it keeps popping up with two "unsecure" events where something keeps trying to edit my registry keys (I say unsecure because it says I should make sure to check on them before allowing them access, and it doesn't know their publisher). I've tried looking them up in my system, as Comodo gives the path on where they're from, but when I go to look for them, they're nowhere to be seen (even with hidden files enabled). Would these by any chance be viral in nature?

\Windows\System32\MSCOMCTL.OCX
\Windows\System32\MSSTDFMT.DLL

I've attached a jpg of the HTML log from Comodo detailing this for reference (I tried to save it as a .txt, but HTML was the only format it wanted to save as when I exported it).