Solved Another search results jump to other search sites/pages

Status
Not open for further replies.

ciscoguy87

Posts: 13   +0
Hey guys no luck fixing this myself so i figured id see what you guys thought. I did the 8 step so here are my logs.. Thanks for any help!

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6208

Windows 6.0.6000
Internet Explorer 7.0.6000.16982

3/29/2011 3:21:36 PM
mbam-log-2011-03-29 (15-21-36).txt

Scan type: Quick scan
Objects scanned: 142698
Time elapsed: 7 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

gmer.log..

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-03-29 16:23:49
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdePort0 Hitachi_HTS541612J9SA00 rev.SBDOC7DP
Running: hylw4ee2.exe; Driver: C:\Users\Fred\AppData\Local\Temp\pwtdypob.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8A5068DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskHitachi_HTS541612J9SA00_________________SBDOC7DP#5&14dda568&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----



.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Fred at 16:30:37.26 on Tue 03/29/2011
Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1014.204 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Users\Fred\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Fred\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\users\fred\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {210A1971-32BC-4583-B15F-955F22FA3DFC} = 8.8.8.8
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\fred\appdata\roaming\mozilla\firefox\profiles\gnqi1rou.default\
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cb50aad&v=6.011.025.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\fred\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-25 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-25 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-25 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-25 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-25 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-9-27 36640]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2010-9-27 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2010-9-27 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2010-9-27 121576]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-03-29 20:12:47 -------- d-----w- c:\users\fred\appdata\roaming\Malwarebytes
2011-03-29 20:12:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-29 20:12:32 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-29 20:12:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-29 20:12:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-25 22:08:40 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-25 22:08:36 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-03-25 22:08:08 40648 ----a-w- c:\windows\avastSS.scr
2011-03-25 22:07:46 -------- d-----w- c:\program files\AVAST Software
2011-03-25 22:07:46 -------- d-----w- c:\progra~2\AVAST Software
2011-03-24 01:25:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-24 01:25:33 14121944 ----a-w- c:\program files\mozilla firefox\xul.dll
2011-03-24 01:25:31 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-24 01:25:31 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-24 01:25:30 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-24 01:25:30 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-24 01:25:30 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-24 01:25:30 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-03-24 01:25:29 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-03-12 17:28:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-03-12 17:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-03-29 20:50:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6000 Disk: Hitachi_HTS541612J9SA00 rev.SBDOC7DP -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84BFD439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x84c037d0]; MOV EAX, [0x84c0384c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x81C67985] -> \Device\Harddisk0\DR0[0x8402B3E0]
3 nt[0x81CA80AF] -> nt!IofCallDriver[0x81C67985] -> [0x832BBD88]
5 acpi[0x8048432A] -> nt!IofCallDriver[0x81C67985] -> [0x832A98B8]
\Driver\atapi[0x84BE9D30] -> IRP_MJ_CREATE -> 0x84BFD439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskHitachi_HTS541612J9SA00_________________SBDOC7DP#5&14dda568&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 234441646 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 16:33:21.95 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/3/2010 8:14:02 PM
System Uptime: 3/29/2011 3:46:23 PM (1 hours ago)
.
Motherboard: TOSHIBA | | IAKAA
Processor: Genuine Intel(R) CPU T2080 @ 1.73GHz | U2E1 | 800/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 110 GiB total, 63.095 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.3
Adobe Shockwave Player
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
avast! Free Antivirus
Bluetooth Stack for Windows by Toshiba
CD/DVD Drive Acoustic Silencer
Cisco Packet Tracer 5.3.1
Desktop Dialer
DVD MovieFactory for TOSHIBA
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 24
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Press Training Kit Exam Prep Suite 70-620
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft XML Parser
Mozilla Firefox 4.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.2
QuickTime
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
SAMSUNG USB Driver for Mobile Phones
Spelling Dictionaries Support For Adobe Reader 9
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Game Console
TOSHIBA Hardware Setup
TOSHIBA Media Center Game Console
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Utility Common Driver
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinDVD for TOSHIBA
Yahoo! Messenger
Yahoo! Software Update
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================================

We have a rootkit there....

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
2011/03/29 21:41:31.0592 0172 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/29 21:41:32.0068 0172 ================================================================================
2011/03/29 21:41:32.0068 0172 SystemInfo:
2011/03/29 21:41:32.0068 0172
2011/03/29 21:41:32.0069 0172 OS Version: 6.0.6000 ServicePack: 0.0
2011/03/29 21:41:32.0069 0172 Product type: Workstation
2011/03/29 21:41:32.0069 0172 ComputerName: FRED-PC
2011/03/29 21:41:32.0069 0172 UserName: Fred
2011/03/29 21:41:32.0069 0172 Windows directory: C:\Windows
2011/03/29 21:41:32.0069 0172 System windows directory: C:\Windows
2011/03/29 21:41:32.0070 0172 Processor architecture: Intel x86
2011/03/29 21:41:32.0070 0172 Number of processors: 2
2011/03/29 21:41:32.0070 0172 Page size: 0x1000
2011/03/29 21:41:32.0070 0172 Boot type: Normal boot
2011/03/29 21:41:32.0070 0172 ================================================================================
2011/03/29 21:41:34.0615 0172 Initialize success
2011/03/29 21:41:59.0310 5684 ================================================================================
2011/03/29 21:41:59.0310 5684 Scan started
2011/03/29 21:41:59.0310 5684 Mode: Manual;
2011/03/29 21:41:59.0310 5684 ================================================================================
2011/03/29 21:42:02.0028 5684 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/03/29 21:42:02.0122 5684 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/03/29 21:42:02.0265 5684 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/03/29 21:42:02.0306 5684 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/03/29 21:42:02.0376 5684 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/03/29 21:42:02.0478 5684 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/03/29 21:42:02.0742 5684 AgereSoftModem (4e6294a06be883c9bd685a8dfd9fcd4e) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/03/29 21:42:03.0028 5684 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/03/29 21:42:03.0081 5684 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/29 21:42:03.0147 5684 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/03/29 21:42:03.0185 5684 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/03/29 21:42:03.0244 5684 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/03/29 21:42:03.0421 5684 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/03/29 21:42:03.0455 5684 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/03/29 21:42:03.0524 5684 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/03/29 21:42:03.0576 5684 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/03/29 21:42:03.0721 5684 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\Windows\system32\drivers\aswFsBlk.sys
2011/03/29 21:42:03.0889 5684 aswMonFlt (b0f137f664f10829cd2380b0e20e7c29) C:\Windows\system32\drivers\aswMonFlt.sys
2011/03/29 21:42:03.0937 5684 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\Windows\system32\drivers\aswRdr.sys
2011/03/29 21:42:04.0003 5684 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\Windows\system32\drivers\aswSnx.sys
2011/03/29 21:42:04.0224 5684 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\Windows\system32\drivers\aswSP.sys
2011/03/29 21:42:04.0294 5684 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\Windows\system32\drivers\aswTdi.sys
2011/03/29 21:42:04.0445 5684 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/29 21:42:04.0503 5684 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
2011/03/29 21:42:04.0644 5684 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
2011/03/29 21:42:04.0939 5684 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/03/29 21:42:05.0069 5684 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/29 21:42:05.0219 5684 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/29 21:42:05.0251 5684 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/29 21:42:05.0357 5684 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/29 21:42:05.0408 5684 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/29 21:42:05.0440 5684 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/29 21:42:05.0511 5684 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/29 21:42:05.0691 5684 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/29 21:42:05.0759 5684 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/29 21:42:05.0826 5684 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/29 21:42:06.0027 5684 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/03/29 21:42:06.0116 5684 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/03/29 21:42:06.0297 5684 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/29 21:42:06.0379 5684 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/03/29 21:42:06.0437 5684 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/29 21:42:06.0493 5684 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/03/29 21:42:06.0553 5684 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/03/29 21:42:06.0741 5684 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/03/29 21:42:07.0011 5684 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/03/29 21:42:07.0095 5684 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/03/29 21:42:07.0189 5684 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/29 21:42:07.0371 5684 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/29 21:42:07.0486 5684 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/03/29 21:42:07.0699 5684 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/03/29 21:42:07.0950 5684 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/03/29 21:42:08.0019 5684 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/29 21:42:08.0120 5684 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/03/29 21:42:08.0243 5684 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/03/29 21:42:08.0293 5684 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/29 21:42:08.0369 5684 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/03/29 21:42:08.0452 5684 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\Windows\system32\FsUsbExDisk.SYS
2011/03/29 21:42:08.0656 5684 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/29 21:42:08.0727 5684 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/29 21:42:08.0827 5684 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/03/29 21:42:08.0919 5684 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/29 21:42:09.0172 5684 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/29 21:42:09.0209 5684 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/29 21:42:09.0268 5684 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
2011/03/29 21:42:09.0322 5684 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/03/29 21:42:09.0402 5684 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2011/03/29 21:42:09.0558 5684 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/03/29 21:42:09.0631 5684 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/29 21:42:09.0897 5684 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/03/29 21:42:10.0213 5684 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/03/29 21:42:10.0453 5684 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/03/29 21:42:10.0637 5684 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/29 21:42:10.0833 5684 IntcAzAudAddService (a47b2875680ad67b35c6150bd0203056) C:\Windows\system32\drivers\RTKVHDA.sys
2011/03/29 21:42:11.0054 5684 intelide (988981c840084f480ba9e3319cebde1b) C:\Windows\system32\drivers\intelide.sys
2011/03/29 21:42:11.0127 5684 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/29 21:42:11.0204 5684 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/29 21:42:11.0409 5684 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/29 21:42:11.0445 5684 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/29 21:42:11.0509 5684 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/03/29 21:42:11.0575 5684 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/03/29 21:42:11.0637 5684 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/29 21:42:11.0766 5684 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/29 21:42:11.0822 5684 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/29 21:42:11.0895 5684 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/29 21:42:11.0945 5684 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/03/29 21:42:12.0145 5684 KR10I (1e0d65f7ffeb4e99b2eec1ccb5754cc8) C:\Windows\system32\drivers\kr10i.sys
2011/03/29 21:42:12.0186 5684 KR10N (a1963360e74931222a67356c8ad48378) C:\Windows\system32\drivers\kr10n.sys
2011/03/29 21:42:12.0285 5684 KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys
2011/03/29 21:42:12.0455 5684 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/29 21:42:12.0697 5684 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/29 21:42:12.0798 5684 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys
2011/03/29 21:42:12.0882 5684 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/29 21:42:12.0922 5684 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/29 21:42:13.0084 5684 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/29 21:42:13.0133 5684 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/03/29 21:42:13.0200 5684 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/03/29 21:42:13.0278 5684 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/03/29 21:42:13.0359 5684 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/29 21:42:13.0478 5684 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/29 21:42:13.0575 5684 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
2011/03/29 21:42:13.0622 5684 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/03/29 21:42:13.0666 5684 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/03/29 21:42:13.0730 5684 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/29 21:42:13.0869 5684 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/29 21:42:13.0977 5684 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/03/29 21:42:14.0037 5684 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/29 21:42:14.0100 5684 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/29 21:42:14.0179 5684 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/29 21:42:14.0275 5684 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/03/29 21:42:14.0324 5684 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/03/29 21:42:14.0449 5684 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/03/29 21:42:14.0528 5684 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
2011/03/29 21:42:14.0598 5684 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/29 21:42:14.0687 5684 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/29 21:42:14.0780 5684 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/03/29 21:42:14.0833 5684 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/03/29 21:42:14.0914 5684 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/29 21:42:14.0966 5684 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/03/29 21:42:15.0065 5684 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/03/29 21:42:15.0187 5684 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/29 21:42:15.0278 5684 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/03/29 21:42:15.0422 5684 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/29 21:42:15.0495 5684 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/29 21:42:15.0550 5684 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/29 21:42:15.0604 5684 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/03/29 21:42:15.0766 5684 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/29 21:42:15.0830 5684 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/29 21:42:16.0207 5684 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/03/29 21:42:16.0587 5684 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/29 21:42:16.0701 5684 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/03/29 21:42:16.0758 5684 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/29 21:42:16.0866 5684 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/03/29 21:42:17.0025 5684 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/29 21:42:17.0067 5684 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/03/29 21:42:17.0148 5684 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/03/29 21:42:17.0200 5684 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/03/29 21:42:17.0255 5684 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/03/29 21:42:17.0399 5684 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/29 21:42:17.0599 5684 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/03/29 21:42:17.0699 5684 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/03/29 21:42:17.0753 5684 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/03/29 21:42:17.0820 5684 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
2011/03/29 21:42:17.0860 5684 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/03/29 21:42:17.0915 5684 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/29 21:42:18.0055 5684 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/29 21:42:18.0373 5684 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/29 21:42:18.0451 5684 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/03/29 21:42:18.0544 5684 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/29 21:42:18.0824 5684 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/03/29 21:42:18.0964 5684 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/29 21:42:19.0073 5684 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/29 21:42:19.0134 5684 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/29 21:42:19.0202 5684 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/29 21:42:19.0335 5684 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/29 21:42:19.0440 5684 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/29 21:42:19.0485 5684 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/29 21:42:19.0573 5684 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/03/29 21:42:19.0694 5684 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/29 21:42:19.0762 5684 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/03/29 21:42:19.0880 5684 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/29 21:42:19.0944 5684 RTL8169 (f875e277a79ef9d6f3ac89abb557a689) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/03/29 21:42:20.0034 5684 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/29 21:42:20.0218 5684 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
2011/03/29 21:42:20.0328 5684 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/29 21:42:20.0415 5684 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/03/29 21:42:20.0461 5684 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/03/29 21:42:20.0557 5684 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/03/29 21:42:20.0716 5684 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/03/29 21:42:20.0776 5684 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/29 21:42:20.0811 5684 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/29 21:42:20.0866 5684 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/29 21:42:20.0941 5684 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/03/29 21:42:20.0988 5684 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/03/29 21:42:21.0036 5684 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/03/29 21:42:21.0115 5684 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/03/29 21:42:21.0212 5684 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/03/29 21:42:21.0329 5684 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2011/03/29 21:42:21.0418 5684 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/29 21:42:21.0460 5684 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/29 21:42:21.0597 5684 ssadbus (6d83ff6722baf7e82a4521dbec363e5a) C:\Windows\system32\DRIVERS\ssadbus.sys
2011/03/29 21:42:21.0693 5684 ssadmdfl (5ae42e90f99749e0e35b9989a2d0275c) C:\Windows\system32\DRIVERS\ssadmdfl.sys
2011/03/29 21:42:21.0774 5684 ssadmdm (9285d8aba50a4d6482b1574448f9eb76) C:\Windows\system32\DRIVERS\ssadmdm.sys
2011/03/29 21:42:21.0896 5684 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/03/29 21:42:22.0042 5684 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2011/03/29 21:42:22.0122 5684 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\Windows\system32\DRIVERS\sscdmdm.sys
2011/03/29 21:42:22.0243 5684 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/29 21:42:22.0343 5684 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/29 21:42:22.0458 5684 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/29 21:42:22.0528 5684 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/29 21:42:22.0653 5684 SynTP (5efcedcf3daf5c8d9e8b77a34a4eec99) C:\Windows\system32\DRIVERS\SynTP.sys
2011/03/29 21:42:22.0850 5684 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
2011/03/29 21:42:22.0995 5684 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/29 21:42:23.0100 5684 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/29 21:42:23.0187 5684 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/03/29 21:42:23.0304 5684 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/03/29 21:42:23.0471 5684 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/03/29 21:42:23.0557 5684 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/29 21:42:23.0645 5684 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/29 21:42:23.0759 5684 tifm21 (28b7f973c36d157a7885b1ae42a4a2a9) C:\Windows\system32\drivers\tifm21.sys
2011/03/29 21:42:23.0919 5684 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\Windows\system32\drivers\Tosrfcom.sys
2011/03/29 21:42:23.0997 5684 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
2011/03/29 21:42:24.0119 5684 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/29 21:42:24.0263 5684 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/29 21:42:24.0344 5684 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/29 21:42:24.0439 5684 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/03/29 21:42:24.0560 5684 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/03/29 21:42:24.0654 5684 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/29 21:42:24.0771 5684 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/29 21:42:24.0835 5684 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/03/29 21:42:24.0965 5684 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/29 21:42:25.0045 5684 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/29 21:42:25.0112 5684 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/29 21:42:25.0205 5684 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
2011/03/29 21:42:25.0366 5684 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/29 21:42:25.0447 5684 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/29 21:42:25.0518 5684 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/29 21:42:25.0585 5684 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/03/29 21:42:25.0727 5684 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/03/29 21:42:25.0863 5684 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/29 21:42:25.0934 5684 usbuhci (d864735b0bfcb65440960a0b7cc1a38d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/29 21:42:26.0092 5684 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/29 21:42:26.0163 5684 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/03/29 21:42:26.0203 5684 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/03/29 21:42:26.0267 5684 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/03/29 21:42:26.0314 5684 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/03/29 21:42:26.0380 5684 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
2011/03/29 21:42:26.0422 5684 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/03/29 21:42:26.0512 5684 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/03/29 21:42:26.0645 5684 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/03/29 21:42:26.0723 5684 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/29 21:42:26.0808 5684 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/29 21:42:26.0846 5684 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/29 21:42:26.0928 5684 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/03/29 21:42:27.0158 5684 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/29 21:42:27.0492 5684 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/03/29 21:42:27.0651 5684 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/03/29 21:42:27.0796 5684 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/29 21:42:27.0932 5684 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/29 21:42:28.0086 5684 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/03/29 21:42:28.0100 5684 ================================================================================
2011/03/29 21:42:28.0100 5684 Scan finished
2011/03/29 21:42:28.0100 5684 ================================================================================
2011/03/29 21:42:28.0141 4824 Detected object count: 1
2011/03/29 21:42:40.0567 4824 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/03/29 21:42:40.0568 4824 \HardDisk0 - ok
2011/03/29 21:42:40.0628 4824 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/03/29 21:42:55.0062 3860 Deinitialize success
 
Very good :)

How is redirection?

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

===================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Seems to be a lot better, haven't been redirected yet.


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: Satellite A135
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 142):
0x81C00000 \SystemRoot\system32\ntoskrnl.exe
0x81F95000 \SystemRoot\system32\hal.dll
0x806C6000 \SystemRoot\system32\kdcom.dll
0x80666000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8065D000 \SystemRoot\system32\PSHED.dll
0x80655000 \SystemRoot\system32\BOOTVID.dll
0x8061A000 \SystemRoot\system32\CLFS.SYS
0x80539000 \SystemRoot\system32\CI.dll
0x804C8000 \SystemRoot\system32\drivers\Wdf01000.sys
0x804BA000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80477000 \SystemRoot\system32\drivers\acpi.sys
0x8046E000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80466000 \SystemRoot\system32\drivers\msisadrv.sys
0x80441000 \SystemRoot\system32\drivers\pci.sys
0x80432000 \SystemRoot\system32\drivers\volmgr.sys
0x80428000 \SystemRoot\system32\DRIVERS\LPCFilter.sys
0x80425000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8041B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8040B000 \SystemRoot\System32\drivers\mountmgr.sys
0x80404000 \SystemRoot\system32\drivers\intelide.sys
0x827F2000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x827C8000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x8277E000 \SystemRoot\System32\drivers\volmgrx.sys
0x82776000 \SystemRoot\system32\drivers\atapi.sys
0x82758000 \SystemRoot\system32\drivers\ataport.SYS
0x82727000 \SystemRoot\system32\drivers\fltmgr.sys
0x82717000 \SystemRoot\system32\drivers\fileinfo.sys
0x82613000 \SystemRoot\system32\drivers\ndis.sys
0x825E8000 \SystemRoot\system32\drivers\msrpc.sys
0x825AF000 \SystemRoot\system32\drivers\NETIO.SYS
0x824A7000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8243D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82407000 \SystemRoot\system32\drivers\volsnap.sys
0x82402000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x857F8000 \SystemRoot\System32\Drivers\spldr.sys
0x857E9000 \SystemRoot\System32\drivers\partmgr.sys
0x857DA000 \SystemRoot\System32\Drivers\mup.sys
0x857B5000 \SystemRoot\System32\drivers\ecache.sys
0x857A4000 \SystemRoot\system32\drivers\disk.sys
0x85783000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8577A000 \SystemRoot\system32\drivers\crcdisk.sys
0x86499000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x864CC000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8648B000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x89545000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x894A8000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8647E000 \SystemRoot\System32\drivers\watchdog.sys
0x8646C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x89F19000 \SystemRoot\system32\DRIVERS\athr.sys
0x86448000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8643D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x86400000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8654E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x85476000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x86540000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8945B000 \SystemRoot\system32\drivers\tifm21.sys
0x86528000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x86782000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x89448000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8651D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x89416000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x867EC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x865B2000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x86792000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x89F01000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x89ED6000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x89E96000 \SystemRoot\system32\DRIVERS\storport.sys
0x8940B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x89E7F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x89400000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x89E5C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x855AA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x89D59000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x89D6C000 \SystemRoot\system32\DRIVERS\termdd.sys
0x867E2000 \SystemRoot\system32\DRIVERS\swenum.sys
0x89D22000 \SystemRoot\system32\DRIVERS\ks.sys
0x89D18000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x89D4C000 \SystemRoot\system32\DRIVERS\umbus.sys
0x89CE4000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x854A6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8A66F000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x89C61000 \SystemRoot\system32\drivers\portcls.sys
0x89C3C000 \SystemRoot\system32\drivers\drmk.sys
0x8A553000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x89C2F000 \SystemRoot\system32\drivers\modem.sys
0x8A475000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x8650B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x866BD000 \SystemRoot\System32\Drivers\Null.SYS
0x866C4000 \SystemRoot\System32\Drivers\Beep.SYS
0x89C23000 \SystemRoot\System32\drivers\vga.sys
0x89C02000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x866D2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x866DA000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8A44A000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8A43C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x86514000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8AEEB000 \SystemRoot\System32\drivers\tcpip.sys
0x8A419000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A404000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8A432000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8AD1F000 \SystemRoot\system32\DRIVERS\smb.sys
0x8ACED000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8ACA6000 \SystemRoot\system32\drivers\afd.sys
0x86566000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8AC80000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8AC72000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8AC5F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8AC24000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8AE33000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8AC0D000 \SystemRoot\System32\Drivers\dfsc.sys
0x8ADEB000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8AED3000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8AEE0000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8673A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x90600000 \SystemRoot\System32\win32k.sys
0x8AE47000 \SystemRoot\System32\drivers\Dxapi.sys
0x89D8A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x90400000 \SystemRoot\System32\TSDDD.dll
0x90410000 \SystemRoot\System32\cdd.dll
0xA0A45000 \SystemRoot\system32\drivers\luafv.sys
0xA09FF000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x8664A000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x85526000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA3A8E000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8AE51000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA08F6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA3A00000 \SystemRoot\system32\drivers\spsys.sys
0xA1CE7000 \SystemRoot\system32\drivers\HTTP.sys
0xA1C8C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA1C73000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA1F4C000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA1C53000 \SystemRoot\system32\drivers\mrxdav.sys
0xA5062000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA5029000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA5017000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA533C000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA52EB000 \SystemRoot\System32\DRIVERS\srv.sys
0xAB172000 \SystemRoot\system32\drivers\peauth.sys
0x8AE8D000 \SystemRoot\System32\Drivers\secdrv.SYS
0x8AA0D000 \SystemRoot\System32\drivers\tcpipreg.sys
0xABE40000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77D70000 \Windows\System32\ntdll.dll

Processes (total 64):
0 System Idle Process
4 System
496 C:\Windows\System32\smss.exe
616 csrss.exe
656 C:\Windows\System32\wininit.exe
664 csrss.exe
700 C:\Windows\System32\services.exe
712 C:\Windows\System32\lsass.exe
724 C:\Windows\System32\lsm.exe
760 C:\Windows\System32\winlogon.exe
912 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\audiodg.exe
1312 C:\Windows\System32\SLsvc.exe
1360 C:\Windows\System32\svchost.exe
1564 C:\Windows\System32\svchost.exe
1676 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1848 C:\Windows\System32\dwm.exe
1872 C:\Windows\explorer.exe
1964 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1972 C:\Program Files\Windows Defender\MSASCui.exe
1980 C:\Windows\RtHDVCpl.exe
1992 C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
580 C:\Program Files\Toshiba\SmoothView\SmoothView.exe
608 C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
692 C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
1824 C:\Windows\System32\hkcmd.exe
1380 C:\Windows\System32\igfxpers.exe
1920 C:\Program Files\AVAST Software\Avast\AvastUI.exe
1792 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1780 C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
860 C:\Users\Fred\AppData\Local\Google\Update\GoogleUpdate.exe
1432 C:\Program Files\Windows Media Player\wmpnscfg.exe
1184 C:\Windows\System32\igfxsrvc.exe
2292 C:\Windows\System32\spoolsv.exe
2332 C:\Windows\System32\svchost.exe
2364 C:\Windows\System32\taskeng.exe
2784 C:\Windows\System32\agrsmsvc.exe
2816 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
2892 C:\Windows\System32\svchost.exe
2916 C:\Windows\System32\svchost.exe
2940 C:\Windows\System32\TODDSrv.exe
3072 C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
3136 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
3208 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
3268 C:\Windows\System32\svchost.exe
3288 C:\Windows\System32\SearchIndexer.exe
3384 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
3500 C:\Program Files\Windows Media Player\wmpnetwk.exe
3672 C:\Windows\System32\taskeng.exe
2780 C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
3276 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3364 C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
2328 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
3060 C:\Program Files\Mozilla Firefox\firefox.exe
1328 C:\Program Files\Mozilla Firefox\plugin-container.exe
4588 C:\Windows\System32\wuauclt.exe
5672 C:\Windows\System32\SearchProtocolHost.exe
5840 C:\Windows\System32\SearchFilterHost.exe
4888 C:\Users\Fred\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541612J9SA00, Rev: SBDOC7DP

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61


Done!
 
ComboFix 11-03-29.03 - Fred 03/29/2011 22:31:52.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1014.324 [GMT -5:00]
Running from: c:\users\Fred\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
.
c:\windows\system32\userinit.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-30 )))))))))))))))))))))))))))))))
.
.
2011-03-30 03:43 . 2011-03-30 03:49 -------- d-----w- c:\users\Fred\AppData\Local\temp
2011-03-30 03:43 . 2011-03-30 03:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-29 21:19 . 2011-03-29 21:19 -------- d-----w- c:\program files\Common Files\Java
2011-03-29 20:58 . 2011-03-29 20:58 -------- d-----w- c:\windows\Sun
2011-03-29 20:12 . 2011-03-29 20:12 -------- d-----w- c:\users\Fred\AppData\Roaming\Malwarebytes
2011-03-29 20:12 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-29 20:12 . 2011-03-29 20:12 -------- d-----w- c:\programdata\Malwarebytes
2011-03-29 20:12 . 2011-03-29 20:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-29 20:12 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-25 22:08 . 2011-02-23 13:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-25 22:08 . 2011-02-23 13:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-25 22:08 . 2011-02-23 13:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-25 22:08 . 2011-02-23 13:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-25 22:08 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-25 22:08 . 2011-02-23 13:55 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-03-25 22:08 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-25 22:08 . 2011-02-23 14:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-25 22:07 . 2011-03-25 22:07 -------- d-----w- c:\programdata\AVAST Software
2011-03-25 22:07 . 2011-03-25 22:07 -------- d-----w- c:\program files\AVAST Software
2011-03-24 03:11 . 2011-03-25 01:15 -------- dc----w- c:\windows\system32\DRVSTORE
2011-03-24 03:04 . 2011-03-24 03:07 -------- d-----w- c:\programdata\Lavasoft
2011-03-24 01:25 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-24 01:25 . 2011-03-18 17:53 14121944 ----a-w- c:\program files\Mozilla Firefox\xul.dll
2011-03-24 01:25 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-24 01:25 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-24 01:25 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-24 01:25 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-24 01:25 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-24 01:25 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-24 01:25 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-12 17:28 . 2011-03-12 17:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 17:28 . 2011-03-12 17:28 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-29 20:50 . 2010-06-24 16:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-18 17:53 . 2011-03-24 01:25 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 417792]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"Google Update"="c:\users\Fred\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-19 136176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"NDSTray.exe"="NDSTray.exe" [BU]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-01-19 421888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Fred^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
2006-11-07 01:14 34352 ----a-w- c:\program files\Toshiba\Utilities\KeNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2005-12-16 10:41 188416 ----a-w- c:\program files\ltmoh\ltmoh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-08-24 36640]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-07-20 96488]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-07-20 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-07-20 121576]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682815971-188779502-3184099438-1000Core.job
- c:\users\Fred\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-19 05:12]
.
2011-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682815971-188779502-3184099438-1000UA.job
- c:\users\Fred\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-19 05:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
TCP: {210A1971-32BC-4583-B15F-955F22FA3DFC} = 8.8.8.8
FF - ProfilePath - c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\gnqi1rou.default\
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cb50aad&v=6.011.025.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSConfigStartUp-googletalk - c:\users\Fred\AppData\Roaming\Google\Google Talk\googletalk.exe
MSConfigStartUp-KiesTrayAgent - c:\program files\Samsung\Kies\KiesTrayAgent.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-29 22:46
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???????['C~????\?8?\?p?\???\???
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\lpremove.exe
c:\windows\system32\lpksetup.exe
.
**************************************************************************
.
Completion time: 2011-03-29 23:00:51 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-30 04:00
.
Pre-Run: 67,404,742,656 bytes free
Post-Run: 67,370,737,664 bytes free
.
- - End Of File - - A59A3F88532C1A8DDA0D90ED0F4AFB44
 
Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to http://www.virustotal.com/ for security check:
- c:\windows\system32\userinit.exe
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

=======================================================================

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    Code:
    :filefind
    userinit.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
here is the virus total results, didnt give me a log file but i copied what it said...

userinit.exe
Submission date:
2011-03-30 04:21:12 (UTC)
Current status:
finished
Result:
0/ 41 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.03.30.01 2011.03.30 -
AntiVir 7.11.5.118 2011.03.30 -
Antiy-AVL 2.0.3.7 2011.03.30 -
Avast 4.8.1351.0 2011.03.30 -
Avast5 5.0.677.0 2011.03.30 -
AVG 10.0.0.1190 2011.03.29 -
BitDefender 7.2 2011.03.30 -
CAT-QuickHeal 11.00 2011.03.30 -
ClamAV 0.96.4.0 2011.03.30 -
Commtouch 5.2.11.5 2011.03.24 -
Comodo 8148 2011.03.29 -
DrWeb 5.0.2.03300 2011.03.30 -
eSafe 7.0.17.0 2011.03.30 -
eTrust-Vet 36.1.8242 2011.03.29 -
F-Prot 4.6.2.117 2011.03.29 -
F-Secure 9.0.16440.0 2011.03.23 -
Fortinet 4.2.254.0 2011.03.30 -
GData 22 2011.03.30 -
Ikarus T3.1.1.97.0 2011.03.30 -
Jiangmin 13.0.900 2011.03.29 -
K7AntiVirus 9.94.4241 2011.03.29 -
McAfee 5.400.0.1158 2011.03.30 -
McAfee-GW-Edition 2010.1C 2011.03.29 -
Microsoft 1.6702 2011.03.30 -
NOD32 5998 2011.03.30 -
Norman 6.07.03 2011.03.29 -
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.03.29 -
PCTools 7.0.3.5 2011.03.30 -
Prevx 3.0 2011.03.30 -
Rising 23.51.01.06 2011.03.29 -
Sophos 4.64.0 2011.03.30 -
SUPERAntiSpyware 4.40.0.1006 2011.03.30 -
Symantec 20101.3.0.103 2011.03.30 -
TheHacker 6.7.0.1.160 2011.03.29 -
TrendMicro 9.200.0.1012 2011.03.29 -
TrendMicro-HouseCall 9.200.0.1012 2011.03.30 -
VBA32 3.12.14.3 2011.03.29 -
VIPRE 8864 2011.03.30 -
ViRobot 2011.3.30.4383 2011.03.30 -
VirusBuster 13.6.276.0 2011.03.29 -
Additional information
MD5 : 22027835939f86c3e47ad8e3fbde3d11
SHA1 : 5d0926a9aac8937e20ba5957e26049999e301d0d
SHA256: 24eec90e3b04c2d8d9861ea795d6178b1c4a66c9896029838149deda6a07dcaf
 
SystemLook 04.09.10 by jpshortstuff
Log created at 23:30 on 29/03/2011 by Fred
Administrator - Elevation successful

========== filefind ==========

Searching for "userinit.exe"
C:\Windows\ERDNT\cache\userinit.exe --a---- 24576 bytes [03:56 30/03/2011] [09:45 02/11/2006] 22027835939F86C3E47AD8E3FBDE3D11
C:\Windows\System32\userinit.exe --a---- 24576 bytes [08:43 02/11/2006] [09:45 02/11/2006] 22027835939F86C3E47AD8E3FBDE3D11
C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe --a---- 24576 bytes [08:43 02/11/2006] [09:45 02/11/2006] 22027835939F86C3E47AD8E3FBDE3D11

-= EOF =-
 
Looks good :)

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 3/30/2011 5:51:04 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Fred\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 501.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 61.90 Gb Free Space | 56.11% Space Free | Partition Type: NTFS

Computer Name: FRED-PC | User Name: Fred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/30 17:47:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Fred\Desktop\OTL.exe
PRC - [2011/02/23 09:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/02/05 21:23:37 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2006/12/20 02:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2006/11/15 01:02:36 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2006/11/15 00:19:42 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2006/11/14 23:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/11/10 17:22:26 | 000,417,792 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2006/11/09 13:57:52 | 003,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/01 01:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2006/09/12 11:03:20 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 21:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/03/30 17:47:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Fred\Desktop\OTL.exe
MOD - [2011/02/23 09:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2006/11/02 04:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/09/11 11:08:52 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/12/20 02:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/14 23:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/11/01 01:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006/09/12 11:03:20 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 21:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 08:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 08:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 08:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 08:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 08:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/02/23 08:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/08/24 00:14:44 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/07/20 05:38:24 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/07/20 05:38:24 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/07/20 05:38:24 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/04/26 21:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/04/26 21:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/04/26 21:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2009/06/19 22:44:14 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2008/11/10 13:26:00 | 000,135,680 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/29 06:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/11/09 06:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/02 02:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/10/23 19:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/09/27 22:06:56 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2006/08/31 09:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/07/28 19:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2006/02/14 13:50:52 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2005/09/27 18:57:38 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2005/08/01 19:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-682815971-188779502-3184099438-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-682815971-188779502-3184099438-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-682815971-188779502-3184099438-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://m.www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: thepointboom@1057thepoint.com:1.1.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.011.025.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cb50aad&v=6.011.025.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/03/25 17:08:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 20:25:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 17:14:12 | 000,000,000 | ---D | M]

[2010/02/03 20:54:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fred\AppData\Roaming\Mozilla\Extensions
[2011/03/26 23:22:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\gnqi1rou.default\extensions
[2010/06/28 11:03:36 | 000,000,000 | ---D | M] ("105.7 the Point Boom") -- C:\Users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\gnqi1rou.default\extensions\thepointboom@1057thepoint.com
[2011/03/23 20:22:55 | 000,002,273 | ---- | M] () -- C:\Users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\gnqi1rou.default\searchplugins\ask.xml
[2011/03/23 20:22:55 | 000,001,028 | ---- | M] () -- C:\Users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\gnqi1rou.default\searchplugins\bing.xml
[2011/03/29 15:51:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/24 11:17:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/03/29 15:51:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/03/25 17:08:11 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/03/18 12:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/03/29 15:50:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/03/29 22:46:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKU\S-1-5-21-682815971-188779502-3184099438-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-682815971-188779502-3184099438-1000..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682815971-188779502-3184099438-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682815971-188779502-3184099438-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Fred\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Fred\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/03/30 17:47:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Fred\Desktop\OTL.exe
[2011/03/29 23:01:09 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\temp
[2011/03/29 22:46:21 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/03/29 22:43:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/03/29 22:28:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/29 22:28:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/29 22:28:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/29 22:28:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/29 22:28:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/29 22:28:17 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/03/29 22:27:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/29 22:27:28 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/03/29 21:39:22 | 000,000,000 | ---D | C] -- C:\Users\Fred\Desktop\tdsskiller
[2011/03/29 16:19:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/03/29 15:58:42 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/03/29 15:12:47 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Roaming\Malwarebytes
[2011/03/29 15:12:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/29 15:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/29 15:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/29 15:12:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/29 15:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/29 15:11:25 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Fred\Desktop\mbam-setup-1.50.1.1100.exe
[2011/03/29 13:48:12 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Fred\Desktop\TFC.exe
[2011/03/29 13:38:47 | 003,194,296 | ---- | C] (Javacool Software LLC ) -- C:\Users\Fred\Desktop\spywareblastersetup44.exe
[2011/03/25 17:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/03/25 17:08:48 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/03/25 17:08:47 | 000,301,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/03/25 17:08:42 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/03/25 17:08:41 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/03/25 17:08:40 | 000,371,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/03/25 17:08:36 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/03/25 17:08:08 | 000,040,648 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/03/25 17:08:07 | 000,190,016 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/03/25 17:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/03/25 17:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/03/24 22:54:48 | 000,000,000 | ---D | C] -- C:\Users\Fred\Desktop\backups
[2011/03/24 21:54:09 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Fred\Desktop\HijackThis.exe
[2011/03/24 19:14:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/03/23 22:11:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/03/23 22:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

========== Files - Modified Within 30 Days ==========

[2011/03/30 17:47:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Fred\Desktop\OTL.exe
[2011/03/30 17:37:48 | 000,000,680 | ---- | M] () -- C:\Users\Fred\AppData\Local\d3d9caps.dat
[2011/03/30 17:37:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/30 17:37:00 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/30 17:36:59 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/30 16:17:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-682815971-188779502-3184099438-1000UA.job
[2011/03/30 15:31:34 | 000,663,106 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/30 15:31:34 | 000,121,036 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/30 15:28:14 | 001,400,006 | ---- | M] () -- C:\Users\Fred\Desktop\2011-03-30 15.28.15.jpg
[2011/03/30 15:28:04 | 001,512,050 | ---- | M] () -- C:\Users\Fred\Desktop\2011-03-30 15.28.04.jpg
[2011/03/30 15:27:44 | 001,489,303 | ---- | M] () -- C:\Users\Fred\Desktop\2011-03-30 15.27.44.jpg
[2011/03/30 11:31:44 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/29 23:29:53 | 000,075,264 | ---- | M] () -- C:\Users\Fred\Desktop\SystemLook.exe
[2011/03/29 23:17:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-682815971-188779502-3184099438-1000Core.job
[2011/03/29 22:46:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/29 22:25:19 | 004,307,709 | R--- | M] () -- C:\Users\Fred\Desktop\ComboFix.exe
[2011/03/29 22:21:36 | 000,080,384 | ---- | M] () -- C:\Users\Fred\Desktop\MBRCheck.exe
[2011/03/29 16:29:42 | 000,625,664 | ---- | M] () -- C:\Users\Fred\Desktop\dds.scr
[2011/03/29 16:20:40 | 000,301,568 | ---- | M] () -- C:\Users\Fred\Desktop\hylw4ee2.exe
[2011/03/29 15:12:34 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/29 15:11:43 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Fred\Desktop\mbam-setup-1.50.1.1100.exe
[2011/03/29 13:58:09 | 153,495,694 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/03/29 13:48:23 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Fred\Desktop\TFC.exe
[2011/03/29 13:38:48 | 003,194,296 | ---- | M] (Javacool Software LLC ) -- C:\Users\Fred\Desktop\spywareblastersetup44.exe
[2011/03/25 17:08:49 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/03/25 17:08:36 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/03/24 22:30:35 | 062,623,864 | ---- | M] () -- C:\Users\Fred\Desktop\setup_av_free.exe
[2011/03/24 21:54:41 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Fred\Desktop\HijackThis.exe
[2011/03/23 22:19:23 | 000,000,000 | ---- | M] () -- C:\Users\Fred\AppData\Local\prvlcl.dat
[2011/03/23 20:25:44 | 000,000,881 | ---- | M] () -- C:\Users\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/23 20:25:43 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/22 17:33:48 | 000,159,406 | ---- | M] () -- C:\Users\Fred\Desktop\driveshaft yoke reciept.jpg
[2011/03/21 19:00:47 | 000,379,774 | ---- | M] () -- C:\Users\Fred\Desktop\Photo011.jpg
[2011/03/18 17:01:28 | 000,002,048 | ---- | M] () -- C:\Users\Fred\Desktop\Google Chrome.lnk
[2011/03/18 17:01:28 | 000,002,010 | ---- | M] () -- C:\Users\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/15 11:26:17 | 000,016,262 | ---- | M] () -- C:\Users\Fred\Documents\na build...ods
[2011/03/14 17:50:26 | 000,010,425 | ---- | M] () -- C:\Users\Fred\Desktop\bolt's needed.ods
[2011/03/14 16:47:35 | 000,034,990 | ---- | M] () -- C:\Users\Fred\Desktop\LS2 intake manifold tighting spec.jpg
[2011/03/09 19:49:06 | 000,229,080 | ---- | M] () -- C:\Users\Fred\Desktop\customcamworksheet.pdf
[2011/03/01 21:57:41 | 000,144,064 | ---- | M] () -- C:\Users\Fred\Documents\gmpartsdirect reciept.jpg

========== Files Created - No Company Name ==========

[2011/03/30 15:28:15 | 001,400,006 | ---- | C] () -- C:\Users\Fred\Desktop\2011-03-30 15.28.15.jpg
[2011/03/30 15:28:04 | 001,512,050 | ---- | C] () -- C:\Users\Fred\Desktop\2011-03-30 15.28.04.jpg
[2011/03/30 15:27:44 | 001,489,303 | ---- | C] () -- C:\Users\Fred\Desktop\2011-03-30 15.27.44.jpg
[2011/03/29 23:29:51 | 000,075,264 | ---- | C] () -- C:\Users\Fred\Desktop\SystemLook.exe
[2011/03/29 22:28:31 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/29 22:28:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/29 22:28:31 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/29 22:28:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/29 22:28:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/29 22:24:47 | 004,307,709 | R--- | C] () -- C:\Users\Fred\Desktop\ComboFix.exe
[2011/03/29 22:21:27 | 000,080,384 | ---- | C] () -- C:\Users\Fred\Desktop\MBRCheck.exe
[2011/03/29 16:29:22 | 000,625,664 | ---- | C] () -- C:\Users\Fred\Desktop\dds.scr
[2011/03/29 16:20:37 | 000,301,568 | ---- | C] () -- C:\Users\Fred\Desktop\hylw4ee2.exe
[2011/03/29 15:12:34 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/25 17:08:49 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/03/24 21:52:49 | 062,623,864 | ---- | C] () -- C:\Users\Fred\Desktop\setup_av_free.exe
[2011/03/24 19:14:16 | 153,495,694 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/03/23 20:25:43 | 000,000,869 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/22 17:33:47 | 000,159,406 | ---- | C] () -- C:\Users\Fred\Desktop\driveshaft yoke reciept.jpg
[2011/03/21 19:00:36 | 000,379,774 | ---- | C] () -- C:\Users\Fred\Desktop\Photo011.jpg
[2011/03/14 16:47:31 | 000,034,990 | ---- | C] () -- C:\Users\Fred\Desktop\LS2 intake manifold tighting spec.jpg
[2011/03/12 18:13:23 | 000,010,425 | ---- | C] () -- C:\Users\Fred\Desktop\bolt's needed.ods
[2011/03/09 19:49:06 | 000,229,080 | ---- | C] () -- C:\Users\Fred\Desktop\customcamworksheet.pdf
[2011/03/01 21:57:40 | 000,144,064 | ---- | C] () -- C:\Users\Fred\Documents\gmpartsdirect reciept.jpg
[2010/09/27 20:44:00 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/09/27 20:44:00 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/06/28 23:48:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/31 18:40:18 | 000,000,680 | ---- | C] () -- C:\Users\Fred\AppData\Local\d3d9caps.dat
[2010/03/28 02:34:49 | 000,000,000 | ---- | C] () -- C:\Users\Fred\AppData\Local\prvlcl.dat
[2010/02/03 20:03:37 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
[2010/02/03 19:53:41 | 000,026,112 | ---- | C] () -- C:\Users\Fred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/01/05 18:35:18 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/01/05 17:59:02 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/01/05 17:59:02 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/01/05 17:59:02 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/01/05 17:59:02 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/01/05 17:59:02 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/01/05 17:59:02 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/01/05 17:35:11 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/01/05 17:35:11 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/01/05 17:35:11 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/01/05 17:35:11 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/01/05 17:30:55 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe
[2007/01/05 17:30:55 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/01/05 17:30:55 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2006/11/29 01:12:18 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll
[2006/11/24 10:48:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,343,944 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,663,106 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,121,036 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 02:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 02:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/10/31 20:37:00 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/08/10 18:00:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\TosBtHcrpAPI.dll
[2006/03/09 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/11/23 17:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/23 00:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2010/02/03 21:03:02 | 000,000,000 | ---D | M] -- C:\Users\Fred\AppData\Roaming\acccore
[2010/10/12 20:32:17 | 000,000,000 | ---D | M] -- C:\Users\Fred\AppData\Roaming\AVG10
[2010/02/13 23:00:15 | 000,000,000 | ---D | M] -- C:\Users\Fred\AppData\Roaming\OpenOffice.org
[2011/03/29 15:30:08 | 000,000,000 | ---D | M] -- C:\Users\Fred\AppData\Roaming\Samsung
[2011/03/30 00:56:49 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/03/24 19:43:49 | 000,000,668 | ---- | M] () -- C:\aaw7boot.log
[2010/09/27 20:16:57 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2006/11/02 04:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr
[2007/01/05 17:09:18 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/03/29 23:00:58 | 000,012,686 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/03/30 11:31:44 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/03 18:28:03 | 000,000,685 | -H-- | M] () -- C:\IPH.PH
[2011/03/30 11:31:43 | 1377,304,576 | -HS- | M] () -- C:\pagefile.sys
[2011/03/29 21:42:55 | 000,061,794 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_29.03.2011_21.41.31_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/02/23 09:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2010/02/05 23:44:36 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2007/01/05 17:09:04 | 006,602,752 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007/01/05 17:09:02 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007/01/05 17:09:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007/01/05 17:09:14 | 015,556,608 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007/01/05 17:09:15 | 006,012,928 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/04/28 19:43:29 | 000,000,286 | -HS- | M] () -- C:\Users\Fred\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/03/29 22:25:19 | 004,307,709 | R--- | M] () -- C:\Users\Fred\Desktop\ComboFix.exe
[2011/03/23 20:23:53 | 012,580,112 | ---- | M] (Mozilla) -- C:\Users\Fred\Desktop\Firefox Setup 4.0.exe
[2011/03/24 21:54:41 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Fred\Desktop\HijackThis.exe
[2011/03/29 16:20:40 | 000,301,568 | ---- | M] () -- C:\Users\Fred\Desktop\hylw4ee2.exe
[2011/03/29 13:32:47 | 016,525,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Fred\Desktop\jre-6u24-windows-i586.exe
[2011/03/29 15:11:43 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Fred\Desktop\mbam-setup-1.50.1.1100.exe
[2011/03/29 22:21:36 | 000,080,384 | ---- | M] () -- C:\Users\Fred\Desktop\MBRCheck.exe
[2011/03/30 17:47:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Fred\Desktop\OTL.exe
[2011/03/24 22:30:35 | 062,623,864 | ---- | M] () -- C:\Users\Fred\Desktop\setup_av_free.exe
[2011/03/29 13:38:48 | 003,194,296 | ---- | M] (Javacool Software LLC ) -- C:\Users\Fred\Desktop\spywareblastersetup44.exe
[2011/03/29 23:29:53 | 000,075,264 | ---- | M] () -- C:\Users\Fred\Desktop\SystemLook.exe
[2011/03/29 13:48:23 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Fred\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/02/03 21:14:30 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/02/03 21:14:00 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2007/01/05 17:16:47 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2007/01/05 17:16:47 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/02/03 21:14:00 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/02/03 19:51:04 | 000,000,402 | -HS- | M] () -- C:\Users\Fred\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
OTL Extras logfile created on: 3/30/2011 5:51:04 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Fred\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 501.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 61.90 Gb Free Space | 56.11% Space Free | Partition Type: NTFS

Computer Name: FRED-PC | User Name: Fred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-682815971-188779502-3184099438-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DFCA5C7-5760-4523-99BE-D4F2F276BBA9}" = rport=445 | protocol=6 | dir=out | app=system |
"{27082333-8165-4826-83FA-0558CF3C16FD}" = rport=137 | protocol=17 | dir=out | app=system |
"{319D2691-18DD-4334-BC65-DB0E2001823F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{74996EB8-A744-4923-82EF-3252C54389CF}" = rport=139 | protocol=6 | dir=out | app=system |
"{869D6D61-3243-49E3-8C6A-18D2EBECEE64}" = lport=139 | protocol=6 | dir=in | app=system |
"{91A1FADF-7E00-4201-8021-29204D3CB3AA}" = lport=138 | protocol=17 | dir=in | app=system |
"{98ECC5AD-8550-4CC6-88F4-55D18452BCC6}" = lport=137 | protocol=17 | dir=in | app=system |
"{A9E4C621-0FE8-4192-9F10-6265BD15B37D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AD6076F2-628E-4EF0-B4E5-AA3CB3800761}" = rport=138 | protocol=17 | dir=out | app=system |
"{B31FB5C0-983A-43CE-AB5C-7B735F82EBCA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D83F121F-2BB7-48F8-A94D-BF039366BF34}" = lport=445 | protocol=6 | dir=in | app=system |
"{DA3A245F-D687-43F3-8E2A-2876E70E670D}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{20086003-D359-4CCB-BCE0-ABA28093B74F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{322BAE3C-CE5C-4693-8E1E-1A2461ACBF37}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{61F3704D-BF70-4F01-A49B-BC0F6DD5F9B8}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{62F88DB9-517C-4DC7-8CE1-DD1D3BCBA358}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6624BC73-9045-4CA7-8A6E-9FF4504DE6D4}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{681B767E-B93D-46FC-A6C4-1BF18FE6C8D9}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6EA5B172-8848-4B4A-8C6E-C9F93A20F7CF}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{79F418B4-6957-4B2F-82FC-DB1A77D6431C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8C05BE9E-7489-4B7D-A95C-4C250FE65AA5}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{904B5225-C287-48DD-ADB0-000FEE4521B3}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A816FA40-98CE-4EE3-9D56-BF4CB9F93D1E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AB65719F-94A4-441C-AD23-32B69CCFDE15}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C071C503-85A9-42F0-89E4-54CCD6A59C42}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{C2EB196B-3217-4D8E-A086-C1FB55F3BB05}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{1CDBBB5E-E268-4C14-A028-AC078D414A8F}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{6B67C2D7-99E0-4376-847B-F77340996A83}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{716EDE17-6A0A-4598-83AF-E614F664F0C4}C:\program files\cisco packet tracer 5.3.1\bin\packettracer5.exe" = protocol=6 | dir=in | app=c:\program files\cisco packet tracer 5.3.1\bin\packettracer5.exe |
"UDP Query User{17BCE2C8-9BA2-46D6-AA6A-3FA9233B5F64}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{48ECF29F-14F0-47D7-88C7-82AC306B5A00}C:\program files\cisco packet tracer 5.3.1\bin\packettracer5.exe" = protocol=17 | dir=in | app=c:\program files\cisco packet tracer 5.3.1\bin\packettracer5.exe |
"UDP Query User{C9274F07-FA1B-46E9-898A-BFFA308D16A1}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DEEC998E-C314-4199-BF38-9C94B259E4E8}" = Microsoft Press Training Kit Exam Prep Suite 70-620
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = TOSHIBA Software Modem
"avast" = avast! Free Antivirus
"Cisco Packet Tracer 5.3.1_is1" = Cisco Packet Tracer 5.3.1
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Desktop Dialer" = Desktop Dialer
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Game Console" = TOSHIBA Game Console
"TOSHIBA Media Center Game Console" = TOSHIBA Media Center Game Console
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-682815971-188779502-3184099438-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/25/2011 11:01:29 PM | Computer Name = Fred-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp
0x4549adc4, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc000071b, fault offset 0x0008ac88, process id 0x11bc, application
start time 0x01cbeb4e80a49961.

Error - 3/27/2011 6:31:30 PM | Computer Name = Fred-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 3/29/2011 2:34:24 PM | Computer Name = Fred-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp
0x4549adc4, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc000071b, fault offset 0x0008ac88, process id 0x4bc, application
start time 0x01cbee2322d4d3a9.

Error - 3/29/2011 4:26:05 PM | Computer Name = Fred-PC | Source = System Restore | ID = 8193
Description =

Error - 3/29/2011 4:26:28 PM | Computer Name = Fred-PC | Source = System Restore | ID = 8193
Description =

Error - 3/29/2011 4:27:37 PM | Computer Name = Fred-PC | Source = System Restore | ID = 8193
Description =

Error - 3/29/2011 4:28:28 PM | Computer Name = Fred-PC | Source = System Restore | ID = 8193
Description =

Error - 3/29/2011 4:30:27 PM | Computer Name = Fred-PC | Source = System Restore | ID = 8193
Description =

Error - 3/29/2011 4:50:32 PM | Computer Name = Fred-PC | Source = System Restore | ID = 8193
Description =

Error - 3/29/2011 4:50:43 PM | Computer Name = Fred-PC | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 10/1/2010 5:06:56 PM | Computer Name = Fred-PC | Source = netbt | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 10/1/2010 5:06:56 PM | Computer Name = Fred-PC | Source = netbt | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 10/1/2010 5:06:56 PM | Computer Name = Fred-PC | Source = netbt | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 10/1/2010 5:06:56 PM | Computer Name = Fred-PC | Source = netbt | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 10/1/2010 5:06:58 PM | Computer Name = Fred-PC | Source = bowser | ID = 8003
Description =

Error - 10/2/2010 1:19:17 AM | Computer Name = Fred-PC | Source = DCOM | ID = 10010
Description =

Error - 10/2/2010 8:52:04 PM | Computer Name = Fred-PC | Source = BROWSER | ID = 8032
Description =

Error - 10/3/2010 12:57:28 AM | Computer Name = Fred-PC | Source = DCOM | ID = 10010
Description =

Error - 10/3/2010 10:49:21 AM | Computer Name = Fred-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/3/2010 6:33:10 PM | Computer Name = Fred-PC | Source = BROWSER | ID = 8032
Description =


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cb50aad&v=6.011.025.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
    [2011/03/23 20:22:55 | 000,002,273 | ---- | M] () -- C:\Users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\gnqi1rou.default\sea rchplugins\ask.xml
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    [2010/06/28 23:48:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/10/12 20:32:17 | 000,000,000 | ---D | M] -- C:\Users\Fred\AppData\Roaming\AVG10
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "http://search.avg.com/route/?d=4cb50aad&v=6.011.025.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=" removed from keyword.URL
File C:\Users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\gnqi1rou.default\sea rchplugins\ask.xml not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\ProgramData\ezsidmv.dat moved successfully.
C:\Users\Fred\AppData\Roaming\AVG10\cfgall folder moved successfully.
C:\Users\Fred\AppData\Roaming\AVG10 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Fred
->Temp folder emptied: 102705 bytes
->Temporary Internet Files folder emptied: 794738 bytes
->Java cache emptied: 18324 bytes
->FireFox cache emptied: 230611804 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2565 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 44756 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 221.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Fred
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03302011_214001

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.7
Windows Vista (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.2.152.26
Adobe Reader 9.4.3
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````
 
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

Pending on Eset scan results, we'll have to remember to install Service Pack 2 and upgrade IE to version 9.
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current (including Service Pack 2 installation and updating IE to version 9!)

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Fred
->Temp folder emptied: 143196620 bytes
->Temporary Internet Files folder emptied: 7450795 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 64200062 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 661 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1067992 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 206.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Fred
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.22.3 log created on 03312011_104556

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
C:\Windows\temp\lpksetup-20110331-104740-0.log moved successfully.
C:\Windows\temp\TMP00000039D6881FA46D1DEFFF moved successfully.

Registry entries deleted on Reboot...
 
Computer seems to be running great now, thanks for the help! Anything else you would recommend as far as add on's or other programs?
 
Status
Not open for further replies.
Back