shootinpucks83

Great! Thank you so much for your help! Everything is running smoothly so far today...

I ran ComboFix and am including the log below. As far as how the computer is running, still no noticeable slow down. I tried 5 different google searches and haven't tried to be redirected yet. I need to leave the house now so will not be able to try anymore at the moment. Did ComboFix change anything? ComboFix 11-01-13.01 - Nick 01/13/2011 21:22:03.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.848 [GMT -5:00] Running from: c:\documents and settings\Nick\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Microsoft c:\documents and settings\All Users\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat c:\documents and settings\All Users\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat c:\documents and settings\Nick\Local Settings\Application Data\{4BBF1178-2AE7-404B-B680-B849B7A88CF6} c:\documents and settings\Nick\Local Settings\Application Data\{4BBF1178-2AE7-404B-B680-B849B7A88CF6}\chrome.manifest c:\documents and settings\Nick\Local Settings\Application Data\{4BBF1178-2AE7-404B-B680-B849B7A88CF6}\chrome\content\_cfg.js c:\documents and settings\Nick\Local Settings\Application Data\{4BBF1178-2AE7-404B-B680-B849B7A88CF6}\chrome\content\overlay.xul c:\documents and settings\Nick\Local Settings\Application Data\{4BBF1178-2AE7-404B-B680-B849B7A88CF6}\install.rdf c:\documents and settings\Nick\Local Settings\Temporary Internet Files\cookies.sqlite c:\windows\system32\service c:\windows\system32\service\01112010_TIS17_SfFniAU.log c:\windows\system32\service\01122010_TIS17_SfFniAU.log c:\windows\system32\service\02082010_TIS17_SfFniAU.log c:\windows\system32\service\02092010_TIS17_SfFniAU.log c:\windows\system32\service\02102010_TIS17_SfFniAU.log c:\windows\system32\service\03032010_TIS17_SfFniAU.log c:\windows\system32\service\03052010_TIS17_SfFniAU.log c:\windows\system32\service\04052009_TIS17_SfFniAU.log c:\windows\system32\service\04082009_TIS17_SfFniAU.log c:\windows\system32\service\04102010_TIS17_SfFniAU.log c:\windows\system32\service\07062010_TIS17_SfFniAU.log c:\windows\system32\service\07112010_TIS17_SfFniAU.log c:\windows\system32\service\08062010_TIS17_SfFniAU.log c:\windows\system32\service\08122009_TIS17_SfFniAU.log c:\windows\system32\service\10022010_TIS17_SfFniAU.log c:\windows\system32\service\10052010_TIS17_SfFniAU.log c:\windows\system32\service\11012010_TIS17_SfFniAU.log c:\windows\system32\service\11052009_TIS17_SfFniAU.log c:\windows\system32\service\11112009_TIS17_SfFniAU.log c:\windows\system32\service\12042010_TIS17_SfFniAU.log c:\windows\system32\service\12052009_TIS17_SfFniAU.log c:\windows\system32\service\12052010_TIS17_SfFniAU.log c:\windows\system32\service\12102009_TIS17_SfFniAU.log c:\windows\system32\service\12102010_TIS17_SfFniAU.log c:\windows\system32\service\13072010_TIS17_SfFniAU.log c:\windows\system32\service\13092010_TIS17_SfFniAU.log c:\windows\system32\service\13102010_TIS17_SfFniAU.log c:\windows\system32\service\16072010_TIS17_SfFniAU.log c:\windows\system32\service\17102010_TIS17_SfFniAU.log c:\windows\system32\service\19082009_TIS17_SfFniAU.log c:\windows\system32\service\19102009_TIS17_SfFniAU.log c:\windows\system32\service\20102010_TIS17_SfFniAU.log c:\windows\system32\service\20112009_TIS17_SfFniAU.log c:\windows\system32\service\21062010_TIS17_SfFniAU.log c:\windows\system32\service\22092009_TIS17_SfFniAU.log c:\windows\system32\service\22122010_TIS17_SfFniAU.log c:\windows\system32\service\23062010_TIS17_SfFniAU.log c:\windows\system32\service\23082010_TIS17_SfFniAU.log c:\windows\system32\service\24122009_TIS17_SfFniAU.log c:\windows\system32\service\25042010_TIS17_SfFniAU.log c:\windows\system32\service\25102009_TIS17_SfFniAU.log c:\windows\system32\service\26092010_TIS17_SfFniAU.log c:\windows\system32\service\27072009_TIS17_SfFniAU.log c:\windows\system32\service\27112009_TIS17_SfFniAU.log c:\windows\system32\service\28012010_TIS17_SfFniAU.log c:\windows\system32\service\29112010_TIS17_SfFniAU.log c:\windows\system32\service\29122010_TIS17_SfFniAU.log c:\windows\system32\service\30092010_TIS17_SfFniAU.log c:\windows\system32\service\31052010_TIS17_SfFniAU.log c:\windows\system32\Thumbs.db . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 -------\Legacy_SSHNAS -------\Service_6to4 ((((((((((((((((((((((((( Files Created from 2010-12-14 to 2011-01-14 ))))))))))))))))))))))))))))))) . 2011-01-13 15:41 . 2011-01-13 15:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-01-13 05:51 . 2011-01-13 05:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer 2011-01-13 05:51 . 2011-01-13 05:51 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer 2011-01-12 20:42 . 2011-01-12 20:42 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2011-01-12 17:24 . 2011-01-12 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2011-01-12 17:24 . 2011-01-12 17:26 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-01-12 16:40 . 2011-01-12 16:40 -------- d-----w- c:\windows\system32\%APPDATA% 2011-01-12 15:10 . 2011-01-12 15:09 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-01-12 15:07 . 2011-01-12 15:07 -------- d-----w- c:\documents and settings\Nick\Local Settings\Application Data\Sunbelt Software 2011-01-12 14:29 . 2011-01-12 14:29 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-01-12 07:19 . 2011-01-12 07:19 -------- d-----w- c:\documents and settings\Nick\Application Data\SUPERAntiSpyware.com 2011-01-12 07:06 . 2011-01-12 07:06 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2011-01-12 07:04 . 2011-01-12 07:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-01-12 07:04 . 2011-01-12 07:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2011-01-12 07:02 . 2011-01-12 07:02 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2011-01-12 04:21 . 2011-01-12 06:42 0 ----a-w- c:\windows\Bcune.bin 2011-01-12 03:11 . 2011-01-12 03:11 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2011-01-12 02:57 . 2011-01-12 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit 2011-01-12 02:39 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-12 02:39 . 2011-01-12 02:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-12 02:39 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-12 02:20 . 2011-01-12 02:20 -------- d-----w- c:\program files\iPod 2011-01-12 02:20 . 2011-01-12 02:21 -------- d-----w- c:\program files\iTunes 2011-01-12 02:11 . 2011-01-12 02:11 -------- d-----w- c:\program files\Bonjour 2011-01-07 04:17 . 2011-01-07 04:17 -------- d-----w- c:\program files\Microsoft.NET 2011-01-07 04:14 . 2011-01-07 04:14 -------- d-----w- c:\program files\Microsoft Analysis Services 2011-01-07 04:13 . 2011-01-07 04:14 -------- d-----w- c:\windows\SHELLNEW 2011-01-07 04:12 . 2011-01-07 04:12 -------- d-----w- c:\documents and settings\Nick\Local Settings\Application Data\Microsoft Help 2011-01-07 04:11 . 2011-01-13 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2011-01-07 04:11 . 2011-01-07 04:11 -------- d-----r- C:\MSOCache 2011-01-06 22:44 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-01-06 22:44 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-01-06 22:44 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-01-06 22:44 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-01-06 22:44 . 2011-01-13 08:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-01-06 22:44 . 2011-01-13 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-01-06 22:44 . 2011-01-13 08:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-01-06 22:44 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe 2011-01-06 22:44 . 2010-12-31 20:06 38848 ----a-w- c:\windows\avastSS.scr 2011-01-06 22:44 . 2011-01-06 22:44 -------- d-----w- c:\program files\Alwil Software 2011-01-06 22:44 . 2011-01-06 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-12-24 21:26 . 2010-12-24 21:26 -------- d-----w- c:\documents and settings\Nick\Local Settings\Application Data\Thunderbird 2010-12-24 21:26 . 2010-12-24 21:26 -------- d-----w- c:\documents and settings\Nick\Application Data\Thunderbird 2010-12-24 21:25 . 2010-12-24 21:25 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-12-15 04:14 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2010-12-15 04:13 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-11-18 18:12 . 2006-02-15 15:36 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-09 14:52 . 2006-02-15 14:03 249856 ----a-w- c:\windows\system32\odbc32.dll 2010-11-06 00:26 . 2006-02-15 14:04 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26 . 2006-02-15 14:02 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26 . 2006-02-15 14:02 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:25 . 2006-02-15 14:02 385024 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2006-02-15 14:03 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-28 13:13 . 2006-02-15 14:02 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25 . 2006-02-15 14:04 1853312 ----a-w- c:\windows\system32\win32k.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856] "POP Peeper"="c:\program files\POP Peeper\POPPeeper.exe" [2009-01-22 1470464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CFSServ.exe"="CFSServ.exe -NoClient" [X] "TFncKy"="TFncKy.exe" [bU] "TDispVol"="TDispVol.exe" [2005-03-11 73728] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945] "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203] "Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728] "TPSMain"="TPSMain.exe" [2005-06-01 282624] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880] "dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400] "SansaDispatch"="c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-05-02 55368] "Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160] "@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2010-10-27 2345000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Mozilla Firefox.lnk - c:\program files\Mozilla Firefox\firefox.exe [2008-9-18 912344] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2010-10-27 353992] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2003-08-04 21:28 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless] 2005-11-28 18:41 602182 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig] 2005-12-05 19:37 667718 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/6/2011 5:44 PM 294608] R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [1/13/2011 11:16 AM 202064] R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [1/13/2011 11:16 AM 38856] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [1/13/2011 11:16 AM 25000] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [1/13/2011 11:16 AM 29272] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/6/2011 5:44 PM 17744] R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [1/13/2011 11:15 AM 380784] R2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [1/13/2011 11:15 AM 3652696] S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000] S3 SVRPEDRV;SVRPEDRV;\??\c:\docume~1\Nick\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys --> c:\docume~1\Nick\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys [?] . Contents of the 'Scheduled Tasks' folder 2011-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50] . . ------- Supplementary Scan ------- . uStart Page = https://mail.vbgov.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL DPF: vzTCPConfig - hxxp://www.verizon.net/checkmypc/fios/includes/vzTCPConfig.CAB FF - ProfilePath - c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\376acwj6.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.groupon.com/hampton-roads/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - ORPHANS REMOVED - - - - HKLM-Run-DXDllRegExe - dxdllreg.exe MSConfigStartUp-HP Component Manager - c:\program files\HP\hpcoretech\hpcmpmgr.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe AddRemove-HijackThis - c:\documents and settings\Nick\Desktop\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-01-13 21:31 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwOpenFile scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,36,b3,a0,87,60,e8,3b,45,9c,4d,8e,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,36,b3,a0,87,60,e8,3b,45,9c,4d,8e,\ [HKEY_USERS\S-1-5-21-252245913-2091170121-1509532172-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2768) c:\windows\system32\WININET.dll c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll c:\windows\system32\TDispVol.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\TPwrCfg.DLL c:\windows\system32\TPwrReg.dll c:\windows\system32\TPSTrace.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\windows\system32\DVDRAMSV.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\toshiba\IVP\swupdate\swupdtmr.exe c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe c:\windows\system32\TDispVol.exe c:\windows\AGRSMMSG.exe c:\windows\system32\TPSMain.exe c:\windows\eHome\ehmsas.exe c:\program files\Synaptics\SynTP\Toshiba.exe c:\program files\TOSHIBA\ConfigFree\CFSServ.exe c:\windows\system32\TPSBattM.exe c:\program files\Online Armor\OAhlp.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2011-01-13 21:38:44 - machine was rebooted ComboFix-quarantined-files.txt 2011-01-14 02:38 Pre-Run: 99,892,150,272 bytes free Post-Run: 101,073,137,664 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect - - End Of File - - 5341116630EDB2A319DFA4DFA2474E3D

Nothing in either scan. Here are the logs below... 2011/01/13 20:55:36.0500 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11 2011/01/13 20:55:36.0500 ================================================================================ 2011/01/13 20:55:36.0500 SystemInfo: 2011/01/13 20:55:36.0500 2011/01/13 20:55:36.0500 OS Version: 5.1.2600 ServicePack: 3.0 2011/01/13 20:55:36.0500 Product type: Workstation 2011/01/13 20:55:36.0500 ComputerName: TOSHIBA 2011/01/13 20:55:36.0500 UserName: Nick 2011/01/13 20:55:36.0500 Windows directory: C:\WINDOWS 2011/01/13 20:55:36.0500 System windows directory: C:\WINDOWS 2011/01/13 20:55:36.0500 Processor architecture: Intel x86 2011/01/13 20:55:36.0500 Number of processors: 2 2011/01/13 20:55:36.0500 Page size: 0x1000 2011/01/13 20:55:36.0500 Boot type: Normal boot 2011/01/13 20:55:36.0500 ================================================================================ 2011/01/13 20:55:37.0734 Initialize success 2011/01/13 20:55:44.0515 ================================================================================ 2011/01/13 20:55:44.0515 Scan started 2011/01/13 20:55:44.0515 Mode: Manual; 2011/01/13 20:55:44.0515 ================================================================================ 2011/01/13 20:55:45.0484 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys 2011/01/13 20:55:45.0593 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/01/13 20:55:45.0609 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2011/01/13 20:55:45.0687 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/01/13 20:55:45.0750 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2011/01/13 20:55:45.0812 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/01/13 20:55:45.0984 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys 2011/01/13 20:55:46.0078 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 2011/01/13 20:55:46.0390 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/01/13 20:55:46.0656 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys 2011/01/13 20:55:46.0750 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys 2011/01/13 20:55:46.0828 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys 2011/01/13 20:55:46.0859 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys 2011/01/13 20:55:46.0906 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys 2011/01/13 20:55:46.0937 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys 2011/01/13 20:55:47.0000 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/01/13 20:55:47.0140 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/01/13 20:55:47.0218 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/01/13 20:55:47.0265 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/01/13 20:55:47.0343 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/01/13 20:55:47.0406 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/01/13 20:55:47.0453 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/01/13 20:55:47.0500 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/01/13 20:55:47.0531 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/01/13 20:55:47.0609 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/01/13 20:55:47.0671 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/01/13 20:55:47.0796 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/01/13 20:55:47.0843 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS 2011/01/13 20:55:47.0968 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 2011/01/13 20:55:48.0031 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS 2011/01/13 20:55:48.0062 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS 2011/01/13 20:55:48.0093 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS 2011/01/13 20:55:48.0109 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS 2011/01/13 20:55:48.0140 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS 2011/01/13 20:55:48.0171 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS 2011/01/13 20:55:48.0203 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS 2011/01/13 20:55:48.0281 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/01/13 20:55:48.0359 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/01/13 20:55:48.0390 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/01/13 20:55:48.0468 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/01/13 20:55:48.0546 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/01/13 20:55:48.0578 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 2011/01/13 20:55:48.0625 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 2011/01/13 20:55:48.0687 E100B (2646883e6dd867cd872d5b51b6036710) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/01/13 20:55:48.0843 e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 2011/01/13 20:55:48.0921 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/01/13 20:55:48.0968 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/01/13 20:55:49.0000 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/01/13 20:55:49.0046 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/01/13 20:55:49.0078 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/01/13 20:55:49.0109 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/01/13 20:55:49.0156 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/01/13 20:55:49.0328 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/01/13 20:55:49.0359 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/01/13 20:55:49.0437 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/01/13 20:55:49.0546 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/01/13 20:55:49.0578 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/01/13 20:55:49.0625 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/01/13 20:55:49.0703 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/01/13 20:55:49.0953 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/01/13 20:55:50.0078 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 2011/01/13 20:55:50.0281 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/01/13 20:55:50.0640 IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/01/13 20:55:51.0015 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/01/13 20:55:51.0062 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/01/13 20:55:51.0109 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/01/13 20:55:51.0171 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/01/13 20:55:51.0234 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/01/13 20:55:51.0281 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/01/13 20:55:51.0375 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/01/13 20:55:51.0500 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/01/13 20:55:51.0531 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys 2011/01/13 20:55:51.0593 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/01/13 20:55:51.0656 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/01/13 20:55:51.0703 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys 2011/01/13 20:55:51.0750 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/01/13 20:55:52.0062 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys 2011/01/13 20:55:52.0140 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 2011/01/13 20:55:52.0187 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/01/13 20:55:52.0250 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/01/13 20:55:52.0312 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/01/13 20:55:52.0343 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/01/13 20:55:52.0515 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS 2011/01/13 20:55:52.0625 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS 2011/01/13 20:55:52.0796 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/01/13 20:55:52.0875 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/01/13 20:55:52.0921 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/01/13 20:55:52.0984 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/01/13 20:55:53.0015 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/01/13 20:55:53.0046 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/01/13 20:55:53.0203 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/01/13 20:55:53.0234 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/01/13 20:55:53.0312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/01/13 20:55:53.0359 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/01/13 20:55:53.0421 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/01/13 20:55:53.0453 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/01/13 20:55:53.0500 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/01/13 20:55:53.0546 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/01/13 20:55:53.0609 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/01/13 20:55:53.0781 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys 2011/01/13 20:55:53.0859 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/01/13 20:55:53.0906 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/01/13 20:55:53.0968 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/01/13 20:55:54.0046 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/01/13 20:55:54.0093 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/01/13 20:55:54.0125 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/01/13 20:55:54.0203 OADevice (422cf292a3fd758418c5b79405c93331) C:\WINDOWS\system32\drivers\OADriver.sys 2011/01/13 20:55:54.0359 oahlpXX (7c6d7532a8fcbcbda241215e808354c2) C:\WINDOWS\system32\drivers\oahlp32.sys 2011/01/13 20:55:54.0421 OAmon (6243e6db6399a95fd401090fc0d0c3ab) C:\WINDOWS\system32\drivers\OAmon.sys 2011/01/13 20:55:54.0453 OAnet (f87647d8e994032ee9a50f8a3a144671) C:\WINDOWS\system32\drivers\OAnet.sys 2011/01/13 20:55:54.0484 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/01/13 20:55:54.0531 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2011/01/13 20:55:54.0562 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/01/13 20:55:54.0593 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/01/13 20:55:54.0640 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/01/13 20:55:54.0687 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/01/13 20:55:54.0718 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/01/13 20:55:54.0953 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys 2011/01/13 20:55:55.0015 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/01/13 20:55:55.0046 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/01/13 20:55:55.0078 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/01/13 20:55:55.0265 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/01/13 20:55:55.0421 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/01/13 20:55:55.0468 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/01/13 20:55:55.0500 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/01/13 20:55:55.0562 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/01/13 20:55:55.0593 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/01/13 20:55:55.0671 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/01/13 20:55:55.0734 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/01/13 20:55:55.0781 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/01/13 20:55:55.0906 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys 2011/01/13 20:55:56.0015 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS 2011/01/13 20:55:56.0046 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS 2011/01/13 20:55:56.0250 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 2011/01/13 20:55:56.0328 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/01/13 20:55:56.0406 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 2011/01/13 20:55:56.0468 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 2011/01/13 20:55:56.0625 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/01/13 20:55:56.0671 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/01/13 20:55:56.0765 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/01/13 20:55:57.0109 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/01/13 20:55:57.0156 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/01/13 20:55:57.0453 SynTP (e295fffff3aaf9a6a40b29497901908f) C:\WINDOWS\system32\DRIVERS\SynTP.sys 2011/01/13 20:55:57.0515 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/01/13 20:55:57.0562 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys 2011/01/13 20:55:57.0625 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/01/13 20:55:57.0796 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/01/13 20:55:57.0828 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/01/13 20:55:57.0875 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/01/13 20:55:57.0953 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys 2011/01/13 20:55:58.0046 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys 2011/01/13 20:55:58.0109 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys 2011/01/13 20:55:58.0140 Tvs (cc6763889198ef975b143d49789bcfa9) C:\WINDOWS\system32\DRIVERS\Tvs.sys 2011/01/13 20:55:58.0187 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/01/13 20:55:58.0421 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/01/13 20:55:58.0531 usbbus (8ef48ff1c23b1ce6f96d09a45959eb20) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys 2011/01/13 20:55:58.0593 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/01/13 20:55:58.0656 UsbDiag (a0e24c5c2d0cff04bbd3753a72fae80b) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys 2011/01/13 20:55:58.0812 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/01/13 20:55:58.0843 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/01/13 20:55:58.0921 USBModem (cc09a1132b1f6a8362107cc134e90d0b) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys 2011/01/13 20:55:58.0953 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/01/13 20:55:59.0000 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/01/13 20:55:59.0062 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/01/13 20:55:59.0109 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/01/13 20:55:59.0140 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/01/13 20:55:59.0218 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/01/13 20:55:59.0515 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys 2011/01/13 20:55:59.0640 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/01/13 20:55:59.0796 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys 2011/01/13 20:55:59.0890 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/01/13 20:56:00.0062 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys 2011/01/13 20:56:00.0156 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/01/13 20:56:00.0218 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/01/13 20:56:00.0468 ================================================================================ 2011/01/13 20:56:00.0468 Scan finished 2011/01/13 20:56:00.0468 ================================================================================ Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5514 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/13/2011 8:52:19 PM mbam-log-2011-01-13 (20-52-19).txt Scan type: Quick scan Objects scanned: 174358 Time elapsed: 12 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

And there were zero infections detected by MBAM

The computer is running just as smoothly. However, I'll try to google a subject and the first time I try to click a link that came up in the results, I get redirected to some ad website causing Online Armor or SpywareBlaster to block the page. The most recent one tried redirecting me to pda.mv.bidsystem.(com). If I click the back button and try to click on the same link, I go to the proper site. It's just the first link I click after every new search. I'm trying to run MBAM right now again...

Sometime Tuesday, my computer got infected with the "Anti Virus Live" virus. I kept getting those pop ups and could not get on the internet with any of my browsers. I used a roommates computer to try and research how to get rid of it. I used SUPERantispyware off a thumb drive and then ran MBAM in safe mode. This seemed to take off "Anti Virus Live" but it appeared I had another infection. It was the Whitesmoke Translator infection. I tried running MBAM, SpyBot, and Ad Aware in safe mode. I got numerous infections with each and removed them. I ran my antivirus, avast, a couple of times and got a few infections to remove including Whitesmoke. When I restarted my computer, Whitesmoke was gone but it was still noticeably slower and I was still geting random redirects. I then found the forums here and found this particular post: http://forums.malwarebytes.org/index.php?showtopic=70703 . I followed those instructions and ran TDSkiller, finding one infection (I included the log). I restarted my computer, ran MBAM and it was running much much better. I don't hear the hard drive going, it is faster and I am not getting the random redirects. I decided to run MBAM again and SpyBot again and am still getting infected files. I'm not sure where they are coming from and am worried they could manifest into something more serious again. Here is everything requested in the pinned topic if someone could take a look over it, thanks! I included both MBAM reports from today (most recent being first). I have 3 more from the previous two days (that all had infections) if requested. I also recently installed Online Armour and SpywareBlaster as recommended for further protection. DDS (Ver_10-12-12.02) - NTFSx86 Run by Nick at 13:19:54.87 on Thu 01/13/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.938 [GMT -5:00] AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: Online Armor Firewall *Enabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\Program Files\Online Armor\OAcat.exe C:\Program Files\Online Armor\oasrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TDispVol.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\WINDOWS\system32\TPSMain.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\system32\dla\DLACTRLW.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe C:\Program Files\Verizon\McciTrayApp.exe C:\Program Files\Alwil Software\Avast5\avastUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Online Armor\oaui.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\POP Peeper\POPPeeper.exe C:\Program Files\Online Armor\OAhlp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Nick\My Documents\Downloads\Defogger.exe C:\Documents and Settings\Nick\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = https://mail.vbgov.com/ uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart uInternet Settings,ProxyServer = http=127.0.0.1:8075 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie mWinlogon: Userinit=userinit.exe, BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [POP Peeper] "c:\program files\pop peeper\POPPeeper.exe" -min mRun: [TFncKy] TFncKy.exe mRun: [TDispVol] TDispVol.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe mRun: [TPSMain] TPSMain.exe mRun: [smoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run mRun: [CFSServ.exe] CFSServ.exe -NoClient mRun: [DXDllRegExe] dxdllreg.exe mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe" mRun: [sansaDispatch] c:\program files\sandisk\sansa updater\SansaDispatch.exe mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [@OnlineArmor GUI] "c:\program files\online armor\oaui.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozill~1.lnk - c:\program files\mozilla firefox\firefox.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: vzTCPConfig - hxxp://www.verizon.net/checkmypc/fios/includes/vzTCPConfig.CAB DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214316307540 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\online~2\oaevent.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\nick\applic~1\mozilla\firefox\profiles\376acwj6.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.groupon.com/hampton-roads/ FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\common files\motive\npMotive.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: XULRunner: {4BBF1178-2AE7-404B-B680-B849B7A88CF6} - c:\documents and settings\nick\local settings\application data\{4BBF1178-2AE7-404B-B680-B849B7A88CF6} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} ============= SERVICES / DRIVERS =============== R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-6 294608] R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-1-13 202064] R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-1-13 38856] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-1-13 25000] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2011-1-13 29272] R1 SASDIFSV;SASDIFSV;c:\docume~1\admini~1\locals~1\temp\sas_selfextract\SASDIFSV.SYS [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\docume~1\admini~1\locals~1\temp\sas_selfextract\SASKUTIL.SYS [2010-5-10 67656] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-6 17744] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-6 40384] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2011-1-13 380784] R2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2011-1-13 3652696] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 SVRPEDRV;SVRPEDRV;\??\c:\docume~1\nick\locals~1\temp\rarsfx0\s10vwf\pedrv.sys --> c:\docume~1\nick\locals~1\temp\rarsfx0\s10vwf\PEDrv.sys [?] =============== Created Last 30 ================ 2011-01-13 16:22:58 -------- d-----w- c:\program files\SpywareBlaster 2011-01-13 16:16:49 -------- d-----w- c:\docume~1\nick\applic~1\OnlineArmor 2011-01-13 16:16:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\OnlineArmor 2011-01-13 16:16:08 38856 ----a-w- c:\windows\system32\drivers\oahlp32.sys 2011-01-13 16:16:08 29272 ----a-w- c:\windows\system32\drivers\OAnet.sys 2011-01-13 16:16:08 25000 ----a-w- c:\windows\system32\drivers\OAmon.sys 2011-01-13 16:16:08 202064 ----a-w- c:\windows\system32\drivers\OADriver.sys 2011-01-13 16:15:58 -------- d-----w- c:\program files\Online Armor 2011-01-12 17:24:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2011-01-12 17:24:17 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-01-12 16:40:46 -------- d-----w- c:\windows\system32\%APPDATA% 2011-01-12 15:10:06 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-01-12 15:07:01 -------- d-----w- c:\docume~1\nick\locals~1\applic~1\Sunbelt Software 2011-01-12 14:29:30 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-01-12 07:19:48 -------- d-----w- c:\docume~1\nick\applic~1\SUPERAntiSpyware.com 2011-01-12 07:04:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2011-01-12 04:21:39 0 ----a-w- c:\windows\Bcune.bin 2011-01-12 04:21:37 -------- d-----w- c:\docume~1\nick\locals~1\applic~1\{4BBF1178-2AE7-404B-B680-B849B7A88CF6} 2011-01-12 02:57:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit 2011-01-12 02:39:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-12 02:39:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-12 02:39:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-12 02:20:25 -------- d-----w- c:\program files\iPod 2011-01-12 02:20:03 -------- d-----w- c:\program files\iTunes 2011-01-12 02:11:09 -------- d-----w- c:\program files\Bonjour 2011-01-07 04:17:25 -------- d-----w- c:\documents and settings\all users\Microsoft 2011-01-07 04:14:00 -------- d-----w- c:\program files\Microsoft Analysis Services 2011-01-07 04:13:47 -------- d-----w- c:\windows\SHELLNEW 2011-01-07 04:12:35 -------- d-----w- c:\docume~1\nick\locals~1\applic~1\Microsoft Help 2011-01-06 22:44:09 38848 ----a-w- c:\windows\avastSS.scr 2011-01-06 22:44:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software 2010-12-24 21:26:03 -------- d-----w- c:\docume~1\nick\locals~1\applic~1\Thunderbird 2010-12-15 04:14:12 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2010-12-15 04:13:20 45568 -c----w- c:\windows\system32\dllcache\wab.exe ==================== Find3M ==================== 2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll 2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec 2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys ============= FINISH: 13:22:22.20 =============== Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5512 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/13/2011 1:03:19 PM mbam-log-2011-01-13 (13-03-19).txt Scan type: Quick scan Objects scanned: 185880 Time elapsed: 13 minute(s), 0 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\yr87fk3d2dnszapq2 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JP595IR86O (Trojan.FakeAlert) -> Value: JP595IR86O -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\Temp\Xd1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\Xd0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\Xd2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. ----------------------------------------------------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5507 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/13/2011 11:18:30 AM mbam-log-2011-01-13 (11-18-30).txt Scan type: Quick scan Objects scanned: 185531 Time elapsed: 15 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\UA24KKHL\load[1].php (Rootkit.TDSS.XGen) -> Quarantined and deleted successfully. c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WINDOWS\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully. ------------------------------------------------------------------------------------------------------ 2011/01/13 10:55:48.0203 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11 2011/01/13 10:55:48.0203 ================================================================================ 2011/01/13 10:55:48.0203 SystemInfo: 2011/01/13 10:55:48.0203 2011/01/13 10:55:48.0203 OS Version: 5.1.2600 ServicePack: 3.0 2011/01/13 10:55:48.0203 Product type: Workstation 2011/01/13 10:55:48.0203 ComputerName: TOSHIBA 2011/01/13 10:55:48.0203 UserName: Nick 2011/01/13 10:55:48.0203 Windows directory: C:\WINDOWS 2011/01/13 10:55:48.0203 System windows directory: C:\WINDOWS 2011/01/13 10:55:48.0203 Processor architecture: Intel x86 2011/01/13 10:55:48.0203 Number of processors: 2 2011/01/13 10:55:48.0203 Page size: 0x1000 2011/01/13 10:55:48.0203 Boot type: Normal boot 2011/01/13 10:55:48.0203 ================================================================================ 2011/01/13 10:55:48.0671 Initialize success 2011/01/13 10:55:51.0640 ================================================================================ 2011/01/13 10:55:51.0640 Scan started 2011/01/13 10:55:51.0640 Mode: Manual; 2011/01/13 10:55:51.0640 ================================================================================ 2011/01/13 10:55:57.0828 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys 2011/01/13 10:55:58.0453 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/01/13 10:55:58.0890 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2011/01/13 10:55:58.0968 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/01/13 10:55:59.0031 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2011/01/13 10:55:59.0140 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/01/13 10:55:59.0187 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys 2011/01/13 10:55:59.0421 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 2011/01/13 10:55:59.0843 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/01/13 10:55:59.0984 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys 2011/01/13 10:56:00.0062 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys 2011/01/13 10:56:00.0140 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys 2011/01/13 10:56:00.0218 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys 2011/01/13 10:56:00.0265 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys 2011/01/13 10:56:00.0328 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys 2011/01/13 10:56:00.0390 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/01/13 10:56:00.0437 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/01/13 10:56:00.0562 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/01/13 10:56:00.0593 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/01/13 10:56:00.0718 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/01/13 10:56:00.0796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/01/13 10:56:00.0859 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/01/13 10:56:00.0906 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/01/13 10:56:00.0968 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/01/13 10:56:01.0093 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/01/13 10:56:01.0156 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/01/13 10:56:01.0359 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/01/13 10:56:01.0437 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS 2011/01/13 10:56:01.0531 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 2011/01/13 10:56:01.0578 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS 2011/01/13 10:56:01.0609 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS 2011/01/13 10:56:01.0656 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS 2011/01/13 10:56:01.0687 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS 2011/01/13 10:56:01.0750 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS 2011/01/13 10:56:01.0781 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS 2011/01/13 10:56:01.0812 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS 2011/01/13 10:56:01.0921 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/01/13 10:56:02.0031 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/01/13 10:56:02.0109 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/01/13 10:56:02.0156 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/01/13 10:56:02.0234 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/01/13 10:56:02.0281 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 2011/01/13 10:56:02.0312 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 2011/01/13 10:56:02.0390 E100B (2646883e6dd867cd872d5b51b6036710) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/01/13 10:56:02.0453 e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 2011/01/13 10:56:02.0578 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/01/13 10:56:02.0718 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/01/13 10:56:02.0765 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/01/13 10:56:02.0781 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/01/13 10:56:02.0843 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/01/13 10:56:02.0875 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/01/13 10:56:02.0906 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/01/13 10:56:02.0953 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/01/13 10:56:03.0015 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/01/13 10:56:03.0125 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/01/13 10:56:03.0359 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/01/13 10:56:03.0484 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/01/13 10:56:03.0578 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/01/13 10:56:03.0640 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/01/13 10:56:03.0765 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/01/13 10:56:03.0890 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 2011/01/13 10:56:04.0375 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/01/13 10:56:05.0218 IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/01/13 10:56:05.0609 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/01/13 10:56:05.0640 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/01/13 10:56:05.0671 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/01/13 10:56:05.0750 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/01/13 10:56:05.0812 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/01/13 10:56:05.0859 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/01/13 10:56:06.0015 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/01/13 10:56:06.0062 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/01/13 10:56:06.0078 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys 2011/01/13 10:56:06.0125 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/01/13 10:56:06.0187 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/01/13 10:56:06.0234 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys 2011/01/13 10:56:06.0265 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/01/13 10:56:06.0453 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 2011/01/13 10:56:06.0625 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys 2011/01/13 10:56:06.0765 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys 2011/01/13 10:56:06.0812 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 2011/01/13 10:56:06.0859 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/01/13 10:56:06.0921 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/01/13 10:56:06.0953 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/01/13 10:56:07.0109 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/01/13 10:56:07.0250 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS 2011/01/13 10:56:07.0312 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS 2011/01/13 10:56:07.0375 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/01/13 10:56:07.0453 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/01/13 10:56:07.0562 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/01/13 10:56:07.0609 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/01/13 10:56:07.0640 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/01/13 10:56:07.0671 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/01/13 10:56:07.0734 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/01/13 10:56:07.0796 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/01/13 10:56:07.0875 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/01/13 10:56:07.0937 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/01/13 10:56:08.0000 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/01/13 10:56:08.0015 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/01/13 10:56:08.0062 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/01/13 10:56:08.0093 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/01/13 10:56:08.0140 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/01/13 10:56:08.0171 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys 2011/01/13 10:56:08.0234 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/01/13 10:56:08.0296 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/01/13 10:56:08.0390 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/01/13 10:56:08.0515 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/01/13 10:56:08.0562 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/01/13 10:56:08.0593 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/01/13 10:56:08.0609 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/01/13 10:56:08.0656 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2011/01/13 10:56:08.0687 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/01/13 10:56:08.0718 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/01/13 10:56:08.0765 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/01/13 10:56:08.0843 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/01/13 10:56:08.0906 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/01/13 10:56:09.0156 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys 2011/01/13 10:56:09.0203 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/01/13 10:56:09.0296 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/01/13 10:56:09.0328 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/01/13 10:56:09.0359 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/01/13 10:56:09.0515 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/01/13 10:56:09.0562 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/01/13 10:56:09.0593 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/01/13 10:56:09.0625 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/01/13 10:56:09.0671 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/01/13 10:56:09.0703 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/01/13 10:56:09.0765 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/01/13 10:56:09.0890 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/01/13 10:56:10.0000 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/01/13 10:56:10.0093 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys 2011/01/13 10:56:10.0265 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS 2011/01/13 10:56:10.0281 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS 2011/01/13 10:56:10.0531 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 2011/01/13 10:56:10.0593 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/01/13 10:56:10.0656 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 2011/01/13 10:56:10.0703 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 2011/01/13 10:56:10.0906 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/01/13 10:56:10.0968 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/01/13 10:56:11.0031 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/01/13 10:56:11.0375 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/01/13 10:56:11.0421 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/01/13 10:56:11.0656 SynTP (e295fffff3aaf9a6a40b29497901908f) C:\WINDOWS\system32\DRIVERS\SynTP.sys 2011/01/13 10:56:11.0828 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/01/13 10:56:11.0875 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys 2011/01/13 10:56:11.0984 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/01/13 10:56:12.0093 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/01/13 10:56:12.0171 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/01/13 10:56:12.0218 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/01/13 10:56:12.0312 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys 2011/01/13 10:56:12.0390 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys 2011/01/13 10:56:12.0453 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys 2011/01/13 10:56:12.0546 Tvs (cc6763889198ef975b143d49789bcfa9) C:\WINDOWS\system32\DRIVERS\Tvs.sys 2011/01/13 10:56:12.0609 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/01/13 10:56:12.0750 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/01/13 10:56:12.0843 usbbus (8ef48ff1c23b1ce6f96d09a45959eb20) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys 2011/01/13 10:56:12.0890 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/01/13 10:56:13.0015 UsbDiag (a0e24c5c2d0cff04bbd3753a72fae80b) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys 2011/01/13 10:56:13.0046 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/01/13 10:56:13.0140 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/01/13 10:56:13.0203 USBModem (cc09a1132b1f6a8362107cc134e90d0b) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys 2011/01/13 10:56:13.0250 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/01/13 10:56:13.0296 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/01/13 10:56:13.0406 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/01/13 10:56:13.0453 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/01/13 10:56:13.0484 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/01/13 10:56:13.0562 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/01/13 10:56:13.0750 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys 2011/01/13 10:56:13.0890 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/01/13 10:56:13.0968 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys 2011/01/13 10:56:14.0031 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/01/13 10:56:14.0187 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys 2011/01/13 10:56:14.0265 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/01/13 10:56:14.0375 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/01/13 10:56:14.0468 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/01/13 10:56:14.0484 ================================================================================ 2011/01/13 10:56:14.0484 Scan finished 2011/01/13 10:56:14.0484 ================================================================================ 2011/01/13 10:56:14.0515 Detected object count: 1 2011/01/13 10:56:45.0250 \HardDisk0 - will be cured after reboot 2011/01/13 10:56:45.0250 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/01/13 10:56:50.0765 Deinitialize success Thanks again, Nick Attach1.zip