Looks ike I got a Trojan

[tcastel]

I'm fighting with a Trojan and cold use some help. I've run malwarebytes and cleaned it but it keeps coming back. Ran Windows Defender, the scanner on the Windows site, Stopzilla and Emsisoft and all of them find the rojan but none of them get rid of it. Hopefully these log files can shed some light.

Malware log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5186

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18975

11/25/2010 8:54:23 AM

mbam-log-2010-11-25 (08-54-23).txt

Scan type: Full scan (C:\|)

Objects scanned: 275071

Time elapsed: 2 hour(s), 8 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Users\Tony\AppData\Roaming\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\Tony\AppData\Roaming\Microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Tony\AppData\Roaming\skvkfd.bat (Malware.Trace) -> Quarantined and deleted successfully.

DDS log

DDS (Ver_10-11-10.01) - NTFSx86

Run by Tony at 16:15:43.86 on Thu 11/25/2010

Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22

Microsoft

Attach.zip

ark.zip

[LDTate]

Please don't attach the scan results, use Copy/Paste

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

[tcastel]

ran those programs. og files below. The laptop appears to behave normally at the moment. Wha attracted my attention was I use google as my default search engine and when I tried to select some of the links I was redirected to a new search page called Scour. Also I use Webroot anti viruis and it started ppping up windows saying somethig was trying to open a page for protectmypc. I ran malwarebytes and the trojan showed up.

Gooredfix log

GooredFix by jpshortstuff (03.07.10.1)

Log created at 18:50 on 25/11/2010 (Tony)

Firefox version 3.6.3 (en-US)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd} [21:31 24/12/2008]

{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [22:25 15/09/2009]

{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [17:54 30/10/2010]

C:\Users\Tony\Application Data\Mozilla\Firefox\Profiles\od7652om.default\extensions\

{20a82645-c095-46ed-80e3-08825760534b} [22:27 15/09/2009]

{5C46D283-ABDE-4dce-B83C-08881401921C} [10:20 28/03/2010]

{635abd67-4fe9-1b23-4f01-e679fa7484c1} [10:15 17/06/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [10:28 28/03/2009]

-=E.O.F=-

TDSSKiller log

================================================================================

2010/11/25 18:53:35.0350 SystemInfo:

2010/11/25 18:53:35.0350

2010/11/25 18:53:35.0350 OS Version: 6.0.6002 ServicePack: 2.0

2010/11/25 18:53:35.0350 Product type: Workstation

2010/11/25 18:53:35.0350 ComputerName: LAPTOP

2010/11/25 18:53:35.0350 UserName: Tony

2010/11/25 18:53:35.0350 Windows directory: C:\Windows

2010/11/25 18:53:35.0350 System windows directory: C:\Windows

2010/11/25 18:53:35.0350 Processor architecture: Intel x86

2010/11/25 18:53:35.0350 Number of processors: 2

2010/11/25 18:53:35.0350 Page size: 0x1000

2010/11/25 18:53:35.0350 Boot type: Normal boot

2010/11/25 18:53:35.0350 ================================================================================

2010/11/25 18:53:36.0084 Initialize success

2010/11/25 18:53:51.0060 ================================================================================

2010/11/25 18:53:51.0060 Scan started

2010/11/25 18:53:51.0060 Mode: Manual;

2010/11/25 18:53:51.0060 ================================================================================

2010/11/25 18:53:53.0415 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

2010/11/25 18:53:53.0493 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2010/11/25 18:53:53.0665 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2010/11/25 18:53:53.0727 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2010/11/25 18:53:53.0774 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2010/11/25 18:53:53.0961 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys

2010/11/25 18:53:54.0070 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

2010/11/25 18:53:54.0211 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2010/11/25 18:53:54.0273 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

2010/11/25 18:53:54.0367 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

2010/11/25 18:53:54.0460 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

2010/11/25 18:53:54.0523 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2010/11/25 18:53:54.0601 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

2010/11/25 18:53:54.0757 ApfiltrService (18bff317bdb10c64a35e1ca85f1ec051) C:\Windows\system32\DRIVERS\Apfiltr.sys

2010/11/25 18:53:54.0897 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2010/11/25 18:53:55.0038 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2010/11/25 18:53:55.0131 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/11/25 18:53:55.0303 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

2010/11/25 18:53:55.0443 athr (42a781b795b36a7182ded8b55c245153) C:\Windows\system32\DRIVERS\athr.sys

2010/11/25 18:53:55.0599 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2010/11/25 18:53:55.0802 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

2010/11/25 18:53:55.0896 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2010/11/25 18:53:55.0942 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2010/11/25 18:53:56.0067 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2010/11/25 18:53:56.0145 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2010/11/25 18:53:56.0192 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2010/11/25 18:53:56.0239 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2010/11/25 18:53:56.0364 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2010/11/25 18:53:56.0457 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2010/11/25 18:53:56.0551 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\Windows\system32\drivers\Cdr4_xp.sys

2010/11/25 18:53:56.0691 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\Windows\system32\drivers\Cdralw2k.sys

2010/11/25 18:53:56.0832 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

2010/11/25 18:53:56.0925 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

2010/11/25 18:53:56.0988 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

2010/11/25 18:53:57.0237 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/11/25 18:53:57.0284 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

2010/11/25 18:53:57.0440 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

2010/11/25 18:53:57.0487 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

2010/11/25 18:53:57.0534 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2010/11/25 18:53:57.0736 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys

2010/11/25 18:53:57.0970 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

2010/11/25 18:53:58.0048 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys

2010/11/25 18:53:58.0236 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2010/11/25 18:53:58.0329 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys

2010/11/25 18:53:58.0501 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2010/11/25 18:53:58.0719 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

2010/11/25 18:53:58.0813 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2010/11/25 18:53:59.0047 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

2010/11/25 18:53:59.0125 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

2010/11/25 18:53:59.0312 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

2010/11/25 18:53:59.0390 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2010/11/25 18:53:59.0562 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2010/11/25 18:53:59.0624 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/11/25 18:53:59.0796 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

2010/11/25 18:53:59.0905 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2010/11/25 18:54:00.0014 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2010/11/25 18:54:00.0154 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2010/11/25 18:54:00.0326 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/11/25 18:54:00.0420 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2010/11/25 18:54:00.0529 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2010/11/25 18:54:00.0622 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys

2010/11/25 18:54:00.0747 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2010/11/25 18:54:00.0825 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

2010/11/25 18:54:00.0966 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys

2010/11/25 18:54:01.0090 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

2010/11/25 18:54:01.0215 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

2010/11/25 18:54:01.0340 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2010/11/25 18:54:01.0480 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/11/25 18:54:01.0605 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2010/11/25 18:54:01.0808 igfx (1b954f2bcb244596da704dc8c7729930) C:\Windows\system32\DRIVERS\igdkmd32.sys

2010/11/25 18:54:01.0948 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2010/11/25 18:54:02.0182 IntcAzAudAddService (7bd4e0428776d11c8e8e26f9f5508690) C:\Windows\system32\drivers\RTKVHDA.sys

2010/11/25 18:54:02.0307 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

2010/11/25 18:54:02.0432 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2010/11/25 18:54:02.0572 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/11/25 18:54:02.0713 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2010/11/25 18:54:02.0822 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2010/11/25 18:54:02.0916 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2010/11/25 18:54:03.0072 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

2010/11/25 18:54:03.0196 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/11/25 18:54:03.0306 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2010/11/25 18:54:03.0399 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2010/11/25 18:54:03.0524 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/11/25 18:54:03.0618 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys

2010/11/25 18:54:03.0696 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

2010/11/25 18:54:03.0836 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2010/11/25 18:54:03.0945 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2010/11/25 18:54:03.0976 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2010/11/25 18:54:04.0101 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2010/11/25 18:54:04.0195 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2010/11/25 18:54:04.0273 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

2010/11/25 18:54:04.0413 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2010/11/25 18:54:04.0522 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2010/11/25 18:54:04.0600 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2010/11/25 18:54:04.0694 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2010/11/25 18:54:04.0772 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\DRIVERS\mouhid.sys

2010/11/25 18:54:04.0834 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2010/11/25 18:54:04.0928 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2010/11/25 18:54:05.0053 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2010/11/25 18:54:05.0193 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2010/11/25 18:54:05.0302 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

2010/11/25 18:54:05.0396 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/11/25 18:54:05.0458 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/11/25 18:54:05.0552 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/11/25 18:54:05.0630 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys

2010/11/25 18:54:05.0724 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2010/11/25 18:54:05.0864 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2010/11/25 18:54:05.0958 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2010/11/25 18:54:06.0098 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2010/11/25 18:54:06.0160 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/11/25 18:54:06.0223 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2010/11/25 18:54:06.0348 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

2010/11/25 18:54:06.0410 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/11/25 18:54:06.0504 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2010/11/25 18:54:06.0613 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

2010/11/25 18:54:06.0738 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

2010/11/25 18:54:06.0894 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

2010/11/25 18:54:06.0987 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/11/25 18:54:07.0065 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/11/25 18:54:07.0143 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/11/25 18:54:07.0237 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2010/11/25 18:54:07.0346 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2010/11/25 18:54:07.0471 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

2010/11/25 18:54:07.0705 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys

2010/11/25 18:54:07.0892 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2010/11/25 18:54:07.0986 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

2010/11/25 18:54:08.0048 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2010/11/25 18:54:08.0220 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

2010/11/25 18:54:08.0313 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2010/11/25 18:54:08.0422 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2010/11/25 18:54:08.0469 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

2010/11/25 18:54:08.0563 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

2010/11/25 18:54:08.0672 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

2010/11/25 18:54:08.0859 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/11/25 18:54:09.0015 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2010/11/25 18:54:09.0109 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

2010/11/25 18:54:09.0140 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2010/11/25 18:54:09.0280 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

2010/11/25 18:54:09.0343 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys

2010/11/25 18:54:09.0483 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys

2010/11/25 18:54:09.0624 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2010/11/25 18:54:09.0811 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2010/11/25 18:54:09.0904 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2010/11/25 18:54:10.0060 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

2010/11/25 18:54:10.0138 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys

2010/11/25 18:54:10.0294 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2010/11/25 18:54:10.0372 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2010/11/25 18:54:10.0528 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2010/11/25 18:54:10.0591 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2010/11/25 18:54:10.0684 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/11/25 18:54:10.0809 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/11/25 18:54:10.0918 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

2010/11/25 18:54:11.0043 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

2010/11/25 18:54:11.0152 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/11/25 18:54:11.0293 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

2010/11/25 18:54:11.0371 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2010/11/25 18:54:11.0511 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

2010/11/25 18:54:11.0636 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2010/11/25 18:54:11.0761 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2010/11/25 18:54:11.0870 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2010/11/25 18:54:11.0917 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys

2010/11/25 18:54:12.0042 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2010/11/25 18:54:12.0135 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2010/11/25 18:54:12.0260 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys

2010/11/25 18:54:12.0338 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys

2010/11/25 18:54:12.0385 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys

2010/11/25 18:54:12.0510 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys

2010/11/25 18:54:12.0603 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

2010/11/25 18:54:12.0712 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

2010/11/25 18:54:12.0759 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2010/11/25 18:54:12.0868 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

2010/11/25 18:54:13.0009 SNC (db31d8989b3450569c29780e7fa98c48) C:\Windows\system32\Drivers\SonyNC.sys

2010/11/25 18:54:13.0102 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2010/11/25 18:54:13.0243 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys

2010/11/25 18:54:13.0321 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys

2010/11/25 18:54:13.0368 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys

2010/11/25 18:54:13.0508 ssfmonm (362f131c87633c6d021441b835c2cebc) C:\Windows\system32\DRIVERS\ssfmonm.sys

2010/11/25 18:54:13.0586 SSHRMD (d7e2f6c09300cb295edafcef84a53a5e) C:\Windows\system32\Drivers\SSHRMD.SYS

2010/11/25 18:54:13.0695 SSIDRV (de67dd27b8053e4d40a7bd979643bd1c) C:\Windows\system32\Drivers\SSIDRV.SYS

2010/11/25 18:54:13.0758 SSKBFD (8564bc9598be1705477b7fa61d657c2b) C:\Windows\system32\Drivers\sskbfd.sys

2010/11/25 18:54:13.0867 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2010/11/25 18:54:13.0976 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2010/11/25 18:54:14.0070 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2010/11/25 18:54:14.0101 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2010/11/25 18:54:14.0397 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys

2010/11/25 18:54:14.0522 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys

2010/11/25 18:54:14.0616 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

2010/11/25 18:54:14.0709 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2010/11/25 18:54:14.0787 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2010/11/25 18:54:14.0881 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

2010/11/25 18:54:14.0974 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

2010/11/25 18:54:15.0146 ti21sony (909cd987b54a8179c9aee874d754721a) C:\Windows\system32\drivers\ti21sony.sys

2010/11/25 18:54:15.0271 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/11/25 18:54:15.0380 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2010/11/25 18:54:15.0411 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

2010/11/25 18:54:15.0520 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

2010/11/25 18:54:15.0645 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

2010/11/25 18:54:15.0801 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

2010/11/25 18:54:15.0879 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2010/11/25 18:54:15.0926 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2010/11/25 18:54:16.0035 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2010/11/25 18:54:16.0129 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2010/11/25 18:54:16.0316 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys

2010/11/25 18:54:16.0410 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2010/11/25 18:54:16.0503 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

2010/11/25 18:54:16.0566 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

2010/11/25 18:54:16.0675 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2010/11/25 18:54:16.0737 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys

2010/11/25 18:54:16.0815 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/11/25 18:54:16.0924 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/11/25 18:54:17.0127 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/11/25 18:54:17.0190 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2010/11/25 18:54:17.0236 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

2010/11/25 18:54:17.0377 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2010/11/25 18:54:17.0424 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

2010/11/25 18:54:17.0470 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2010/11/25 18:54:17.0626 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

2010/11/25 18:54:17.0704 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

2010/11/25 18:54:17.0860 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2010/11/25 18:54:17.0923 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2010/11/25 18:54:18.0001 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2010/11/25 18:54:18.0016 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2010/11/25 18:54:18.0172 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2010/11/25 18:54:18.0282 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2010/11/25 18:54:18.0516 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys

2010/11/25 18:54:18.0578 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

2010/11/25 18:54:18.0781 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

2010/11/25 18:54:18.0890 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2010/11/25 18:54:19.0077 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/11/25 18:54:19.0140 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys

2010/11/25 18:54:19.0358 yukonwlh (2d07e65ed0023bb10b13a912b27dfb1a) C:\Windows\system32\DRIVERS\yk60x86.sys

2010/11/25 18:54:19.0420 ================================================================================

2010/11/25 18:54:19.0420 Scan finished

2010/11/25 18:54:19.0420

[LDTate]

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
• Double click on ComboFix.exe & follow the prompts.
  Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  Note: If you have SP3, use the SP2 package.
  If Vista or Windows 7, skip the Recovery Console part
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

[tcastel]

ran combofix. noticed in the log that it say Trend antiviruis is enabled. I uninstalled that software a week ago and cannot find it either in the program list or in the tolbar. machine boted a little slow but otherwise seems ok.

ComboFix 10-11-25.01 - Tony 11/25/2010 19:34:27.1.2 - x86

Microsoft

[LDTate]

I don't see Trend antiviruis listed anywhere in the scan either.

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\windows\system32\drivers\is3srv.sys [x]
c:\windows\system32\DRIVERS\szkg.sys [x]
c:\windows\system32\drivers\szkgfs.sys [x]
c:\users\Tony\AppData\Local\Temp\JHD.exe
c:\users\Tony\AppData\Local\Temp\OWUOYHFO.exe


Folder::
c:\program files\Ask.com

Driver::
is3srv
szkg5
szkgfs
JHD
OWUOYHFO

Registry::
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\"{00000000-6E41-4FD3-8538-502F5495E5FC}]
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\"{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser\"{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

[tcastel]

Here's the log file. Line 5 Trend shows up again. Wife is dragging me off to be will have to continue when your available next. Thank you for al you help.

ComboFix 10-11-25.01 - Tony 11/25/2010 20:43:36.2.2 - x86

Microsoft

[LDTate]

Good job

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

• Click START run
  
• Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

For Vista / Windows 7

• Click START Search
  
• Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

• The application window will appear
  
• Click the Re-enable button to re-enable your CD Emulation drivers
  
• Click Yes to continue
  
• A 'Finished!' message will appear
  
• Click OK
  
• DeFogger will now ask to reboot the machine - click OK
  

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good

• Make your Internet Explorer more secure - This can be done by following these simple instructions:
  1. From within Internet Explorer click on the Tools menu and then click on Options.
     
  2. Click once on the Security tab
     
  3. Click once on the Internet icon so it becomes highlighted.
     
  4. Click once on the Custom Level button.
     
  5. Change the Download signed ActiveX controls to Prompt
     
  6. Change the Download unsigned ActiveX controls to Disable
     
  7. Change the Initialize and script ActiveX controls not marked as safe to Disable
     
  8. Change the Installation of desktop items to Prompt
     
  9. Change the Launching programs and files in an IFRAME to Prompt
     
  10. Change the Navigate sub-frames across different domains to Prompt
      
  11. When all these settings have been made, click on the OK button.
      
  12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
      
  13. Next press the Apply button and then the OK to exit the Internet Properties page.
      

  [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

  (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

  Without a firewall your computer is succeptible to being hacked and taken over.

  I am very serious about this and see it happen almost every day with my clients.

  Simply using a Firewall in its default configuration can lower your risk greatly.

  [*] WOT , Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  Green to go

  Yellow for caution

  Red to stop

  WOT has an addon available for both Firefox and IE.

  [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

  This will ensure your computer has always the latest security updates available installed on your computer.

  If there are new updates to install, install them immediately, reboot your computer, and revisit the site

  until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.