Google redirecting

[tstevens]

Hi.

Sometimes when clicking on a google search result I am taken to a website that does not correspond to the link I clicked. An example would be:

http://uk.gomeo.co.uk...?a=1&keyword=bt

I found references to a gomeo redirect virus and I tried to remove but none of the applications detected an infection, including MalwareBytes.

So now I am following the instructions on the topic "I'm infected - What do I do now?"

Below is Malwarebytes log, DDS log, GMER ark log. I have attach.txt if you need it.

Thank you for your help.

MALWAREBYTES LOG

----------------

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7725

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19120

19/09/2011 11:11:03

mbam-log-2011-09-19 (11-11-03).txt

Scan type: Quick scan

Objects scanned: 195035

Time elapsed: 4 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS.TXT

-------

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 1.6.0_15

Run by Michelle at 12:46:13 on 2011-09-19

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2939.1702 [GMT 1:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Toshiba TEMPRO\TempoSVC.exe

C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe

C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

C:\Program Files\Toshiba\SmoothView\SmoothView.exe

C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\real\realplayer\Update\realsched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Users\Michelle\Desktop\Defogger.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.tesco.com/

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA

uInternet Settings,ProxyServer = http=127.0.0.1:58788

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [NDSTray.exe] NDSTray.exe

mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [Google EULA Launcher] c:\program files\google\google eula\GoogleEULALauncher.exe IE PA

mRun: [Toshiba TEMPO] c:\program files\toshiba tempro\Toshiba.Tempo.UI.TrayApplication.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [HDMICtrlMan] c:\program files\toshiba\hdmictrlman\HDMICtrlMan.exe

mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [DVDtoiPodConverter_upgrade] "c:\program files\e-zsoft\dvdtoipodconverter\DVDtoiPodConverter.exe" /upgrade

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4

IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{47B19B4B-E364-45C8-AFD2-D9A24F8DD69A} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{D32DD3D3-1C0F-450D-A50C-44EBD050AF70} : DhcpNameServer = 192.168.1.254

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\michelle\appdata\roaming\mozilla\firefox\profiles\4ny164nd.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

R2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\toshiba tempro\TempoSVC.exe [2008-4-24 99720]

R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-7-1 7168]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-8-4 112128]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-1-30 27632]

R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-10-6 13224]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-7-1 30192]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2009-5-7 86696]

S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2009-5-7 15016]

S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2009-5-7 114472]

S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2009-5-18 108200]

S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2009-5-18 26024]

S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2009-5-18 104616]

S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2009-5-18 109736]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896]

.

=============== Created Last 30 ================

.

2011-09-16 15:53:44 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1f42d059-9a24-485a-84de-8f18bcb7bfc4}\mpengine.dll

2011-09-16 10:04:54 -------- d-s---w- C:\myfileiswonder9056m

2011-09-16 09:53:34 -------- d-s---w- C:\myfileiswonder

2011-09-16 07:48:10 -------- d-sh--w- C:\$RECYCLE.BIN

2011-09-16 07:48:08 -------- d-----w- c:\users\michelle\appdata\local\temp

2011-09-16 07:33:24 98816 ----a-w- c:\windows\sed.exe

2011-09-16 07:33:24 518144 ----a-w- c:\windows\SWREG.exe

2011-09-16 07:33:24 256000 ----a-w- c:\windows\PEV.exe

2011-09-16 07:33:24 208896 ----a-w- c:\windows\MBR.exe

2011-09-15 08:09:23 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2011-08-24 10:19:38 2048 ----a-w- c:\windows\system32\tzres.dll

.

==================== Find3M ====================

.

2011-08-31 16:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-23 11:04:29 916480 ----a-w- c:\windows\system32\wininet.dll

2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll

2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll

2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec

2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

.

============= FINISH: 12:47:06.41 ===============

ARK.TXT

-------

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-09-19 15:02:10

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LV01

Running: uctzg1tp.exe; Driver: C:\Users\Michelle\AppData\Local\Temp\kxtyqkow.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8AB4E480, 0x3C939, 0xE8000020]

.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8AB8F900, 0x3CA, 0x48000040]

? C:\Users\Michelle\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2332] ntdll.dll!LdrLoadDll 76F993A8 5 Bytes JMP 01281410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

.text C:\Program Files\real\realplayer\Update\realsched.exe[2420] kernel32.dll!SetUnhandledExceptionFilter 7563A8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

[Elise]

Hello and

Lets do also an additional rootkit scan.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• If TDSSKiller does not run, try renaming it.
  
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  
• Click the Start Scan button.
  
• Do not use the computer during the scan
  
• If the scan completes with nothing found, click Close to exit.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  
• Copy and paste the contents of that file in your next reply.

[tstevens]

Hi Elise

Thanks for helping me out :-)

I ran the tdsskiller.exe (without renaming) as Administrator and no infections were found. The log is below:

2011/09/20 11:21:02.0019 3280 TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10

2011/09/20 11:21:02.0050 3280 ================================================================================

2011/09/20 11:21:02.0050 3280 SystemInfo:

2011/09/20 11:21:02.0050 3280

2011/09/20 11:21:02.0050 3280 OS Version: 6.0.6002 ServicePack: 2.0

2011/09/20 11:21:02.0050 3280 Product type: Workstation

2011/09/20 11:21:02.0050 3280 ComputerName: MICHELLE-PC

2011/09/20 11:21:02.0050 3280 UserName: Michelle

2011/09/20 11:21:02.0050 3280 Windows directory: C:\Windows

2011/09/20 11:21:02.0050 3280 System windows directory: C:\Windows

2011/09/20 11:21:02.0050 3280 Processor architecture: Intel x86

2011/09/20 11:21:02.0050 3280 Number of processors: 2

2011/09/20 11:21:02.0050 3280 Page size: 0x1000

2011/09/20 11:21:02.0050 3280 Boot type: Normal boot

2011/09/20 11:21:02.0050 3280 ================================================================================

2011/09/20 11:21:03.0095 3280 Initialize success

2011/09/20 11:21:06.0574 2872 ================================================================================

2011/09/20 11:21:06.0574 2872 Scan started

2011/09/20 11:21:06.0574 2872 Mode: Manual;

2011/09/20 11:21:06.0574 2872 ================================================================================

2011/09/20 11:21:07.0447 2872 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys

2011/09/20 11:21:07.0525 2872 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

2011/09/20 11:21:07.0713 2872 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

2011/09/20 11:21:07.0775 2872 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

2011/09/20 11:21:07.0915 2872 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

2011/09/20 11:21:07.0962 2872 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

2011/09/20 11:21:08.0134 2872 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

2011/09/20 11:21:08.0321 2872 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys

2011/09/20 11:21:08.0461 2872 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

2011/09/20 11:21:08.0524 2872 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/09/20 11:21:08.0664 2872 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

2011/09/20 11:21:08.0711 2872 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

2011/09/20 11:21:08.0836 2872 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

2011/09/20 11:21:08.0976 2872 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

2011/09/20 11:21:09.0023 2872 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

2011/09/20 11:21:09.0179 2872 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

2011/09/20 11:21:09.0241 2872 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

2011/09/20 11:21:09.0366 2872 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/09/20 11:21:09.0429 2872 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

2011/09/20 11:21:09.0600 2872 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys

2011/09/20 11:21:09.0725 2872 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2011/09/20 11:21:09.0865 2872 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

2011/09/20 11:21:10.0021 2872 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

2011/09/20 11:21:10.0162 2872 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/09/20 11:21:10.0193 2872 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/09/20 11:21:10.0349 2872 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/09/20 11:21:10.0396 2872 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/09/20 11:21:10.0505 2872 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/09/20 11:21:10.0552 2872 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/09/20 11:21:10.0692 2872 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2011/09/20 11:21:10.0926 2872 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/09/20 11:21:11.0067 2872 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

2011/09/20 11:21:11.0129 2872 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

2011/09/20 11:21:11.0191 2872 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

2011/09/20 11:21:11.0379 2872 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/09/20 11:21:11.0425 2872 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

2011/09/20 11:21:11.0488 2872 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

2011/09/20 11:21:11.0628 2872 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

2011/09/20 11:21:11.0675 2872 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

2011/09/20 11:21:11.0862 2872 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

2011/09/20 11:21:12.0049 2872 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

2011/09/20 11:21:12.0237 2872 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

2011/09/20 11:21:12.0361 2872 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

2011/09/20 11:21:12.0393 2872 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

2011/09/20 11:21:12.0549 2872 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2011/09/20 11:21:12.0658 2872 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

2011/09/20 11:21:12.0783 2872 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/09/20 11:21:12.0939 2872 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

2011/09/20 11:21:13.0126 2872 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

2011/09/20 11:21:13.0282 2872 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

2011/09/20 11:21:13.0422 2872 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

2011/09/20 11:21:13.0563 2872 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

2011/09/20 11:21:13.0703 2872 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

2011/09/20 11:21:13.0781 2872 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2011/09/20 11:21:13.0890 2872 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2011/09/20 11:21:13.0937 2872 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/09/20 11:21:13.0999 2872 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

2011/09/20 11:21:14.0202 2872 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2011/09/20 11:21:14.0249 2872 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys

2011/09/20 11:21:14.0358 2872 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

2011/09/20 11:21:14.0452 2872 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/09/20 11:21:14.0592 2872 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys

2011/09/20 11:21:14.0623 2872 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys

2011/09/20 11:21:14.0826 2872 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2011/09/20 11:21:14.0920 2872 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/09/20 11:21:15.0045 2872 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2011/09/20 11:21:15.0091 2872 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2011/09/20 11:21:15.0232 2872 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

2011/09/20 11:21:15.0310 2872 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

2011/09/20 11:21:15.0497 2872 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

2011/09/20 11:21:15.0559 2872 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

2011/09/20 11:21:15.0731 2872 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/09/20 11:21:15.0809 2872 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys

2011/09/20 11:21:15.0949 2872 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

2011/09/20 11:21:16.0183 2872 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/09/20 11:21:16.0339 2872 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/09/20 11:21:16.0495 2872 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys

2011/09/20 11:21:16.0714 2872 IntcHdmiAddService (45c0e97875f0c67b32b814749df24b30) C:\Windows\system32\drivers\IntcHdmi.sys

2011/09/20 11:21:16.0854 2872 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

2011/09/20 11:21:16.0917 2872 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2011/09/20 11:21:17.0088 2872 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/09/20 11:21:17.0197 2872 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

2011/09/20 11:21:17.0353 2872 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2011/09/20 11:21:17.0416 2872 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2011/09/20 11:21:17.0572 2872 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

2011/09/20 11:21:17.0650 2872 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/09/20 11:21:17.0775 2872 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/09/20 11:21:17.0821 2872 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/09/20 11:21:17.0946 2872 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/09/20 11:21:17.0993 2872 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys

2011/09/20 11:21:18.0149 2872 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

2011/09/20 11:21:18.0321 2872 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/09/20 11:21:18.0399 2872 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

2011/09/20 11:21:18.0461 2872 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

2011/09/20 11:21:18.0555 2872 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

2011/09/20 11:21:18.0617 2872 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2011/09/20 11:21:18.0789 2872 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

2011/09/20 11:21:18.0851 2872 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

2011/09/20 11:21:18.0991 2872 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2011/09/20 11:21:19.0023 2872 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2011/09/20 11:21:19.0085 2872 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2011/09/20 11:21:19.0163 2872 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2011/09/20 11:21:19.0225 2872 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2011/09/20 11:21:19.0288 2872 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

2011/09/20 11:21:19.0366 2872 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2011/09/20 11:21:19.0444 2872 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/09/20 11:21:19.0537 2872 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

2011/09/20 11:21:19.0615 2872 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/09/20 11:21:19.0693 2872 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/09/20 11:21:19.0787 2872 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/09/20 11:21:19.0912 2872 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys

2011/09/20 11:21:19.0990 2872 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

2011/09/20 11:21:20.0130 2872 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys

2011/09/20 11:21:20.0224 2872 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2011/09/20 11:21:20.0317 2872 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2011/09/20 11:21:20.0427 2872 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2011/09/20 11:21:20.0505 2872 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/09/20 11:21:20.0551 2872 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2011/09/20 11:21:20.0629 2872 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

2011/09/20 11:21:20.0723 2872 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/09/20 11:21:20.0785 2872 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2011/09/20 11:21:20.0879 2872 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

2011/09/20 11:21:21.0019 2872 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

2011/09/20 11:21:21.0113 2872 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

2011/09/20 11:21:21.0222 2872 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/09/20 11:21:21.0300 2872 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/09/20 11:21:21.0409 2872 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/09/20 11:21:21.0487 2872 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2011/09/20 11:21:21.0581 2872 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2011/09/20 11:21:21.0675 2872 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

2011/09/20 11:21:21.0955 2872 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys

2011/09/20 11:21:22.0143 2872 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/09/20 11:21:22.0189 2872 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

2011/09/20 11:21:22.0345 2872 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2011/09/20 11:21:22.0439 2872 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

2011/09/20 11:21:22.0595 2872 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/09/20 11:21:22.0642 2872 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2011/09/20 11:21:22.0689 2872 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

2011/09/20 11:21:22.0813 2872 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

2011/09/20 11:21:22.0860 2872 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

2011/09/20 11:21:23.0079 2872 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/09/20 11:21:23.0219 2872 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2011/09/20 11:21:23.0281 2872 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

2011/09/20 11:21:23.0375 2872 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2011/09/20 11:21:23.0453 2872 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

2011/09/20 11:21:23.0562 2872 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys

2011/09/20 11:21:23.0625 2872 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2011/09/20 11:21:23.0796 2872 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys

2011/09/20 11:21:23.0952 2872 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/09/20 11:21:24.0311 2872 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2011/09/20 11:21:24.0389 2872 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

2011/09/20 11:21:24.0545 2872 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

2011/09/20 11:21:24.0607 2872 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys

2011/09/20 11:21:24.0748 2872 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

2011/09/20 11:21:24.0888 2872 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/09/20 11:21:24.0935 2872 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2011/09/20 11:21:24.0982 2872 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2011/09/20 11:21:25.0107 2872 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/09/20 11:21:25.0169 2872 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/09/20 11:21:25.0231 2872 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

2011/09/20 11:21:25.0341 2872 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

2011/09/20 11:21:25.0403 2872 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/09/20 11:21:25.0543 2872 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

2011/09/20 11:21:25.0606 2872 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2011/09/20 11:21:25.0746 2872 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

2011/09/20 11:21:25.0887 2872 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys

2011/09/20 11:21:25.0918 2872 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys

2011/09/20 11:21:26.0121 2872 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys

2011/09/20 11:21:26.0230 2872 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys

2011/09/20 11:21:26.0277 2872 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys

2011/09/20 11:21:26.0433 2872 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2011/09/20 11:21:26.0573 2872 RTL8169 (17b1d7ce7af11fb24db1def9621c033b) C:\Windows\system32\DRIVERS\Rtlh86.sys

2011/09/20 11:21:26.0729 2872 s1018bus (a4925151f1372a45dd491da2a43c27b8) C:\Windows\system32\DRIVERS\s1018bus.sys

2011/09/20 11:21:26.0791 2872 s1018mdfl (dd17284beb4301aabc6181fd2c78907f) C:\Windows\system32\DRIVERS\s1018mdfl.sys

2011/09/20 11:21:26.0932 2872 s1018mdm (aee74bfe0903c672c2968dfe22df09b8) C:\Windows\system32\DRIVERS\s1018mdm.sys

2011/09/20 11:21:27.0088 2872 s1018mgmt (fe8f006bb157f1f1b6627c39b640f62d) C:\Windows\system32\DRIVERS\s1018mgmt.sys

2011/09/20 11:21:27.0119 2872 s1018nd5 (bc12a5da59d947fc564a72ef6021aaec) C:\Windows\system32\DRIVERS\s1018nd5.sys

2011/09/20 11:21:27.0244 2872 s1018obex (80f0597a1ceb93aaf5db779068dd702c) C:\Windows\system32\DRIVERS\s1018obex.sys

2011/09/20 11:21:27.0306 2872 s1018unic (2ba5f7a26fcb975574b0142b5052685e) C:\Windows\system32\DRIVERS\s1018unic.sys

2011/09/20 11:21:27.0369 2872 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/09/20 11:21:27.0540 2872 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

2011/09/20 11:21:27.0618 2872 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/09/20 11:21:27.0743 2872 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys

2011/09/20 11:21:27.0821 2872 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2011/09/20 11:21:27.0930 2872 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2011/09/20 11:21:27.0993 2872 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2011/09/20 11:21:28.0071 2872 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys

2011/09/20 11:21:28.0164 2872 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

2011/09/20 11:21:28.0242 2872 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys

2011/09/20 11:21:28.0305 2872 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/09/20 11:21:28.0445 2872 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

2011/09/20 11:21:28.0476 2872 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

2011/09/20 11:21:28.0523 2872 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

2011/09/20 11:21:28.0710 2872 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

2011/09/20 11:21:28.0788 2872 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2011/09/20 11:21:28.0944 2872 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

2011/09/20 11:21:29.0022 2872 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

2011/09/20 11:21:29.0100 2872 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

2011/09/20 11:21:29.0225 2872 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2011/09/20 11:21:29.0303 2872 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/09/20 11:21:29.0412 2872 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/09/20 11:21:29.0490 2872 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/09/20 11:21:29.0615 2872 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys

2011/09/20 11:21:29.0755 2872 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys

2011/09/20 11:21:29.0927 2872 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys

2011/09/20 11:21:30.0067 2872 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

2011/09/20 11:21:30.0130 2872 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys

2011/09/20 11:21:30.0255 2872 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2011/09/20 11:21:30.0301 2872 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2011/09/20 11:21:30.0426 2872 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

2011/09/20 11:21:30.0504 2872 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

2011/09/20 11:21:30.0754 2872 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys

2011/09/20 11:21:30.0816 2872 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys

2011/09/20 11:21:30.0972 2872 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/09/20 11:21:31.0019 2872 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2011/09/20 11:21:31.0128 2872 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

2011/09/20 11:21:31.0191 2872 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

2011/09/20 11:21:31.0300 2872 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

2011/09/20 11:21:31.0378 2872 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

2011/09/20 11:21:31.0549 2872 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

2011/09/20 11:21:31.0596 2872 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

2011/09/20 11:21:31.0674 2872 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/09/20 11:21:31.0752 2872 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/09/20 11:21:31.0799 2872 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2011/09/20 11:21:31.0971 2872 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys

2011/09/20 11:21:32.0049 2872 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

2011/09/20 11:21:32.0173 2872 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/09/20 11:21:32.0220 2872 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/09/20 11:21:32.0345 2872 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/09/20 11:21:32.0392 2872 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

2011/09/20 11:21:32.0517 2872 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2011/09/20 11:21:32.0563 2872 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

2011/09/20 11:21:32.0735 2872 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

2011/09/20 11:21:32.0797 2872 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/09/20 11:21:32.0844 2872 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/09/20 11:21:32.0985 2872 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

2011/09/20 11:21:33.0031 2872 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS

2011/09/20 11:21:33.0156 2872 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/09/20 11:21:33.0187 2872 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2011/09/20 11:21:33.0250 2872 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

2011/09/20 11:21:33.0297 2872 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

2011/09/20 11:21:33.0406 2872 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

2011/09/20 11:21:33.0468 2872 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2011/09/20 11:21:33.0593 2872 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

2011/09/20 11:21:33.0687 2872 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

2011/09/20 11:21:33.0796 2872 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

2011/09/20 11:21:33.0874 2872 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/09/20 11:21:33.0983 2872 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/09/20 11:21:34.0014 2872 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/09/20 11:21:34.0155 2872 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

2011/09/20 11:21:34.0217 2872 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2011/09/20 11:21:34.0591 2872 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys

2011/09/20 11:21:34.0794 2872 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

2011/09/20 11:21:34.0857 2872 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/09/20 11:21:34.0981 2872 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys

2011/09/20 11:21:35.0091 2872 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/09/20 11:21:35.0184 2872 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

2011/09/20 11:21:35.0231 2872 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR3

2011/09/20 11:21:35.0278 2872 Boot (0x1200) (c5edc25097dd7471aaeb67befff6fa12) \Device\Harddisk0\DR0\Partition0

2011/09/20 11:21:35.0309 2872 Boot (0x1200) (2a5a37562a7d8e39e0fb19cfe47623eb) \Device\Harddisk0\DR0\Partition1

2011/09/20 11:21:35.0356 2872 Boot (0x1200) (b2655dd0cf1ef9ba388537c7910e5707) \Device\Harddisk0\DR0\Partition2

2011/09/20 11:21:35.0387 2872 Boot (0x1200) (a5aab12db74681cba41bc14429ddeda2) \Device\Harddisk1\DR3\Partition0

2011/09/20 11:21:35.0403 2872 ================================================================================

2011/09/20 11:21:35.0403 2872 Scan finished

2011/09/20 11:21:35.0403 2872 ================================================================================

2011/09/20 11:21:35.0434 4688 Detected object count: 0

2011/09/20 11:21:35.0434 4688 Actual detected object count: 0

[Elise]

It looks like you also ran combofix. Please post me the log at c:\combofix.txt

[tstevens]

Hi Elise, ComboFix.txt below.

ComboFix 11-09-15.05 - Michelle 16/09/2011 8:35.1.2 - x86 NETWORK

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2939.2268 [GMT 1:00]

Running from: c:\users\Michelle\Desktop\ComboFix.exe

AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Michelle\AppData\Local\{86659DAF-8704-4985-867C-47E1C989AB87}

c:\users\Michelle\AppData\Local\{86659DAF-8704-4985-867C-47E1C989AB87}\chrome.manifest

c:\users\Michelle\AppData\Local\{86659DAF-8704-4985-867C-47E1C989AB87}\chrome\content\_cfg.js

c:\users\Michelle\AppData\Local\{86659DAF-8704-4985-867C-47E1C989AB87}\chrome\content\overlay.xul

c:\users\Michelle\AppData\Local\{86659DAF-8704-4985-867C-47E1C989AB87}\install.rdf

c:\users\Michelle\AppData\Roaming\7B36.FEE

c:\users\Michelle\AppData\Roaming\EurekaLog

c:\users\Michelle\AppData\Roaming\inst.exe

c:\users\Michelle\AppData\Roaming\Microsoft\Windows\Recent\Pavillion Cash book.xls

c:\windows\system32\comct332.ocx

c:\windows\system32\no

c:\windows\system32\no\smartfacevcp.dll.mui

c:\windows\system32\no\toscdspd.cpl.mui

c:\windows\system32\S14DBC32.dll

c:\windows\system32\SV

c:\windows\system32\SV\smartfacevcp.dll.mui

c:\windows\system32\SV\toscdspd.cpl.mui

.

.

((((((((((((((((((((((((( Files Created from 2011-08-16 to 2011-09-16 )))))))))))))))))))))))))))))))

.

.

2011-09-16 07:44 . 2011-09-16 07:45 -------- d-----w- c:\users\Michelle\AppData\Local\temp

2011-09-16 07:44 . 2011-09-16 07:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-16 07:44 . 2011-09-16 07:44 -------- d-----w- c:\users\Guest\AppData\Local\temp

2011-09-13 12:38 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8B21D33-A53B-4969-AE48-A921EAD27848}\mpengine.dll

2011-08-24 10:19 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-31 16:00 . 2009-06-18 13:14 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-23 11:04 . 2011-08-14 18:40 916480 ----a-w- c:\windows\system32\wininet.dll

2011-07-23 11:00 . 2011-08-14 18:40 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-07-23 10:59 . 2011-08-14 18:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-07-23 10:59 . 2011-08-14 18:40 71680 ----a-w- c:\windows\system32\iesetup.dll

2011-07-23 10:59 . 2011-08-14 18:40 109056 ----a-w- c:\windows\system32\iesysprep.dll

2011-07-23 10:03 . 2011-08-14 18:40 385024 ----a-w- c:\windows\system32\html.iec

2011-07-23 09:27 . 2011-08-14 18:40 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2011-07-23 09:25 . 2011-08-14 18:40 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-08 14:41 . 2011-07-08 14:41 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-07-06 15:31 . 2011-08-14 18:40 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-20 08:54 . 2011-08-14 18:40 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-06-20 08:54 . 2011-08-14 18:40 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-09-07 20:46 . 2011-03-28 14:13 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-07-30 19:09 . 2009-11-16 19:44 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-01 68856]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]

"NDSTray.exe"="NDSTray.exe" [bU]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-30 30192]

"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]

"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]

"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"DVDtoiPodConverter_upgrade"="c:\program files\E-Zsoft\DVDtoiPodConverter\DVDtoiPodConverter.exe" [2009-12-29 924672]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-27 273544]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]

R2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]

R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-10-06 13224]

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-30 30192]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-20 112128]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2008-11-04 86696]

R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2008-11-04 15016]

R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2008-11-04 114472]

R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2008-11-04 108200]

R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2008-11-04 26024]

R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2008-11-04 104616]

R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2008-11-04 109736]

R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-24 73728]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]

S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]

S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 14478052

*NewlyCreated* - ECACHE

*Deregistered* - 14478052

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.tesco.com/

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA

uInternet Settings,ProxyServer = http=127.0.0.1:58788

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\4ny164nd.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

HKLM-Run-ITSecMng - c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe

HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe

AddRemove-HDMI - c:\windows\system32\igxpun.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-16 08:45

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????33F????P???x????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2011-09-16 08:48:07

ComboFix-quarantined-files.txt 2011-09-16 07:47

.

Pre-Run: 27,149,287,424 bytes free

Post-Run: 29,732,659,200 bytes free

.

- - End Of File - - F46566E4E07B9F1FFBB5B928A8B7C781

[Elise]

Hello again, please let me know how the problems are after the following fix.

CF-SCRIPT

-------------

We need to execute a CF-script.

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:58788

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[tstevens]

Hi Elise

Thank you.

The new ComboFix log is below.

I do now have some funny messages coming up. For example when I tried to open the ComboFix.txt file in Notepad by double-clicking on it I received the message:

C:\ComboFix.txt

Illegal operation attempted on a registry key that has been marked for deletion.

Tim

ComboFix 11-09-15.05 - Michelle 20/09/2011 14:56:42.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2939.1342 [GMT 1:00]

Running from: c:\users\Michelle\Desktop\ComboFix.exe

Command switches used :: c:\users\Michelle\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-08-20 to 2011-09-20 )))))))))))))))))))))))))))))))

.

.

2011-09-20 14:07 . 2011-09-20 14:07 -------- d-----w- c:\users\Michelle\AppData\Local\temp

2011-09-20 14:07 . 2011-09-20 14:07 -------- d-----w- c:\users\Guest\AppData\Local\temp

2011-09-20 14:07 . 2011-09-20 14:07 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-16 15:53 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F42D059-9A24-485A-84DE-8F18BCB7BFC4}\mpengine.dll

2011-09-16 09:53 . 2011-09-16 09:59 -------- d-----w- C:\myfileiswonder

2011-09-15 08:09 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-08-24 10:19 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-31 16:00 . 2009-06-18 13:14 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-23 11:04 . 2011-08-14 18:40 916480 ----a-w- c:\windows\system32\wininet.dll

2011-07-23 11:00 . 2011-08-14 18:40 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-07-23 10:59 . 2011-08-14 18:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-07-23 10:59 . 2011-08-14 18:40 71680 ----a-w- c:\windows\system32\iesetup.dll

2011-07-23 10:59 . 2011-08-14 18:40 109056 ----a-w- c:\windows\system32\iesysprep.dll

2011-07-23 10:03 . 2011-08-14 18:40 385024 ----a-w- c:\windows\system32\html.iec

2011-07-23 09:27 . 2011-08-14 18:40 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2011-07-23 09:25 . 2011-08-14 18:40 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-08 14:41 . 2011-07-08 14:41 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-07-06 15:31 . 2011-08-14 18:40 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-09-07 20:46 . 2011-03-28 14:13 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-07-30 19:09 . 2009-11-16 19:44 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-01 68856]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]

"NDSTray.exe"="NDSTray.exe" [bU]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-30 30192]

"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]

"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]

"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"DVDtoiPodConverter_upgrade"="c:\program files\E-Zsoft\DVDtoiPodConverter\DVDtoiPodConverter.exe" [2009-12-29 924672]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-27 273544]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-10-06 13224]

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-30 30192]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2008-11-04 86696]

R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2008-11-04 15016]

R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2008-11-04 114472]

R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2008-11-04 108200]

R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2008-11-04 26024]

R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2008-11-04 104616]

R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2008-11-04 109736]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]

S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]

S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]

S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-20 112128]

S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]

S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]

S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-24 73728]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 44000132

*NewlyCreated* - KXTYQKOW

*Deregistered* - 44000132

*Deregistered* - kxtyqkow

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.tesco.com/

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\4ny164nd.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-20 15:07

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????33F????P???x????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2011-09-20 15:10:32

ComboFix-quarantined-files.txt 2011-09-20 14:10

.

Pre-Run: 27,721,748,480 bytes free

Post-Run: 27,700,961,280 bytes free

.

- - End Of File - - 85B985885CC5809622BFE528A9C472E9

[Elise]

Restart your computer once and then see how things are running.

[tstevens]

Yay!

Thank you

It seems to be working.

Though it was intermittent so difficult to tell. Did something nasty appear in the logs?

Tim

[Elise]

Except for the proxy we fixed everything looked good.

Can you please rerun DDS and post me attach.txt?

[tstevens]

Great, thank you. Here is the attach.txt log from DDS.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 03/12/2008 15:21:36

System Uptime: 20/09/2011 16:55:49 (2 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: Intel® Core2 Duo CPU T5800 @ 2.00GHz | CPU | 800/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 149 GiB total, 26.851 GiB free.

D: is Removable

E: is FIXED (NTFS) - 148 GiB total, 142.635 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet 6500 E709a

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet 6500 E709a

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

RP634: 07/09/2011 09:47:07 - Windows Update

RP635: 08/09/2011 03:00:21 - Windows Update

RP636: 09/09/2011 20:07:41 - Windows Update

RP637: 12/09/2011 13:28:21 - Scheduled Checkpoint

RP638: 13/09/2011 13:37:53 - Windows Update

RP639: 16/09/2011 11:14:49 - Windows Update

RP640: 16/09/2011 16:53:20 - Windows Update

RP641: 19/09/2011 14:50:56 - Scheduled Checkpoint

RP642: 20/09/2011 15:58:11 - Windows Update

RP643: 20/09/2011 16:00:57 - Installed Java 6 Update 26

RP645: 20/09/2011 16:04:34 - Configured Accounts

RP646: 20/09/2011 16:45:43 - Removed Toshiba TEMPRO

RP647: 20/09/2011 16:47:39 - Removed HP Update.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

32 Bit HP CIO Components Installer

6500_E709_eDocs

6500_E709_Help

6500_E709a

Accounts

Activation Assistant for the 2007 Microsoft Office suites

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player ActiveX

Adobe Reader X (10.0.1)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bluetooth Stack for Windows by Toshiba

bpd_scan

BPDSoftware

BPDSoftware_Ini

BufferChm

CD/DVD Drive Acoustic Silencer

Communicate In Print 2.80.625

Compatibility Pack for the 2007 Office system

DocProc

DVD MovieFactory for TOSHIBA

Google Toolbar for Internet Explorer

HDMI Control Manager

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Officejet 6500 E709 Series

HPDiagnosticAlert

Intel® Matrix Storage Manager

iTunes

Java Auto Updater

Java 6 Update 26

Java 6 Update 6

Java 6 Update 7

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office Live Add-in 1.5

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Standard 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Microsoft XML Parser

Mozilla Firefox 6.0.2 (x86 en-GB)

MSVCSetup

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Network

OCR Software by I.R.I.S. 12.0

OGA Notifier 2.0.0048.0

OpenOffice.org 3.0

Picasa 3

PrimoPDF -- by Nitro PDF Software

ProductContext

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek 8169 8168 8101E 8102E Ethernet Driver

Realtek High Definition Audio Driver

RealUpgrade 1.1

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02

Runtime

Safari

Sage Instant Accounts v14

Scan

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553074)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft Office Excel 2007 (KB2553073)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Encoder (KB979332)

Sony MHS Camera Driver

Sony Picture Utility

Synaptics Pointing Device Driver

Toolbox

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Disc Creator

TOSHIBA DVD PLAYER

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Face Recognition

TOSHIBA Hardware Setup

TOSHIBA Manuals

Toshiba Online Product Information

TOSHIBA Recovery Disc Creator

TOSHIBA SD Memory Utilities

TOSHIBA Software Modem

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

TRDCReminder

TRORDCLauncher

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2583910)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (KB2553110)

WD Diagnostics

WebReg

Windows Live ID Sign-in Assistant

Windows Media Encoder 9 Series

.

==== Event Viewer Messages From Past Week ========

.

20/09/2011 16:57:50, Error: Service Control Manager [7000] - The TOSHIBA Bluetooth Service service failed to start due to the following error: The system cannot find the file specified.

20/09/2011 16:42:19, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

20/09/2011 15:07:18, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

19/09/2011 11:06:49, Error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.

16/09/2011 11:37:15, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

16/09/2011 11:37:15, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

16/09/2011 11:24:02, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

16/09/2011 10:53:25, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

16/09/2011 10:53:03, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

16/09/2011 10:53:02, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

16/09/2011 10:52:41, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6

16/09/2011 10:52:41, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

16/09/2011 10:52:41, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

16/09/2011 10:52:41, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.

16/09/2011 10:52:41, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

16/09/2011 10:52:41, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

16/09/2011 10:52:41, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

16/09/2011 10:52:41, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

16/09/2011 10:52:41, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.

16/09/2011 10:52:41, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

16/09/2011 10:52:41, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

16/09/2011 10:52:41, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

16/09/2011 10:52:41, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

16/09/2011 10:52:41, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

16/09/2011 10:52:41, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

16/09/2011 10:52:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

16/09/2011 10:52:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

16/09/2011 10:52:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

16/09/2011 10:52:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

16/09/2011 10:52:18, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

16/09/2011 08:33:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

16/09/2011 08:15:38, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McComponentHostService with arguments "" in order to run the server: {CC6F4D12-8575-4CFF-9455-CF5774AEB13B}

16/09/2011 08:09:46, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb spldr ssmdrv Wanarpv6

15/09/2011 22:36:07, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

15/09/2011 22:16:41, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr ssmdrv tdx Wanarpv6

.

==== End Of File ===========================

[Elise]

Hi again,

INSTALL ANTIVIRUS

---------------------------

I don't see an Anti Virus Program running on your machine

Download and install an antivirus program, and make sure that you keep it updated

New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

Three good antivirus programs free for non-commercial home use are Avast!, Antivir and Microsoft Security Essentials

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Please run a scan with the AV you installed and let me know if anything was detected.

[tstevens]

Hi Elise

I started to installed Avira Antivir and the setup said:

------------------------------------

Windows Defender is currently enabled on your system. This can lead to compatibility problems. We therefore recommend that you turn off Windows Defender.

Note: To disable Windows Defender, open the program interface of Windows Defender. Click Tools | Options and disable the "Use real-time protection" and "Use Windows Defender" options.

------------------------------------

Should I do this as it recommends?

Thanks.

[Elise]

Yes, that is normal.

[tstevens]

Hi Elise

Avira installed, updated and full system scan.

2 detections found and 1 moved to quarantine. Log below.

Tim

Avira AntiVir Personal

Report file date: 20 September 2011 19:25

Scanning for 3400522 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows Vista

Windows version : (Service Pack 2) [6.0.6002]

Boot mode : Normally booted

Username : SYSTEM

Computer name : MICHELLE-PC

Version information:

BUILD.DAT : 10.2.0.700 35934 Bytes 21/07/2011 17:12:00

AVSCAN.EXE : 10.3.0.7 484008 Bytes 20/09/2011 18:21:59

AVSCAN.DLL : 10.0.5.0 47464 Bytes 20/09/2011 18:21:59

LUKE.DLL : 10.3.0.5 45416 Bytes 20/09/2011 18:22:00

LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49

AVSCPLR.DLL : 10.3.0.7 119656 Bytes 20/09/2011 18:22:00

AVREG.DLL : 10.3.0.9 88833 Bytes 20/09/2011 18:22:00

VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:05:36

VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 06:53:55

VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/2011 06:53:56

VBASE003.VDF : 7.11.5.225 1980416 Bytes 07/04/2011 10:30:38

VBASE004.VDF : 7.11.8.178 2354176 Bytes 31/05/2011 10:30:40

VBASE005.VDF : 7.11.10.251 1788416 Bytes 07/07/2011 10:30:41

VBASE006.VDF : 7.11.13.60 6411776 Bytes 16/08/2011 18:21:57

VBASE007.VDF : 7.11.13.61 2048 Bytes 16/08/2011 18:21:57

VBASE008.VDF : 7.11.13.62 2048 Bytes 16/08/2011 18:21:57

VBASE009.VDF : 7.11.13.63 2048 Bytes 16/08/2011 18:21:57

VBASE010.VDF : 7.11.13.64 2048 Bytes 16/08/2011 18:21:57

VBASE011.VDF : 7.11.13.65 2048 Bytes 16/08/2011 18:21:57

VBASE012.VDF : 7.11.13.66 2048 Bytes 16/08/2011 18:21:57

VBASE013.VDF : 7.11.13.95 166400 Bytes 17/08/2011 18:21:57

VBASE014.VDF : 7.11.13.125 209920 Bytes 18/08/2011 18:21:57

VBASE015.VDF : 7.11.13.157 184832 Bytes 22/08/2011 18:21:57

VBASE016.VDF : 7.11.13.201 128000 Bytes 24/08/2011 18:21:57

VBASE017.VDF : 7.11.13.234 160768 Bytes 25/08/2011 18:21:57

VBASE018.VDF : 7.11.14.16 141312 Bytes 30/08/2011 18:21:57

VBASE019.VDF : 7.11.14.48 133120 Bytes 31/08/2011 18:21:57

VBASE020.VDF : 7.11.14.78 156160 Bytes 02/09/2011 18:21:57

VBASE021.VDF : 7.11.14.109 126976 Bytes 06/09/2011 18:21:57

VBASE022.VDF : 7.11.14.137 131584 Bytes 08/09/2011 18:21:57

VBASE023.VDF : 7.11.14.166 196096 Bytes 12/09/2011 18:21:57

VBASE024.VDF : 7.11.14.193 184832 Bytes 14/09/2011 18:21:57

VBASE025.VDF : 7.11.14.215 125952 Bytes 16/09/2011 18:21:57

VBASE026.VDF : 7.11.14.239 231936 Bytes 20/09/2011 18:21:57

VBASE027.VDF : 7.11.14.240 2048 Bytes 20/09/2011 18:21:57

VBASE028.VDF : 7.11.14.241 2048 Bytes 20/09/2011 18:21:57

VBASE029.VDF : 7.11.14.242 2048 Bytes 20/09/2011 18:21:57

VBASE030.VDF : 7.11.14.243 2048 Bytes 20/09/2011 18:21:57

VBASE031.VDF : 7.11.14.250 64000 Bytes 20/09/2011 18:21:57

Engineversion : 8.2.6.64

AEVDF.DLL : 8.1.2.1 106868 Bytes 21/04/2011 06:53:28

AESCRIPT.DLL : 8.1.3.76 1626490 Bytes 20/09/2011 18:21:58

AESCN.DLL : 8.1.7.2 127349 Bytes 21/04/2011 06:53:27

AESBX.DLL : 8.2.1.34 323957 Bytes 20/07/2011 10:29:54

AERDL.DLL : 8.1.9.15 639348 Bytes 20/09/2011 18:21:58

AEPACK.DLL : 8.2.10.10 684407 Bytes 20/09/2011 18:21:58

AEOFFICE.DLL : 8.1.2.15 201083 Bytes 20/09/2011 18:21:58

AEHEUR.DLL : 8.1.2.169 3703160 Bytes 20/09/2011 18:21:58

AEHELP.DLL : 8.1.17.7 254327 Bytes 20/09/2011 18:21:58

AEGEN.DLL : 8.1.5.9 401780 Bytes 20/09/2011 18:21:58

AEEMU.DLL : 8.1.3.0 393589 Bytes 21/04/2011 06:53:14

AECORE.DLL : 8.1.23.0 196983 Bytes 20/09/2011 18:21:58

AEBB.DLL : 8.1.1.0 53618 Bytes 21/04/2011 06:53:14

AVWINLL.DLL : 10.0.0.0 19304 Bytes 21/04/2011 06:53:36

AVPREF.DLL : 10.0.3.2 44904 Bytes 20/09/2011 18:21:59

AVREP.DLL : 10.0.0.10 174120 Bytes 20/09/2011 18:22:00

AVARKT.DLL : 10.0.26.1 255336 Bytes 20/09/2011 18:21:58

AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 20/09/2011 18:21:59

SQLITE3.DLL : 3.6.19.0 355688 Bytes 20/07/2011 15:40:24

AVSMTP.DLL : 10.0.0.17 63848 Bytes 21/04/2011 06:53:36

NETNT.DLL : 10.0.0.0 11624 Bytes 21/04/2011 06:53:46

RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 20/09/2011 18:21:56

RCTEXT.DLL : 10.0.64.0 97640 Bytes 20/09/2011 18:21:56

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\program files\avira\antivir desktop\sysscan.avp

Logging.............................: Default

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, E:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: Advanced

Start of the scan: 20 September 2011 19:25

Starting search for hidden objects.

The scan of running processes will be started

Scan process 'svchost.exe' - '30' Module(s) have been scanned

Scan process 'vssvc.exe' - '49' Module(s) have been scanned

Scan process 'avscan.exe' - '81' Module(s) have been scanned

Scan process 'avscan.exe' - '29' Module(s) have been scanned

Scan process 'avcenter.exe' - '65' Module(s) have been scanned

Scan process 'avgnt.exe' - '62' Module(s) have been scanned

Scan process 'avshadow.exe' - '33' Module(s) have been scanned

Scan process 'avguard.exe' - '64' Module(s) have been scanned

Scan process 'sched.exe' - '56' Module(s) have been scanned

Scan process 'taskeng.exe' - '35' Module(s) have been scanned

Scan process 'SynTPHelper.exe' - '14' Module(s) have been scanned

Scan process 'HCMSoundChanger.exe' - '43' Module(s) have been scanned

Scan process 'igfxext.exe' - '19' Module(s) have been scanned

Scan process 'iPodService.exe' - '30' Module(s) have been scanned

Scan process 'CFSwMgr.exe' - '72' Module(s) have been scanned

Scan process 'ehmsas.exe' - '19' Module(s) have been scanned

Scan process 'wmpnetwk.exe' - '68' Module(s) have been scanned

Scan process 'igfxsrvc.exe' - '25' Module(s) have been scanned

Scan process 'wmpnscfg.exe' - '29' Module(s) have been scanned

Scan process 'ISUSPM.exe' - '24' Module(s) have been scanned

Scan process 'ehtray.exe' - '27' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '59' Module(s) have been scanned

Scan process 'TOSCDSPD.exe' - '17' Module(s) have been scanned

Scan process 'realsched.exe' - '37' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '75' Module(s) have been scanned

Scan process 'hpwuschd2.exe' - '16' Module(s) have been scanned

Scan process 'jusched.exe' - '22' Module(s) have been scanned

Scan process 'TCrdMain.exe' - '64' Module(s) have been scanned

Scan process 'SmoothView.exe' - '17' Module(s) have been scanned

Scan process 'TPwrMain.exe' - '37' Module(s) have been scanned

Scan process 'HDMICtrlMan.exe' - '38' Module(s) have been scanned

Scan process 'RtHDVCpl.exe' - '52' Module(s) have been scanned

Scan process 'igfxpers.exe' - '23' Module(s) have been scanned

Scan process 'hkcmd.exe' - '23' Module(s) have been scanned

Scan process 'NDSTray.exe' - '93' Module(s) have been scanned

Scan process 'SynTPEnh.exe' - '35' Module(s) have been scanned

Scan process 'Explorer.EXE' - '145' Module(s) have been scanned

Scan process 'Dwm.exe' - '32' Module(s) have been scanned

Scan process 'taskeng.exe' - '82' Module(s) have been scanned

Scan process 'svchost.exe' - '38' Module(s) have been scanned

Scan process 'svchost.exe' - '21' Module(s) have been scanned

Scan process 'WLIDSvcM.exe' - '16' Module(s) have been scanned

Scan process 'taskeng.exe' - '49' Module(s) have been scanned

Scan process 'SmartFaceVWatchSrv.exe' - '33' Module(s) have been scanned

Scan process 'SearchIndexer.exe' - '60' Module(s) have been scanned

Scan process 'WLIDSVC.EXE' - '52' Module(s) have been scanned

Scan process 'svchost.exe' - '9' Module(s) have been scanned

Scan process 'ULCDRSvr.exe' - '5' Module(s) have been scanned

Scan process 'TosIPCSrv.exe' - '18' Module(s) have been scanned

Scan process 'TosCoSrv.exe' - '26' Module(s) have been scanned

Scan process 'TODDSrv.exe' - '23' Module(s) have been scanned

Scan process 'TNaviSrv.exe' - '19' Module(s) have been scanned

Scan process 'svchost.exe' - '44' Module(s) have been scanned

Scan process 'svchost.exe' - '42' Module(s) have been scanned

Scan process 'svchost.exe' - '22' Module(s) have been scanned

Scan process 'svchost.exe' - '22' Module(s) have been scanned

Scan process 'CFSvcs.exe' - '71' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '49' Module(s) have been scanned

Scan process 'agrsmsvc.exe' - '16' Module(s) have been scanned

Scan process 'svchost.exe' - '57' Module(s) have been scanned

Scan process 'spoolsv.exe' - '100' Module(s) have been scanned

Scan process 'svchost.exe' - '94' Module(s) have been scanned

Scan process 'svchost.exe' - '87' Module(s) have been scanned

Scan process 'SLsvc.exe' - '23' Module(s) have been scanned

Scan process 'svchost.exe' - '37' Module(s) have been scanned

Scan process 'svchost.exe' - '152' Module(s) have been scanned

Scan process 'svchost.exe' - '122' Module(s) have been scanned

Scan process 'svchost.exe' - '69' Module(s) have been scanned

Scan process 'svchost.exe' - '37' Module(s) have been scanned

Scan process 'PresentationFontCache.exe' - '30' Module(s) have been scanned

Scan process 'svchost.exe' - '42' Module(s) have been scanned

Scan process 'winlogon.exe' - '36' Module(s) have been scanned

Scan process 'lsm.exe' - '22' Module(s) have been scanned

Scan process 'lsass.exe' - '60' Module(s) have been scanned

Scan process 'services.exe' - '33' Module(s) have been scanned

Scan process 'csrss.exe' - '14' Module(s) have been scanned

Scan process 'wininit.exe' - '26' Module(s) have been scanned

Scan process 'csrss.exe' - '14' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'E:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '1279' files ).

Starting the file scan:

Begin scan in 'C:\' <Vista>

C:\Users\Michelle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\3fdad10e-397992ad

[0] Archive type: ZIP

--> buildService/BuildClass.class

[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.AG exploit

--> buildService/VirtualTable.class

[DETECTION] Contains recognition pattern of the EXP/2010-0840.AN exploit

Begin scan in 'E:\' <Data>

Beginning disinfection:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA

C:\Users\Michelle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\3fdad10e-397992ad

[DETECTION] Contains recognition pattern of the EXP/2010-0840.AN exploit

[NOTE] The file was moved to the quarantine directory under the name '48d856cb.qua'.

End of the scan: 20 September 2011 21:23

Used time: 1:57:00 Hour(s)

The scan has been done completely.

30558 Scanned directories

610469 Files were scanned

2 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

1 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

610467 Files not concerned

3374 Archives were scanned

0 Warnings

1 Notes

672707 Objects were scanned with rootkit scan

0 Hidden objects were found

[Elise]

No worries, just a few java cache objects.

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean

Please do the following to remove the remaining programs from your PC:

• Delete the tools used during the disinfection:
  • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    

Please read these advices, in order to prevent reinfecting your PC:

1. Install and update the following programs regularly:
   • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
     A comprehensive tutorial and a list of possible firewalls can be found here.
     
   • an AntiVirus Software
     It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
     
   • an Anti-Spyware program
     Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
     SUPERAntiSpyware is another good scanner with high detection and removal rates.
     Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
     
   • Spyware Blaster
     A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
     

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

• Miekies' prevention suggestions
  
• So How did I get infected?
  
• Microsoft - 'Security at home'
  
• Calendar of Updates: See which updates have been released.
  
• How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail :wink:
  
• Commonly Used Freeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.
  
• osalt: Find (free) open source alternatives to known commercial software.

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

[tstevens]

Hi Elise

Thank you so much for your time :-)

I have read through all the topics above and made a few changes that will hopefully keep me better protected.

Thanks again.

Tim

[Elise]

You are most welcome Tim!

I will request this topic to be closed.

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.