Solved Virus blocking system restore and Redirecting Websites

[Resolved] Virus blocking system restore and Redirecting Websites

Ok, I have a virus or some sort of malware on my Toughbook. I have ran malwarebytes, and avg with no luck. Anytime i use search engines, 75 percent of the time i get a redirect. My touch screen is not working properly, but that could be due to something else. Here is the log from DDS:


DDS (Ver_09-12-01.01) - NTFSx86
Run by nathaniel at 17:32:46.43 on Sun 01/24/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.161 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Panasonic\HPLSMAN\hplsman.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Panasonic\Disprot\IDRot.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Panasonic\HPLSMAN\hplskey.exe
C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\fpapli.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panasonic\DispRot\IDRot.exe
C:\Program Files\Panasonic\WRITING\Writing.exe
C:\Program Files\Panasonic\MEISKB\meiskb.exe
C:\WINDOWS\system32\Tprbtn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\nathaniel\Local Settings\Temporary Internet Files\Content.IE5\WT2YVZVM\dds[1].scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Winstr] C:\3611010322532273703.exe
uRun: [WinMedia] C:\3611010322532243109.exe
uRun: [Winstp] C:\3611010322532273703.exe
uRun: [Winsto] C:\3611010322532273703.exe
uRun: [Winstt] C:\3611010322532273703.exe
uRun: [Winsty] C:\3611010322532273703.exe
uRun: [Winstj] C:\3611010322532273703.exe
uRun: [Winstd] C:\3611010322532273703.exe
uRun: [Winstn] C:\3611010322532273703.exe
uRun: [Winsti] C:\3611010322532273703.exe
uRun: [Winsts] C:\3611010322532273703.exe
uRun: [Winstq] C:\3611010322532273703.exe
uRun: [Winstf] C:\3611010322532273703.exe
uRun: [Winstv] C:\3611010322532273703.exe
uRun: [Winstl] C:\3611010322532273703.exe
uRun: [Winstu] C:\3611010322532273703.exe
uRun: [Winstk] C:\3611010322532273703.exe
uRun: [Winsta] C:\3611010322532273703.exe
uRun: [Winstg] C:\3611010322532273703.exe
uRun: [Winstb] C:\3611010322532273703.exe
uRun: [Winstw] C:\3611010322532273703.exe
uRun: [Winsth] C:\3611010322532273703.exe
uRun: [Winstx] C:\3611010322532273703.exe
uRun: [Winste] C:\3611010322532273703.exe
uRun: [Winstz] C:\3611010322532273703.exe
uRun: [Winstm] C:\3611010322532273703.exe
uRun: [Winstc] C:\3611010322532273703.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Betw] "c:\windows\ecurit~1\regsvr32.exe" -vt yazb
uRun: [Osenew] c:\windows\system32\??crosoft.net\l?ass.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Hotkey] c:\windows\system32\hkeyman.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HPlsKey] c:\program files\panasonic\hplsman\hplskey.exe
mRun: [PRunOnce] c:\util\prunonce\PRunOnce.exe
mRun: [PCinfo] c:\program files\panasonic\pcinfo\SetDiag.exe /FirstLogin
mRun: [Panasonic HotKey Manager] "c:\program files\panasonic\hotkey appendix\HKEYAPP.EXE "
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [<NO NAME>]
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [gwiz] c:\windows\system32\ntsystem.exe
mRun: [Motive SmartBridge] c:\progra~1\verizon\smartb~1\MotiveSB.exe
mRun: [Itiva Media Accelerator] c:\program files\itiva\itiva media accelerator\ItivaMediaAccelerator.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [scroller] fpapli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\displa~1.lnk - c:\program files\panasonic\disprot\IDRot.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\panaso~1.lnk - c:\program files\panasonic\writing\Writing.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\softwa~1.lnk - c:\program files\panasonic\meiskb\meiskb.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: HPLSNTF - HPLSNtf.dll
Notify: igfxcui - igfxsrvc.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-19 64288]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-12-1 214664]
R2 brecal;Panasonic Battery Recalibration Driver;c:\program files\panasonic\brecal\Brecal.sys [2005-7-14 7168]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-1 206096]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-12-1 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-12-1 144704]
R2 pcinfo;Panasonic PC Info. Viewer Driver;c:\program files\panasonic\pcinfo\PCINFO.sys [2005-7-14 7168]
R2 SDKEY;Panasonic SD Misc. Function Driver;c:\program files\panasonic\sdkey\SDKEY.sys [2005-7-14 8192]
R3 FIDMOU;Fujitsu touchpad;c:\windows\system32\drivers\Fidmou.sys [2005-7-14 23463]
R3 HTKPLUS;Panasonic Hotkey PLUS Driver;c:\windows\system32\drivers\HTKPLUS.SYS [2005-7-14 8448]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-12-1 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-12-1 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-12-1 35272]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-12-1 34248]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-12-1 40552]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-1-19 38224]
S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [2004-10-26 31375]
S3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\drivers\rsmartc.sys [2005-7-14 69460]

=============== Created Last 30 ================

2010-01-24 23:02:47 28160 ----a-w- c:\windows\system32\tdlcmd.dll
2010-01-20 07:42:32 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-20 05:06:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-20 05:01:06 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-20 05:00:39 0 d-----w- c:\program files\Lavasoft
2010-01-20 02:20:12 0 d-----w- c:\docume~1\nathan~1\applic~1\Malwarebytes
2010-01-20 02:20:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 02:20:02 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-20 02:20:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-20 02:20:01 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 03:37:10 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-13 03:37:10 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-01-13 03:35:24 0 d-----w- c:\program files\iPod
2010-01-13 03:35:03 0 d-----w- c:\program files\iTunes
2010-01-13 03:35:03 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-13 03:33:38 0 d-----w- c:\program files\Bonjour
2010-01-13 03:29:53 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-01-13 03:29:53 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll

==================== Find3M ====================

2009-10-29 07:46:59 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46:50 17408 ----a-w- c:\windows\system32\corpol.dll
2008-08-27 21:56:17 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082720080828\index.dat

============= FINISH: 17:35:11.20 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/2/2006 7:26:38 AM
System Uptime: 1/24/2010 4:57:08 PM (1 hours ago)

Motherboard: Matsushita Electric Industrial Co.,Ltd. | | CF18-4
Processor: Intel(R) Pentium(R) M processor 1.20GHz | IC1 | 1197/400mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 28.905 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: MWL Filter Miniport
Device ID: ROOT\WSC_WSCNETDRFILTERMP\0000
Manufacturer: McAfee, Inc
Name: MWL Filter Miniport #6
PNP Device ID: ROOT\WSC_WSCNETDRFILTERMP\0000
Service: WscNetDr

==== System Restore Points ===================

RP477: 10/22/2009 11:36:53 AM - System Checkpoint
RP478: 10/23/2009 1:07:07 PM - System Checkpoint
RP479: 10/24/2009 3:38:58 PM - System Checkpoint
RP480: 10/25/2009 4:32:26 PM - System Checkpoint
RP481: 10/26/2009 4:50:31 PM - System Checkpoint
RP482: 10/27/2009 6:11:10 PM - System Checkpoint
RP483: 10/28/2009 6:28:57 PM - System Checkpoint
RP484: 10/29/2009 10:44:23 PM - System Checkpoint
RP485: 10/31/2009 9:42:48 PM - System Checkpoint
RP486: 11/2/2009 12:19:16 PM - System Checkpoint
RP487: 11/3/2009 1:16:13 PM - System Checkpoint
RP488: 11/4/2009 1:32:34 PM - System Checkpoint
RP489: 11/4/2009 2:58:21 PM - Software Distribution Service 3.0
RP490: 11/5/2009 12:09:41 PM - Installed Java(TM) 6 Update 17
RP491: 11/6/2009 2:46:35 PM - System Checkpoint
RP492: 11/7/2009 8:56:35 PM - System Checkpoint
RP493: 11/8/2009 9:58:06 PM - System Checkpoint
RP494: 11/10/2009 2:57:26 PM - System Checkpoint
RP495: 11/11/2009 4:12:38 PM - System Checkpoint
RP496: 11/12/2009 10:39:18 AM - Software Distribution Service 3.0
RP497: 11/13/2009 11:37:04 AM - System Checkpoint
RP498: 11/14/2009 2:05:05 PM - System Checkpoint
RP499: 11/15/2009 4:09:05 PM - System Checkpoint
RP500: 11/16/2009 4:09:59 PM - System Checkpoint
RP501: 11/17/2009 4:33:01 PM - System Checkpoint
RP502: 11/18/2009 5:58:03 PM - System Checkpoint
RP503: 11/20/2009 12:18:21 PM - System Checkpoint
RP504: 11/21/2009 1:04:23 PM - System Checkpoint
RP505: 11/23/2009 4:18:43 PM - System Checkpoint
RP506: 11/25/2009 7:32:45 PM - System Checkpoint
RP507: 11/26/2009 9:48:46 AM - Software Distribution Service 3.0
RP508: 11/27/2009 2:03:29 PM - System Checkpoint
RP509: 11/28/2009 3:33:09 PM - System Checkpoint
RP510: 11/29/2009 4:34:37 PM - System Checkpoint
RP511: 11/30/2009 4:42:50 PM - System Checkpoint
RP512: 12/1/2009 4:59:47 PM - System Checkpoint
RP513: 12/2/2009 5:19:45 PM - System Checkpoint
RP514: 12/3/2009 5:36:12 PM - System Checkpoint
RP515: 12/4/2009 6:15:57 PM - System Checkpoint
RP516: 12/5/2009 7:29:11 PM - Removed QUAD RegistryCleaner
RP517: 12/6/2009 8:43:31 PM - System Checkpoint
RP518: 12/9/2009 10:28:13 PM - Software Distribution Service 3.0
RP519: 12/11/2009 8:46:46 PM - System Checkpoint
RP520: 12/13/2009 1:39:25 PM - System Checkpoint
RP521: 12/14/2009 3:17:37 PM - System Checkpoint
RP522: 12/15/2009 3:30:57 PM - System Checkpoint
RP523: 12/16/2009 9:18:32 PM - System Checkpoint
RP524: 12/18/2009 4:31:44 PM - System Checkpoint
RP525: 12/19/2009 8:09:48 PM - System Checkpoint
RP526: 12/20/2009 8:13:45 PM - System Checkpoint
RP527: 12/21/2009 9:36:25 PM - System Checkpoint
RP528: 12/23/2009 4:16:13 PM - System Checkpoint
RP529: 12/25/2009 4:22:18 PM - System Checkpoint
RP530: 1/3/2010 1:23:43 PM - System Checkpoint
RP531: 1/4/2010 2:49:33 PM - System Checkpoint
RP532: 1/12/2010 9:34:53 PM - Installed iTunes
RP533: 1/13/2010 3:00:19 AM - Software Distribution Service 3.0
RP534: 1/14/2010 10:13:54 AM - System Checkpoint
RP535: 1/15/2010 12:01:10 PM - System Checkpoint
RP536: 1/16/2010 2:05:17 PM - System Checkpoint
RP537: 1/19/2010 7:51:33 PM - Restore Operation
RP538: 1/19/2010 10:50:58 PM - Restore Operation

==== Installed Programs ======================

Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Agere Systems AC'97 Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Battery Recalibration
Bonjour
CCleaner
Critical Update for Windows Media Player 11 (KB959772)
Display Rotation Tool
DivX Content Uploader
DMI Viewer
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Format SDK (KB910998)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HotKey Appendix
Hotkey Driver for Panasonic PC
Hotkey Plus Manager
Hotkey Settings
Icon Enlarger
Imation Disk Manager II Service
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
Itiva Media Accelerator
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 17
K-Lite Codec Pack
LimeWire 4.14.10
Loupe Utility
Malwarebytes' Anti-Malware
McAfee SecurityCenter
mCore
mDriver
mDrWiFi
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIWA
mIWCA
mLogView
mMHouse
Move Networks Media Player for Internet Explorer
Move Networks Player for Internet Explorer
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mXML
mZConfig
Panasonic Hand Writing 4
PC Information Viewer
Pocket Tanks Deluxe 1.00a
QuickTime
SD Utility
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Software Keyboard
touchpad/touchscreen
Unity Web Player
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Online DSL
Verizon Online Help and Support
VideoLAN VLC media player 0.8.2
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VoiceOver Kit
WAH System Verification
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10 Hotfix [See KB887626 for more information]
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Browser Services
Yahoo! BrowserPlus
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

1/24/2010 4:53:48 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the UStorage Server Service service to connect.
1/24/2010 4:53:48 PM, error: Service Control Manager [7000] - The UStorage Server Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/24/2010 4:52:19 PM, error: Dhcp [1002] - The IP address lease 10.1.0.149 for the Network Card with network address 0013CEEE313A has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).
1/20/2010 10:12:44 AM, error: Dhcp [1002] - The IP address lease 10.0.0.7 for the Network Card with network address 0013CEEE313A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
1/19/2010 10:04:08 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
1/18/2010 1:12:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee SiteAdvisor Service service to connect.
1/18/2010 1:12:29 PM, error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

 

This is on my wifes computer, and I just uninstalled all the p2p files that I could see. Thankyou again!

 

You are running DDS from a temporary folder, not from the desktop as requested in the download instructions. Please move it to the desktop.

===

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Download the update from here if you have problems.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Make sure that you restart the computer.

=========

Download HijackThis Executable from here. Save it to your desktop.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and then go to the format Tab and make sure that wordwrap is unchecked. Copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.

 

I moved to the program to the desktop, and here are the new results. I am about to perform the malwarebytes scan.

DDS (Ver_09-12-01.01) - NTFSx86
Run by nathaniel at 19:42:07.48 on Sun 01/24/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.372 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Panasonic\HPLSMAN\hplsman.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Panasonic\Disprot\IDRot.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Panasonic\HPLSMAN\hplskey.exe
C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\fpapli.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Panasonic\DispRot\IDRot.exe
C:\Program Files\Panasonic\WRITING\Writing.exe
C:\Program Files\Panasonic\MEISKB\meiskb.exe
C:\WINDOWS\system32\Tprbtn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\nathaniel\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Winstr] C:\3611010322532273703.exe
uRun: [WinMedia] C:\3611010322532243109.exe
uRun: [Winstp] C:\3611010322532273703.exe
uRun: [Winsto] C:\3611010322532273703.exe
uRun: [Winstt] C:\3611010322532273703.exe
uRun: [Winsty] C:\3611010322532273703.exe
uRun: [Winstj] C:\3611010322532273703.exe
uRun: [Winstd] C:\3611010322532273703.exe
uRun: [Winstn] C:\3611010322532273703.exe
uRun: [Winsti] C:\3611010322532273703.exe
uRun: [Winsts] C:\3611010322532273703.exe
uRun: [Winstq] C:\3611010322532273703.exe
uRun: [Winstf] C:\3611010322532273703.exe
uRun: [Winstv] C:\3611010322532273703.exe
uRun: [Winstl] C:\3611010322532273703.exe
uRun: [Winstu] C:\3611010322532273703.exe
uRun: [Winstk] C:\3611010322532273703.exe
uRun: [Winsta] C:\3611010322532273703.exe
uRun: [Winstg] C:\3611010322532273703.exe
uRun: [Winstb] C:\3611010322532273703.exe
uRun: [Winstw] C:\3611010322532273703.exe
uRun: [Winsth] C:\3611010322532273703.exe
uRun: [Winstx] C:\3611010322532273703.exe
uRun: [Winste] C:\3611010322532273703.exe
uRun: [Winstz] C:\3611010322532273703.exe
uRun: [Winstm] C:\3611010322532273703.exe
uRun: [Winstc] C:\3611010322532273703.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Betw] "c:\windows\ecurit~1\regsvr32.exe" -vt yazb
uRun: [Osenew] c:\windows\system32\??crosoft.net\l?ass.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Hotkey] c:\windows\system32\hkeyman.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HPlsKey] c:\program files\panasonic\hplsman\hplskey.exe
mRun: [PRunOnce] c:\util\prunonce\PRunOnce.exe
mRun: [PCinfo] c:\program files\panasonic\pcinfo\SetDiag.exe /FirstLogin
mRun: [Panasonic HotKey Manager] "c:\program files\panasonic\hotkey appendix\HKEYAPP.EXE "
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [<NO NAME>]
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [gwiz] c:\windows\system32\ntsystem.exe
mRun: [Motive SmartBridge] c:\progra~1\verizon\smartb~1\MotiveSB.exe
mRun: [Itiva Media Accelerator] c:\program files\itiva\itiva media accelerator\ItivaMediaAccelerator.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [scroller] fpapli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\displa~1.lnk - c:\program files\panasonic\disprot\IDRot.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\panaso~1.lnk - c:\program files\panasonic\writing\Writing.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\softwa~1.lnk - c:\program files\panasonic\meiskb\meiskb.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: HPLSNTF - HPLSNtf.dll
Notify: igfxcui - igfxsrvc.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-19 64288]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-12-1 214664]
R2 brecal;Panasonic Battery Recalibration Driver;c:\program files\panasonic\brecal\Brecal.sys [2005-7-14 7168]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-1 206096]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-12-1 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-12-1 144704]
R2 pcinfo;Panasonic PC Info. Viewer Driver;c:\program files\panasonic\pcinfo\PCINFO.sys [2005-7-14 7168]
R2 SDKEY;Panasonic SD Misc. Function Driver;c:\program files\panasonic\sdkey\SDKEY.sys [2005-7-14 8192]
R3 FIDMOU;Fujitsu touchpad;c:\windows\system32\drivers\Fidmou.sys [2005-7-14 23463]
R3 HTKPLUS;Panasonic Hotkey PLUS Driver;c:\windows\system32\drivers\HTKPLUS.SYS [2005-7-14 8448]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-12-1 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-12-1 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-12-1 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-12-1 40552]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-1-19 38224]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-12-1 34248]
S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [2004-10-26 31375]
S3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\drivers\rsmartc.sys [2005-7-14 69460]

=============== Created Last 30 ================

2010-01-25 01:26:36 0 d--h--w- c:\windows\system32\GroupPolicy
2010-01-20 07:42:32 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-20 05:06:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-20 05:01:06 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-20 05:00:39 0 d-----w- c:\program files\Lavasoft
2010-01-20 02:20:12 0 d-----w- c:\docume~1\nathan~1\applic~1\Malwarebytes
2010-01-20 02:20:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 02:20:02 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-20 02:20:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-20 02:20:01 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 03:37:10 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-13 03:37:10 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-01-13 03:35:24 0 d-----w- c:\program files\iPod
2010-01-13 03:35:03 0 d-----w- c:\program files\iTunes
2010-01-13 03:35:03 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-13 03:33:38 0 d-----w- c:\program files\Bonjour
2010-01-13 03:29:53 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-01-13 03:29:53 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll

==================== Find3M ====================

2009-10-29 07:46:59 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46:50 17408 ----a-w- c:\windows\system32\corpol.dll
2008-08-27 21:56:17 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082720080828\index.dat

============= FINISH: 19:45:01.89 ===============

 

Malwarebyes log: states no active infections, yet is doing the same thing still

Malwarebytes' Anti-Malware 1.44
Database version: 3631
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1/24/2010 8:49:34 PM
mbam-log-2010-01-24 (20-49-34).txt

Scan type: Full Scan (C:\|)
Objects scanned: 195977
Time elapsed: 59 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

About to run hijack this

 

HIJACK THIS LOG:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 8:58:02 PM, on 1/24/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panasonic\HPLSMAN\hplsman.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Panasonic\Disprot\IDRot.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Panasonic\HPLSMAN\hplskey.exe
C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\fpapli.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Panasonic\DispRot\IDRot.exe
C:\Program Files\Panasonic\WRITING\Writing.exe
C:\Program Files\Panasonic\MEISKB\meiskb.exe
C:\WINDOWS\system32\Tprbtn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = OIFNET29
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Hotkey] C:\WINDOWS\system32\hkeyman.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPlsKey] C:\Program Files\Panasonic\HPLSMAN\hplskey.exe
O4 - HKLM\..\Run: [PRunOnce] C:\util\prunonce\PRunOnce.exe
O4 - HKLM\..\Run: [PCinfo] C:\Program Files\Panasonic\PCINFO\SetDiag.exe /FirstLogin
O4 - HKLM\..\Run: [Panasonic HotKey Manager] "C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE "
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\system32\ntsystem.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Itiva Media Accelerator] C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [scroller] fpapli.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Winstr] C:\3611010322532273703.exe
O4 - HKCU\..\Run: [WinMedia] C:\3611010322532243109.exe
O4 - HKCU\..\Run: [Winstp] C:\3611010322532273703.exe
O4 - HKCU\..\Run: [Winsto] C:\3611010322532273703.exe
O4 - HKCU\..\Run: [Winstt] C:\3611010322532273703.exe
O4 - HKCU\..\Run: [Winsty] C:\3611010322532273703.exe
O4 - HKCU\..\Run: [Winstj] C:\3611010322532273703.exe
O4 - HKCU\..\Run: [Winstd] C:\3611010322532273703.exe
O4 - HKCU\..\Run: [Winstn] C:\3611010322532273703.exe
O4 - HKCU\..\Run: [Winsti] C:\3611010322532273703.exe
O4 - HKCU\..\Run: [Winsts] C:\3611010322532273703.exe
O4 - HKCU\..\Run: [Winstq] C:\3611010322532273703.exe
O4 - HKCU\..\Run: [Winstf] C:\3611010322532273703.exe
O4 - HKCU\..\Run: [Winstv] C:\3611010322532273703.exe
O4 - HKCU\..\Run: [Winstl] C:\3611010322532273703.exe
O4 - HKCU\..\Run: [Winstu] C:\3611010322532273703.exe
O4 - HKCU\..\Run: [Winstk] C:\3611010322532273703.exe
O4 - HKCU\..\Run: [Winsta] C:\3611010322532273703.exe
O4 - HKCU\..\Run: [Winstg] C:\3611010322532273703.exe
O4 - HKCU\..\Run: [Winstb] C:\3611010322532273703.exe
O4 - HKCU\..\Run: [Winstw] C:\3611010322532273703.exe
O4 - HKCU\..\Run: [Winsth] C:\3611010322532273703.exe
O4 - HKCU\..\Run: [Winstx] C:\3611010322532273703.exe
O4 - HKCU\..\Run: [Winste] C:\3611010322532273703.exe
O4 - HKCU\..\Run: [Winstz] C:\3611010322532273703.exe
O4 - HKCU\..\Run: [Winstm] C:\3611010322532273703.exe
O4 - HKCU\..\Run: [Winstc] C:\3611010322532273703.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Betw] "C:\WINDOWS\ECURIT~1\regsvr32.exe" -vt yazb
O4 - HKCU\..\Run: [Osenew] C:\WINDOWS\system32\??crosoft.NET\l?ass.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Display Rotation Tool.lnk = ?
O4 - Global Startup: Panasonic Hand Writing.lnk = ?
O4 - Global Startup: Software Keyboard.lnk = ?
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: HPLSNTF - HPLSNtf.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

--
End of file - 11755 bytes

 

Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

C:\3611010322532273703.exe
C:\3611010322532243109.exe
C:\3611010322532273703.exe
C:\3611010322532273703.exe
C:\3611010322532273703.exe
C:\3611010322532273703.exe
C:\3611010322532273703.exe
C:\3611010322532273703.exe
C:\3611010322532273703.exe
C:\3611010322532273703.exe
C:\3611010322532273703.exe
C:\3611010322532273703.exe
C:\3611010322532273703.exe
C:\3611010322532273703.exe
C:\3611010322532273703.exe
C:\3611010322532273703.exe
C:\3611010322532273703.exe
C:\3611010322532273703.exe
C:\3611010322532273703.exe
C:\3611010322532273703.exe
C:\3611010322532273703.exe
C:\3611010322532273703.exe
C:\3611010322532273703.exe
C:\3611010322532273703.exe
C:\3611010322532273703.exe
C:\3611010322532273703.exe
C:\3611010322532273703.exe

 

well, I can not find those files to upload. I typed in the same thing to upload, and it said the file did not exist. I also looked in the C: drive, and made sure that all files were visible, and still nothing. I have posted the HJK log twice now, and for some reason Im not seeing it post in the forum. Will try again in a sec, I dont want to flood you guys with the same post over and over.

 

Ah, sorry admins! I didnt see the message stating that the report will be posted after approval. Sorry for trying it so many times. Small monitor with **** resolution (Or I just cant see). Thanks again

 

No worries. I will get you to do an online scan to see if anything comes up.

Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with [color= "blue"]Kaspersky Online Scanner[/color]

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet [color= "#3333FF"]Explorer 7[/color] users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.

• Once the files are downloaded click on Next
• Click on Scan Settings and configure as follows:
  • Scan using the following Anti-Virus database:
    • [color= "#6666CC"]Extended[/color]
  • Scan Options:
    • [color= "#6666CC"]Scan Archives[/color]
    • [color= "#6666CC"]Scan Mail Bases[/color]
• Click OK and, under select a target to scan, select My Computer

When the scan is done, in the [color= "Navy"]Scan is completed [/color]window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the [color= "Navy"]Save as [/color]prompt, [color= "navy"]Save in[/color] area, select: Desktop
In the [color= "navy"]File name[/color] area, use KScan, or something similar
In [color= "navy"]Save as type[/color], click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the [color= "Navy"]Kaspersky Online Scanner Report [/color]in your reply.

 

I have now tried to run the online virus scanner for the fourth time, and no luck. I get to about 70,000files scanned, and IE closes by itself. So I guess this is a new symptom that I havent noticed before. Any clues on what I should try next?

 

Ok, I think I am getting close to testing out this toughbook! Haha Im about to throw it against the wall! I am now noticing that programs that I have installed in the last day, trying to delete this virus/malware are deleting themselves. Its almost like it is getting worse or something. Internet Explorer is closing for no reason, and when I try to do any online scan, it closes within seconds. I recieved a BSOD few minutes ago, and it restarted before I could get the message. I am almost to the point of doing a reinstall, but I cant find my XP cd, only my 7 and vista cd for other laptop. Oh yeah, no dvd/cd rom either! Err

 

See if it is possible to complete one of these scans;

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

• You will need to use Internet Explorer to complete this scan.
• You will need to temporarily Disable your current Anti-virus program.
• Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
• When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

​

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

• Kaspersky Online Scanner ​

• Panda Active Scan ​

• Trend Micro HouseCall ​

• F-Secure Online Virus Scanner ​

========

Try doing it in safe mode with networking.

 

Im currently scanning the infected pc with panda, its been close to a hour and im at 21%. Currently it has found 2 infected and 1 suspicious file. I tried to run in safemode first, and I am unable to boot in safe mode. It trys, then just restarts. So hopefully within the next couple hours I will have you a log. Thank you again for all the help!

 

OK, now I am really getting frustrated! haha Panda got to 80% and closed! I have tried all the scans you have asked me too, and they close before they complete! I have tried to boot in safe mode, and no luck! Now what! Haha Thankyou again for your patience with me, I was really wanting to take this laptop to work with me sometime this week, but I might break it before then! Haha

 

Download SafeBootKeyRepair.exe by sUBs and save it to your desktop.

Double-click SafeBootKeyRepair.exe to run it. Follow any prompts that may appear then post the log it produces.

See if you can boot to safe mode now.

 

How long does the program usually run for? I don't want to touch the computer until its done, but seems to just be sitting there doing nothing. Been running for about five minutes now.

 

Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell "= "cmd.exe "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@= "FSFilter System Recovery "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@= "Universal Serial Bus controllers "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@= "CD-ROM Drive "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@= "DiskDrive "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@= "Standard floppy disk controller "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@= "Hdc "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@= "Keyboard "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@= "Mouse "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@= "PCMCIA Adapters "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@= "SCSIAdapter "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@= "System "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@= "Floppy disk drive "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@= "Volume "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@= "Human Interface Devices "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\MpfService]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@= "FSFilter System Recovery "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@= "Universal Serial Bus controllers "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@= "CD-ROM Drive "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@= "DiskDrive "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@= "Standard floppy disk controller "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@= "Hdc "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@= "Keyboard "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@= "Mouse "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@= "Net "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@= "NetClient "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@= "NetService "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@= "NetTrans "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@= "PCMCIA Adapters "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@= "SCSIAdapter "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@= "System "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@= "Floppy disk drive "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@= "Volume "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@= "Human Interface Devices "

========================

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\Lavasoft Ad-Aware Service
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\mcmscsvc