Solved Pop up Re. Control Messages

broni · 2011/05/17

That looks good.

Now....

1. Update MBAM, run "Quick scan ", post new log.

2. Post new TDSSKiller log.

3. Post new Combofix log.

mindplayer45 · 2011/05/18

Hi Broni, MBAM Logs
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6606

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

18/05/2011 5:13:31 PM
mbam-log-2011-05-18 (17-13-31).txt

Scan type: Quick scan
Objects scanned: 159670
Time elapsed: 4 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot.

mindplayer45 · 2011/05/18

Now TDSSKILLER
2011/05/18 17:24:17.0629 0812 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/18 17:24:18.0674 0812 ================================================================================
2011/05/18 17:24:18.0674 0812 SystemInfo:
2011/05/18 17:24:18.0674 0812
2011/05/18 17:24:18.0674 0812 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/18 17:24:18.0674 0812 Product type: Workstation
2011/05/18 17:24:18.0674 0812 ComputerName: JBPARRAWEST-PC
2011/05/18 17:24:18.0674 0812 UserName: Joydy Miller
2011/05/18 17:24:18.0674 0812 Windows directory: C:\Windows
2011/05/18 17:24:18.0674 0812 System windows directory: C:\Windows
2011/05/18 17:24:18.0674 0812 Processor architecture: Intel x86
2011/05/18 17:24:18.0674 0812 Number of processors: 1
2011/05/18 17:24:18.0674 0812 Page size: 0x1000
2011/05/18 17:24:18.0674 0812 Boot type: Normal boot
2011/05/18 17:24:18.0674 0812 ================================================================================
2011/05/18 17:24:19.0205 0812 Initialize success
2011/05/18 17:24:24.0618 2720 ================================================================================
2011/05/18 17:24:24.0618 2720 Scan started
2011/05/18 17:24:24.0618 2720 Mode: Manual;
2011/05/18 17:24:24.0618 2720 ================================================================================
2011/05/18 17:24:24.0914 2720 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/18 17:24:25.0055 2720 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/18 17:24:25.0226 2720 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/18 17:24:25.0382 2720 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/18 17:24:25.0523 2720 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/18 17:24:25.0710 2720 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/18 17:24:26.0100 2720 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/05/18 17:24:26.0225 2720 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/18 17:24:26.0271 2720 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/18 17:24:26.0318 2720 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/18 17:24:26.0412 2720 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/18 17:24:26.0459 2720 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/18 17:24:26.0505 2720 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/18 17:24:26.0583 2720 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/18 17:24:26.0739 2720 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/18 17:24:26.0802 2720 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/18 17:24:26.0973 2720 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/18 17:24:27.0036 2720 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/18 17:24:27.0145 2720 athr (997e25f5b7d53c94c0ad2dc080f6868e) C:\Windows\system32\DRIVERS\athr.sys
2011/05/18 17:24:27.0348 2720 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/18 17:24:27.0488 2720 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/18 17:24:27.0551 2720 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/18 17:24:27.0675 2720 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/18 17:24:27.0707 2720 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/18 17:24:27.0831 2720 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/18 17:24:27.0909 2720 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/18 17:24:27.0941 2720 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/18 17:24:28.0050 2720 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/18 17:24:28.0097 2720 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/18 17:24:28.0346 2720 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/18 17:24:28.0409 2720 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/18 17:24:28.0533 2720 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/18 17:24:28.0580 2720 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/18 17:24:28.0721 2720 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/18 17:24:28.0767 2720 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/18 17:24:28.0814 2720 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/18 17:24:29.0001 2720 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/18 17:24:29.0048 2720 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/18 17:24:29.0189 2720 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/18 17:24:29.0360 2720 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/18 17:24:29.0485 2720 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/18 17:24:29.0579 2720 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/18 17:24:29.0688 2720 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/18 17:24:29.0766 2720 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/18 17:24:29.0969 2720 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/18 17:24:30.0031 2720 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/18 17:24:30.0171 2720 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/18 17:24:30.0234 2720 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/18 17:24:30.0359 2720 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/18 17:24:30.0421 2720 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/18 17:24:30.0515 2720 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/18 17:24:30.0561 2720 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/18 17:24:30.0655 2720 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/18 17:24:30.0795 2720 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/18 17:24:30.0873 2720 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
2011/05/18 17:24:31.0045 2720 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/18 17:24:31.0201 2720 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/18 17:24:31.0263 2720 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/18 17:24:31.0373 2720 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/18 17:24:31.0419 2720 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/18 17:24:31.0544 2720 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/18 17:24:31.0607 2720 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/18 17:24:31.0731 2720 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/05/18 17:24:31.0809 2720 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/05/18 17:24:31.0997 2720 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/05/18 17:24:32.0059 2720 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/18 17:24:32.0168 2720 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/18 17:24:32.0293 2720 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/18 17:24:32.0371 2720 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/18 17:24:32.0480 2720 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/18 17:24:32.0589 2720 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/18 17:24:32.0761 2720 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/18 17:24:33.0042 2720 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/18 17:24:33.0213 2720 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/18 17:24:33.0276 2720 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/18 17:24:33.0401 2720 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/18 17:24:33.0479 2720 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/18 17:24:33.0603 2720 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/18 17:24:33.0635 2720 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/18 17:24:33.0806 2720 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/18 17:24:33.0869 2720 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/18 17:24:34.0071 2720 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/18 17:24:34.0134 2720 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/18 17:24:34.0259 2720 jswpslwf (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
2011/05/18 17:24:34.0337 2720 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/18 17:24:34.0461 2720 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/05/18 17:24:34.0539 2720 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/18 17:24:34.0680 2720 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/18 17:24:34.0758 2720 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/18 17:24:34.0851 2720 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/18 17:24:34.0914 2720 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/18 17:24:34.0945 2720 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/18 17:24:35.0054 2720 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/05/18 17:24:35.0117 2720 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/18 17:24:35.0226 2720 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/18 17:24:35.0304 2720 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/18 17:24:35.0397 2720 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/18 17:24:35.0460 2720 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/18 17:24:35.0569 2720 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/18 17:24:35.0631 2720 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/18 17:24:35.0787 2720 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/05/18 17:24:35.0850 2720 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/18 17:24:35.0943 2720 MpKsl41cb0d9f (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2AEBCFA6-DCAF-4934-9583-1E642E7DEFBA}\MpKsl41cb0d9f.sys
2011/05/18 17:24:36.0068 2720 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/05/18 17:24:36.0115 2720 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/18 17:24:36.0255 2720 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/18 17:24:36.0318 2720 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/18 17:24:36.0443 2720 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/18 17:24:36.0505 2720 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/18 17:24:36.0630 2720 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/18 17:24:36.0723 2720 msahci (aa305cff241da187bd5077de4a2a043d) C:\Windows\system32\drivers\msahci.sys
2011/05/18 17:24:36.0833 2720 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/18 17:24:36.0911 2720 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/18 17:24:37.0004 2720 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/18 17:24:37.0160 2720 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/18 17:24:37.0301 2720 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/18 17:24:37.0332 2720 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/18 17:24:37.0410 2720 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/18 17:24:37.0550 2720 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/18 17:24:37.0628 2720 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/18 17:24:37.0737 2720 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/18 17:24:37.0815 2720 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/18 17:24:37.0940 2720 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/18 17:24:38.0049 2720 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/18 17:24:38.0112 2720 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/18 17:24:38.0268 2720 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/18 17:24:38.0330 2720 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/18 17:24:38.0455 2720 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/18 17:24:38.0517 2720 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/18 17:24:38.0673 2720 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/18 17:24:38.0736 2720 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/05/18 17:24:38.0861 2720 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/18 17:24:38.0923 2720 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/18 17:24:39.0095 2720 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/18 17:24:39.0251 2720 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/18 17:24:39.0297 2720 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/18 17:24:39.0344 2720 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/18 17:24:39.0438 2720 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/18 17:24:39.0500 2720 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/18 17:24:39.0687 2720 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/05/18 17:24:39.0843 2720 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/18 17:24:39.0906 2720 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/18 17:24:40.0031 2720 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/18 17:24:40.0124 2720 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/18 17:24:40.0218 2720 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/18 17:24:40.0343 2720 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/18 17:24:40.0483 2720 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/18 17:24:40.0686 2720 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/18 17:24:40.0733 2720 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/18 17:24:40.0873 2720 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/18 17:24:40.0967 2720 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/18 17:24:41.0169 2720 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/18 17:24:41.0232 2720 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/18 17:24:41.0325 2720 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/18 17:24:41.0403 2720 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/18 17:24:41.0513 2720 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/18 17:24:41.0575 2720 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/18 17:24:41.0637 2720 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/18 17:24:41.0731 2720 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/18 17:24:41.0793 2720 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/18 17:24:41.0918 2720 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/18 17:24:41.0981 2720 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/18 17:24:42.0152 2720 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/18 17:24:42.0230 2720 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/05/18 17:24:42.0355 2720 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
2011/05/18 17:24:42.0417 2720 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/18 17:24:42.0573 2720 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/18 17:24:42.0636 2720 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/18 17:24:42.0745 2720 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/18 17:24:42.0807 2720 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/18 17:24:42.0948 2720 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/18 17:24:43.0010 2720 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/18 17:24:43.0104 2720 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/18 17:24:43.0151 2720 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/18 17:24:43.0229 2720 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/18 17:24:43.0322 2720 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/18 17:24:43.0385 2720 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/18 17:24:43.0525 2720 SmartDefragDriver (cc48f88fe17bb8e5eb6fa1a8a9477006) C:\Windows\system32\Drivers\SmartDefragDriver.sys
2011/05/18 17:24:43.0603 2720 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/18 17:24:43.0712 2720 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/18 17:24:43.0821 2720 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/18 17:24:43.0915 2720 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/18 17:24:44.0009 2720 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/18 17:24:44.0165 2720 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/18 17:24:44.0274 2720 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/18 17:24:44.0367 2720 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/18 17:24:44.0430 2720 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/18 17:24:44.0555 2720 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/18 17:24:44.0726 2720 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/05/18 17:24:44.0882 2720 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/18 17:24:45.0023 2720 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/18 17:24:45.0101 2720 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/05/18 17:24:45.0257 2720 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/18 17:24:45.0319 2720 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/18 17:24:45.0381 2720 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/18 17:24:45.0475 2720 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/18 17:24:45.0678 2720 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
2011/05/18 17:24:45.0756 2720 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/18 17:24:45.0896 2720 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/18 17:24:45.0943 2720 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/18 17:24:46.0068 2720 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/05/18 17:24:46.0177 2720 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/18 17:24:46.0286 2720 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/18 17:24:46.0395 2720 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/18 17:24:46.0520 2720 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/18 17:24:46.0583 2720 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/18 17:24:46.0692 2720 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/18 17:24:46.0770 2720 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/18 17:24:46.0879 2720 usbccgp (3955375c83afbe4b110c5fb1231345af) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/18 17:24:46.0973 2720 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/18 17:24:47.0082 2720 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/18 17:24:47.0160 2720 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/18 17:24:47.0269 2720 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/18 17:24:47.0347 2720 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/18 17:24:47.0472 2720 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/18 17:24:47.0519 2720 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/18 17:24:47.0643 2720 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/18 17:24:47.0753 2720 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/18 17:24:47.0862 2720 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/18 17:24:47.0924 2720 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/18 17:24:48.0033 2720 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/18 17:24:48.0080 2720 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/18 17:24:48.0189 2720 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/18 17:24:48.0252 2720 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/18 17:24:48.0377 2720 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/18 17:24:48.0439 2720 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/18 17:24:48.0595 2720 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/18 17:24:48.0673 2720 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/18 17:24:48.0704 2720 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/18 17:24:48.0829 2720 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/18 17:24:48.0891 2720 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/18 17:24:49.0063 2720 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/05/18 17:24:49.0266 2720 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/18 17:24:49.0359 2720 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/18 17:24:49.0531 2720 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/18 17:24:49.0609 2720 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/05/18 17:24:49.0703 2720 ================================================================================
2011/05/18 17:24:49.0703 2720 Scan finished
2011/05/18 17:24:49.0703 2720 ================================================================================

mindplayer45 · 2011/05/18

Hi Broni, I have run the Combofix, but can't get the logs off the laptop. In fact I can't do anything with the laptop. Everytime I try to open anything I get a popup saying
"C:\ProgramFiles blah blah blah "
"Illegal operation attempted on a registry key that has been marked for deletion "
This comes up no matter what I try to open, even the USB drive I have been transferring stuff too. Uh Oh!!

mindplayer45 · 2011/05/18

Should I try in Safe Mode, I think it may be a "fool ya" because there is a little beep just before the pop up pops up.

mindplayer45 · 2011/05/18

Hi Broni, this is Combofix logs sent from safemode..
ComboFix 11-05-17.01 - Joydy Miller 18/05/2011 17:36:06.3.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.1915.1133 [GMT 10:00]
Running from: c:\users\Joydy Miller\Desktop\dmiller.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-18 to 2011-05-18 )))))))))))))))))))))))))))))))
.
.
2011-05-18 07:42 . 2011-05-18 07:42 -------- d-----w- c:\users\Joydy Miller\AppData\Local\temp
2011-05-18 07:42 . 2011-05-18 07:42 -------- d-----w- c:\users\jbparrawest\AppData\Local\temp
2011-05-18 07:42 . 2011-05-18 07:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-18 07:16 . 2011-05-18 07:16 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2AEBCFA6-DCAF-4934-9583-1E642E7DEFBA}\MpKsl41cb0d9f.sys
2011-05-17 17:42 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2AEBCFA6-DCAF-4934-9583-1E642E7DEFBA}\mpengine.dll
2011-05-15 02:26 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-05-15 02:26 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-05-15 02:26 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-05-15 02:26 . 2011-02-18 14:03 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-05-15 02:26 . 2011-02-18 14:03 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-05-15 02:26 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-05-15 02:26 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-05-15 02:26 . 2011-02-22 13:24 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-15 02:26 . 2011-02-22 13:24 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-15 02:26 . 2011-02-22 13:23 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-15 02:26 . 2011-02-22 13:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-05-14 23:01 . 2011-05-14 23:42 -------- d-----w- C:\dmiller
2011-05-14 05:54 . 2010-12-20 08:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-14 05:54 . 2011-05-14 05:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-14 05:54 . 2010-12-20 08:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-13 07:51 . 2007-03-09 01:35 365056 ----a-w- c:\program files\Mozilla Firefox\plugins\npupd62.dll
2011-05-13 07:51 . 2006-02-22 22:16 45056 ----a-w- c:\program files\Mozilla Firefox\plugins\upd62int.dll
2011-05-13 07:51 . 2006-02-22 22:16 34048 ----a-w- c:\program files\Mozilla Firefox\plugins\upd62i9x.dll
2011-05-12 10:50 . 2011-02-02 11:40 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-12 10:50 . 2011-02-02 11:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-12 10:50 . 2011-05-12 10:51 -------- d-----w- c:\programdata\IObit
2011-05-12 10:45 . 2011-05-12 10:45 -------- d-----w- c:\program files\Application Updater
2011-05-12 10:45 . 2011-05-12 10:45 -------- d-----w- c:\program files\IObit Toolbar
2011-05-12 10:45 . 2011-05-12 10:45 -------- d-----w- c:\program files\Common Files\Spigot
2011-05-12 10:44 . 2011-05-13 23:13 -------- d-----w- c:\users\Joydy Miller\AppData\Roaming\IObit
2011-05-12 10:44 . 2011-02-23 06:52 16184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-05-12 10:44 . 2011-02-23 06:52 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-04-23 11:36 . 2011-05-12 10:33 -------- d-----w- C:\32788R22FWJFW(0)
2011-04-22 12:31 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-20 10:55 . 2011-04-20 10:55 -------- d-----w- c:\programdata\WindowsSearch
2011-04-20 08:07 . 2011-05-16 07:13 -------- d-----w- c:\programdata\STOPzilla!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-07 09:11 . 2011-04-03 10:36 0 ----a-w- c:\users\Joydy Miller\AppData\Local\Eruwe.bin
2011-03-03 15:40 . 2011-05-15 02:25 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-05-15 02:25 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-05-15 02:25 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-05-15 02:25 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-23 00:55 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 00:55 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 00:55 797696 ----a-w- c:\windows\system32\FntCache.dll
2006-02-22 22:16 . 2011-05-13 07:51 34048 ----a-w- c:\program files\mozilla firefox\plugins\upd62i9x.dll
2006-02-22 22:16 . 2011-05-13 07:51 45056 ----a-w- c:\program files\mozilla firefox\plugins\upd62int.dll
2011-05-12 06:54 . 2011-04-16 07:34 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-08-06 12:05 . 2009-12-10 08:53 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD "= "c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"Malwarebytes' Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"RtHDVCpl "= "RtHDVCpl.exe" [2008-04-08 6037504]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-08-06 12:05 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 12:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2011-04-27 02:55 532320 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [x]
R0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [x]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-06 30192]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
S1 MpKsl41cb0d9f;MpKsl41cb0d9f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2AEBCFA6-DCAF-4934-9583-1E642E7DEFBA}\MpKsl41cb0d9f.sys [2011-05-18 28752]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-04-27 393112]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL41CB0D9F
*Deregistered* - klmd25
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHN&bmod=TSHN
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Joydy Miller\AppData\Roaming\Mozilla\Firefox\Profiles\d185yt4v.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-18 17:42
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????v??Miz????>???>???>? >?H
.
scanning hidden files ...
.
.
c:\users\JOYDYM~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2011-05-18 17:45:35
ComboFix-quarantined-files.txt 2011-05-18 07:45
ComboFix2.txt 2011-05-16 07:29
.
Pre-Run: 92,555,968,512 bytes free
Post-Run: 92,524,670,976 bytes free
.
- - End Of File - - C28DFF19541E6CC933663FEA6F3B494D

broni · 2011/05/18

"Illegal operation attempted on a registry key that has been marked for deletion "
Restart computer and it'll fix the issue.
If you read my Combofix instructions carefully, there is a note regarding the above situation.

mindplayer45 · 2011/05/18

Restarted to normal mode and am now running a new combofix

mindplayer45 · 2011/05/18

Here is the new combofix log from normal mode
ComboFix 11-05-17.01 - Joydy Miller 19/05/2011 9:50.4.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.1915.1138 [GMT 10:00]
Running from: c:\users\Joydy Miller\Desktop\dmiller.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-18 to 2011-05-18 )))))))))))))))))))))))))))))))
.
.
2011-05-18 23:58 . 2011-05-18 23:58 -------- d-----w- c:\users\Joydy Miller\AppData\Local\temp
2011-05-18 23:58 . 2011-05-18 23:58 -------- d-----w- c:\users\jbparrawest\AppData\Local\temp
2011-05-18 23:58 . 2011-05-18 23:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-18 23:45 . 2011-05-18 23:45 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53F36F2F-F9E3-42D3-88FD-5B846C4B3AA3}\MpKslf4f48579.sys
2011-05-18 07:48 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53F36F2F-F9E3-42D3-88FD-5B846C4B3AA3}\mpengine.dll
2011-05-15 02:26 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-05-15 02:26 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-05-15 02:26 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-05-15 02:26 . 2011-02-18 14:03 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-05-15 02:26 . 2011-02-18 14:03 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-05-15 02:26 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-05-15 02:26 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-05-15 02:26 . 2011-02-22 13:24 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-15 02:26 . 2011-02-22 13:24 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-15 02:26 . 2011-02-22 13:23 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-15 02:26 . 2011-02-22 13:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-05-14 23:01 . 2011-05-14 23:42 -------- d-----w- C:\dmiller
2011-05-14 05:54 . 2010-12-20 08:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-14 05:54 . 2011-05-14 05:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-14 05:54 . 2010-12-20 08:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-13 07:51 . 2007-03-09 01:35 365056 ----a-w- c:\program files\Mozilla Firefox\plugins\npupd62.dll
2011-05-13 07:51 . 2006-02-22 22:16 45056 ----a-w- c:\program files\Mozilla Firefox\plugins\upd62int.dll
2011-05-13 07:51 . 2006-02-22 22:16 34048 ----a-w- c:\program files\Mozilla Firefox\plugins\upd62i9x.dll
2011-05-12 10:50 . 2011-02-02 11:40 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-12 10:50 . 2011-02-02 11:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-12 10:50 . 2011-05-12 10:51 -------- d-----w- c:\programdata\IObit
2011-05-12 10:45 . 2011-05-12 10:45 -------- d-----w- c:\program files\Application Updater
2011-05-12 10:45 . 2011-05-12 10:45 -------- d-----w- c:\program files\IObit Toolbar
2011-05-12 10:45 . 2011-05-12 10:45 -------- d-----w- c:\program files\Common Files\Spigot
2011-05-12 10:44 . 2011-05-13 23:13 -------- d-----w- c:\users\Joydy Miller\AppData\Roaming\IObit
2011-05-12 10:44 . 2011-02-23 06:52 16184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-05-12 10:44 . 2011-02-23 06:52 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-04-23 11:36 . 2011-05-12 10:33 -------- d-----w- C:\32788R22FWJFW(0)
2011-04-22 12:31 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-20 10:55 . 2011-04-20 10:55 -------- d-----w- c:\programdata\WindowsSearch
2011-04-20 08:07 . 2011-05-16 07:13 -------- d-----w- c:\programdata\STOPzilla!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-07 09:11 . 2011-04-03 10:36 0 ----a-w- c:\users\Joydy Miller\AppData\Local\Eruwe.bin
2011-03-03 15:40 . 2011-05-15 02:25 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-05-15 02:25 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-05-15 02:25 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-05-15 02:25 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-23 00:55 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 00:55 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 00:55 797696 ----a-w- c:\windows\system32\FntCache.dll
2006-02-22 22:16 . 2011-05-13 07:51 34048 ----a-w- c:\program files\mozilla firefox\plugins\upd62i9x.dll
2006-02-22 22:16 . 2011-05-13 07:51 45056 ----a-w- c:\program files\mozilla firefox\plugins\upd62int.dll
2011-05-12 06:54 . 2011-04-16 07:34 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-08-06 12:05 . 2009-12-10 08:53 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD "= "c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"Malwarebytes' Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"RtHDVCpl "= "RtHDVCpl.exe" [2008-04-08 6037504]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-08-06 12:05 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 12:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2011-04-27 02:55 532320 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [x]
R0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [x]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-06 30192]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
S1 MpKslf4f48579;MpKslf4f48579;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53F36F2F-F9E3-42D3-88FD-5B846C4B3AA3}\MpKslf4f48579.sys [2011-05-18 28752]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-04-27 393112]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLF4F48579
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHN&bmod=TSHN
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Joydy Miller\AppData\Roaming\Mozilla\Firefox\Profiles\d185yt4v.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-19 09:58
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????v??Miz????>???>???>? >?H
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2011-05-19 10:01:07
ComboFix-quarantined-files.txt 2011-05-19 00:01
ComboFix2.txt 2011-05-18 07:45
ComboFix3.txt 2011-05-16 07:29
.
Pre-Run: 94,119,280,640 bytes free
Post-Run: 94,086,209,536 bytes free
.
- - End Of File - - 09D71E22C5031544DEE0D8E96F2A846E

broni · 2011/05/18

How is computer doing at the moment?

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box

Click OK

Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
Folder::
c:\programdata\STOPzilla!

Driver::
is3srv
szkg5
szkgfs
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

mindplayer45 · 2011/05/18

Computer is running a lot better, except for the error msg mentioned in 47 above but I restart and it is fine. I am still getting some unwanted redirection in Firefox, but when i close the page the one I want is underneath. Here is latest combofix log...
ComboFix 11-05-17.03 - Joydy Miller 19/05/2011 10:41:28.5.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.1915.1112 [GMT 10:00]
Running from: c:\users\Joydy Miller\Downloads\ComboFix.exe
Command switches used :: c:\users\Joydy Miller\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\STOPzilla!
c:\programdata\STOPzilla!\modules_scanned.db
c:\programdata\STOPzilla!\modules_scanned.db.bak
c:\programdata\STOPzilla!\scanner.log
c:\programdata\STOPzilla!\userdata.db
c:\programdata\STOPzilla!\vdb\vb-000.vdb
c:\programdata\STOPzilla!\vdb\vb-001.vdb
c:\programdata\STOPzilla!\vdb\vb-002.vdb
c:\programdata\STOPzilla!\vdb\vb-003.vdb
c:\programdata\STOPzilla!\vdb\vb-004.vdb
c:\programdata\STOPzilla!\vdb\vb-005.vdb
c:\programdata\STOPzilla!\vdb\vb-006.vdb
c:\programdata\STOPzilla!\vdb\vb-007.vdb
c:\programdata\STOPzilla!\vdb\vb-008.vdb
c:\programdata\STOPzilla!\vdb\vb-009.vdb
c:\programdata\STOPzilla!\vdb\vb-010.vdb
c:\programdata\STOPzilla!\vdb\vb-011.vdb
c:\programdata\STOPzilla!\vdb\vb-012.vdb
c:\programdata\STOPzilla!\vdb\vb-013.vdb
c:\programdata\STOPzilla!\vdb\vb-014.vdb
c:\programdata\STOPzilla!\vdb\vb-015.vdb
c:\programdata\STOPzilla!\vdb\vb-016.vdb
c:\programdata\STOPzilla!\vdb\vb-017.vdb
c:\programdata\STOPzilla!\vdb\vb-018.vdb
c:\programdata\STOPzilla!\vdb\vb-019.vdb
c:\programdata\STOPzilla!\vdb\vb-020.vdb
c:\programdata\STOPzilla!\vdb\vb-021.vdb
c:\programdata\STOPzilla!\vdb\vb-022.vdb
c:\programdata\STOPzilla!\vdb\vb-023.vdb
c:\programdata\STOPzilla!\vdb\vb-024.vdb
c:\programdata\STOPzilla!\vdb\vb-025.vdb
c:\programdata\STOPzilla!\vdb\vb-026.vdb
c:\programdata\STOPzilla!\vdb\vb-027.vdb
c:\programdata\STOPzilla!\vdb\vb-028.vdb
c:\programdata\STOPzilla!\vdb\vb-029.vdb
c:\programdata\STOPzilla!\vdb\vb-030.vdb
c:\programdata\STOPzilla!\vdb\vb-031.vdb
c:\programdata\STOPzilla!\vdb\vb-032.vdb
c:\programdata\STOPzilla!\vdb\vb-033.vdb
c:\programdata\STOPzilla!\vdb\vb-034.vdb
c:\programdata\STOPzilla!\vdb\vb-035.vdb
c:\programdata\STOPzilla!\vdb\vb-036.vdb
c:\programdata\STOPzilla!\vdb\vb-037.vdb
c:\programdata\STOPzilla!\vdb\vb-038.vdb
c:\programdata\STOPzilla!\vdb\vb-039.vdb
c:\programdata\STOPzilla!\vdb\vb-040.vdb
c:\programdata\STOPzilla!\vdb\vb-041.vdb
c:\programdata\STOPzilla!\vdb\vb-042.vdb
c:\programdata\STOPzilla!\vdb\vb-043.vdb
c:\programdata\STOPzilla!\vdb\vb-044.vdb
c:\programdata\STOPzilla!\vdb\vb-045.vdb
c:\programdata\STOPzilla!\vdb\vb-046.vdb
c:\programdata\STOPzilla!\vdb\vb-047.vdb
c:\programdata\STOPzilla!\vdb\vb-048.vdb
c:\programdata\STOPzilla!\vdb\vb-049.vdb
c:\programdata\STOPzilla!\vdb\vb-050.vdb
c:\programdata\STOPzilla!\vdb\vb-051.vdb
c:\programdata\STOPzilla!\vdb\vb-052.vdb
c:\programdata\STOPzilla!\vdb\vb-053.vdb
c:\programdata\STOPzilla!\vdb\vb-054.vdb
c:\programdata\STOPzilla!\vdb\vb-055.vdb
c:\programdata\STOPzilla!\vdb\vb-056.vdb
c:\programdata\STOPzilla!\vdb\vb-057.vdb
c:\programdata\STOPzilla!\vdb\vb-058.vdb
c:\programdata\STOPzilla!\vdb\vb-059.vdb
c:\programdata\STOPzilla!\vdb\vb-060.vdb
c:\programdata\STOPzilla!\vdb\vb-061.vdb
c:\programdata\STOPzilla!\vdb\vb-062.vdb
c:\programdata\STOPzilla!\vdb\vb-063.vdb
c:\programdata\STOPzilla!\vdb\vb-064.vdb
c:\programdata\STOPzilla!\vdb\vb-065.vdb
c:\programdata\STOPzilla!\vdb\vb-066.vdb
c:\programdata\STOPzilla!\vdb\vb-067.vdb
c:\programdata\STOPzilla!\vdb\vb-068.vdb
c:\programdata\STOPzilla!\vdb\vb-069.vdb
c:\programdata\STOPzilla!\vdb\vb-070.vdb
c:\programdata\STOPzilla!\vdb\vb-071.vdb
c:\programdata\STOPzilla!\vdb\vb-072.vdb
c:\programdata\STOPzilla!\vdb\vb-073.vdb
c:\programdata\STOPzilla!\vdb\vb-074.vdb
c:\programdata\STOPzilla!\vdb\vb-075.vdb
c:\programdata\STOPzilla!\vdb\vb-076.vdb
c:\programdata\STOPzilla!\vdb\vb-077.vdb
c:\programdata\STOPzilla!\vdb\vb-078.vdb
c:\programdata\STOPzilla!\vdb\vb-079.vdb
c:\programdata\STOPzilla!\vdb\vb-080.vdb
c:\programdata\STOPzilla!\vdb\vb-081.vdb
c:\programdata\STOPzilla!\vdb\vb-082.vdb
c:\programdata\STOPzilla!\vdb\vb-083.vdb
c:\programdata\STOPzilla!\vdb\vb-084.vdb
c:\programdata\STOPzilla!\vdb\vb-085.vdb
c:\programdata\STOPzilla!\vdb\vb-086.vdb
c:\programdata\STOPzilla!\vdb\vbcorent.dll
c:\programdata\STOPzilla!\vdb\vdb.xml
c:\programdata\STOPzilla!\vdb\xml_edk.log
c:\programdata\STOPzilla!\zilla5.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SZKG5
-------\Legacy_SZKGFS
-------\Service_is3srv
-------\Service_szkg5
-------\Service_szkgfs
.
.
((((((((((((((((((((((((( Files Created from 2011-04-19 to 2011-05-19 )))))))))))))))))))))))))))))))
.
.
2011-05-19 00:48 . 2011-05-19 00:52 -------- d-----w- c:\users\Joydy Miller\AppData\Local\temp
2011-05-19 00:48 . 2011-05-19 00:48 -------- d-----w- c:\users\jbparrawest\AppData\Local\temp
2011-05-19 00:48 . 2011-05-19 00:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-19 00:02 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34C69A15-287E-410F-BFC3-16D7F2CEE6E1}\mpengine.dll
2011-05-15 02:26 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-05-15 02:26 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-05-15 02:26 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-05-15 02:26 . 2011-02-18 14:03 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-05-15 02:26 . 2011-02-18 14:03 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-05-15 02:26 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-05-15 02:26 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-05-15 02:26 . 2011-02-22 13:24 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-15 02:26 . 2011-02-22 13:24 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-15 02:26 . 2011-02-22 13:23 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-15 02:26 . 2011-02-22 13:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-05-14 23:01 . 2011-05-14 23:42 -------- d-----w- C:\dmiller
2011-05-14 05:54 . 2010-12-20 08:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-14 05:54 . 2011-05-14 05:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-14 05:54 . 2010-12-20 08:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-13 07:51 . 2007-03-09 01:35 365056 ----a-w- c:\program files\Mozilla Firefox\plugins\npupd62.dll
2011-05-13 07:51 . 2006-02-22 22:16 45056 ----a-w- c:\program files\Mozilla Firefox\plugins\upd62int.dll
2011-05-13 07:51 . 2006-02-22 22:16 34048 ----a-w- c:\program files\Mozilla Firefox\plugins\upd62i9x.dll
2011-05-12 10:50 . 2011-02-02 11:40 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-12 10:50 . 2011-02-02 11:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-12 10:50 . 2011-05-12 10:51 -------- d-----w- c:\programdata\IObit
2011-05-12 10:45 . 2011-05-12 10:45 -------- d-----w- c:\program files\Application Updater
2011-05-12 10:45 . 2011-05-12 10:45 -------- d-----w- c:\program files\IObit Toolbar
2011-05-12 10:45 . 2011-05-12 10:45 -------- d-----w- c:\program files\Common Files\Spigot
2011-05-12 10:44 . 2011-05-13 23:13 -------- d-----w- c:\users\Joydy Miller\AppData\Roaming\IObit
2011-05-12 10:44 . 2011-02-23 06:52 16184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-05-12 10:44 . 2011-02-23 06:52 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-04-23 11:36 . 2011-05-12 10:33 -------- d-----w- C:\32788R22FWJFW(0)
2011-04-22 12:31 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-20 10:55 . 2011-04-20 10:55 -------- d-----w- c:\programdata\WindowsSearch
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-07 09:11 . 2011-04-03 10:36 0 ----a-w- c:\users\Joydy Miller\AppData\Local\Eruwe.bin
2011-03-03 15:40 . 2011-05-15 02:25 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-05-15 02:25 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-05-15 02:25 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-05-15 02:25 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-23 00:55 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 00:55 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 00:55 797696 ----a-w- c:\windows\system32\FntCache.dll
2006-02-22 22:16 . 2011-05-13 07:51 34048 ----a-w- c:\program files\mozilla firefox\plugins\upd62i9x.dll
2006-02-22 22:16 . 2011-05-13 07:51 45056 ----a-w- c:\program files\mozilla firefox\plugins\upd62int.dll
2011-05-12 06:54 . 2011-04-16 07:34 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-08-06 12:05 . 2009-12-10 08:53 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD "= "c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"Malwarebytes' Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"RtHDVCpl "= "RtHDVCpl.exe" [2008-04-08 6037504]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-08-06 12:05 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 12:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2011-04-27 02:55 532320 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
R1 MpKsl8563bd6d;MpKsl8563bd6d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34C69A15-287E-410F-BFC3-16D7F2CEE6E1}\MpKsl8563bd6d.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-06 30192]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-04-27 393112]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHN&bmod=TSHN
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Joydy Miller\AppData\Roaming\Mozilla\Firefox\Profiles\d185yt4v.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-19 10:52
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????v??Miz????>???>???>? >?H
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-05-19 10:56:16 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-19 00:56
ComboFix2.txt 2011-05-19 00:01
ComboFix3.txt 2011-05-18 07:45
ComboFix4.txt 2011-05-16 07:29
.
Pre-Run: 93,905,637,376 bytes free
Post-Run: 93,685,088,256 bytes free
.
- - End Of File - - 0A11C0E8CEB3F4BF220192836B4D4933

broni · 2011/05/18

Does the redirection happen in IE as well?
Any particular site(s), you're redirected to?

Please download [color= "#FF0000"]GooredFix[/color] from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.

To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).

When prompted to run the scan, click Yes.

GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

mindplayer45 · 2011/05/18

I am sending this via IE and it is doing the same as firefox, it is not like a redirection as the page you want is still there. The dodgy page is either on top or underneath and it is a random thing in the page you get. New logs..
GooredFix by jpshortstuff (03.07.10.1)
Log created at 11:11 on 19/05/2011 (Joydy Miller)
Firefox version 4.0.1 (en-GB)

========== GooredScan ==========

Removing Orphan:
"avg@igeared "= "C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared" -> Success!
Removing Orphan:
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4} "= "C:\Program Files\AVG\AVG10\Firefox4\" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [07:34 16/04/2011]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [11:38 27/05/2009]
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [10:50 12/05/2011]

C:\Users\Joydy Miller\Application Data\Mozilla\Firefox\Profiles\d185yt4v.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}(2235) [01:14 02/04/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b} "= "c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [10:06 23/04/2009]

-=E.O.F=-

broni · 2011/05/18

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

mindplayer45 · 2011/05/18

OTL Logs
OTL logfile created on: 19/05/2011 12:22:40 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Joydy Miller\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.87 Gb Total Space | 85.76 Gb Free Space | 62.20% Space Free | Partition Type: NTFS

Computer Name: JBPARRAWEST-PC | User Name: Joydy Miller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/19 12:19:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Joydy Miller\Desktop\OTL.exe
PRC - [2011/04/27 12:22:26 | 000,393,112 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/04/10 17:29:14 | 001,646,936 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/04/25 06:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/17 17:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/08 17:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 13:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/12/03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/22 10:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/05/11 03:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (SafeList) ==========

MOD - [2011/05/19 12:19:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Joydy Miller\Desktop\OTL.exe
MOD - [2010/09/01 01:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/04/27 12:22:26 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/17 17:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 15:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/02/06 13:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/21 12:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/12/03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/22 10:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - [2011/05/19 11:38:53 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6481CF38-5049-497C-BD78-E9113AB906F8}\MpKsl5a0c949e.sys -- (MpKsl5a0c949e)
DRV - [2011/02/23 16:52:34 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2008/07/18 18:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/05/19 19:42:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/28 16:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/04/15 12:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/12/15 04:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/18 00:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/21 07:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/02 17:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHN&bmod=TSHN

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-503464062-1430698429-4194658349-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-503464062-1430698429-4194658349-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-503464062-1430698429-4194658349-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo "
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886 "
FF - prefs.js..browser.search.selectedEngine: "Yahoo "
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/ "
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://au.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p= "

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/12 16:54:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/13 17:51:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/12 21:06:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/11/06 08:04:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joydy Miller\AppData\Roaming\Mozilla\Extensions
[2010/11/06 08:04:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joydy Miller\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/04/16 17:29:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joydy Miller\AppData\Roaming\Mozilla\Firefox\Profiles\d185yt4v.default\extensions
[2011/04/02 11:14:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Joydy Miller\AppData\Roaming\Mozilla\Firefox\Profiles\d185yt4v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2235)
[2011/05/12 20:50:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/12 20:50:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/12 20:45:31 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011/05/12 20:45:32 | 000,000,000 | ---D | M] (IObit Toolbar) -- C:\PROGRAM FILES\IOBIT TOOLBAR\FF
[2009/06/26 13:05:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/05/12 16:54:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/03/09 11:35:04 | 000,365,056 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npupd62.dll
[2006/02/23 08:16:20 | 000,034,048 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\upd62i9x.dll
[2006/02/23 08:16:20 | 000,045,056 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\upd62int.dll
[2010/01/01 18:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 18:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 18:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 18:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 18:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/05/19 10:52:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-503464062-1430698429-4194658349-1005..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-503464062-1430698429-4194658349-1005\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-503464062-1430698429-4194658349-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-503464062-1430698429-4194658349-1005\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Joydy Miller\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Joydy Miller\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-503464062-1430698429-4194658349-1005\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\Windows\System32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/05/19 12:18:55 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Joydy Miller\Desktop\OTL.exe
[2011/05/19 11:11:51 | 000,000,000 | ---D | C] -- C:\Users\Joydy Miller\Desktop\GooredFix Backups
[2011/05/19 11:10:00 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Joydy Miller\Desktop\GooredFix.exe
[2011/05/19 10:56:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/19 10:56:17 | 000,000,000 | ---D | C] -- C:\Users\Joydy Miller\AppData\Local\temp
[2011/05/19 10:55:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/19 10:39:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/16 17:15:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/16 17:15:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/15 17:22:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/15 17:22:38 | 000,000,000 | ---D | C] -- C:\dmiller12982d
[2011/05/15 17:20:58 | 000,000,000 | ---D | C] -- C:\dmiller24371d
[2011/05/15 12:26:04 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/05/15 12:26:04 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/05/15 12:26:02 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/05/15 12:26:02 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/05/15 12:25:58 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/05/15 12:25:45 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/05/15 12:25:45 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/05/15 12:25:45 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/05/15 12:25:45 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/05/15 12:25:45 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/05/15 12:25:45 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011/05/15 12:25:42 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/05/15 12:25:34 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/05/15 12:25:34 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/05/15 12:25:31 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/05/15 12:25:30 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/05/15 12:25:23 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/05/15 12:06:34 | 000,000,000 | ---D | C] -- C:\dmiller15315d
[2011/05/15 11:34:58 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Joydy Miller\Desktop\TDSSKiller.exe
[2011/05/15 11:04:30 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Users\Joydy Miller\Desktop\remover.exe
[2011/05/15 09:15:07 | 000,000,000 | ---D | C] -- C:\dmiller11041d
[2011/05/15 09:01:37 | 000,000,000 | ---D | C] -- C:\dmiller
[2011/05/14 15:54:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/14 15:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/14 15:54:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/14 15:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/14 14:01:16 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Joydy Miller\Desktop\scanner.exe
[2011/05/13 18:23:45 | 001,914,496 | ---- | C] (Trend Micro Inc.) -- C:\Users\Joydy Miller\Desktop\HousecallLauncher.exe
[2011/05/12 20:50:27 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/05/12 20:50:27 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/05/12 20:50:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/05/12 20:50:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/05/12 20:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/05/12 20:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/05/12 20:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/05/12 20:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2011/05/12 20:44:28 | 000,000,000 | ---D | C] -- C:\Users\Joydy Miller\AppData\Roaming\IObit
[2011/04/23 21:36:55 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW(0)
[2011/04/23 08:08:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/23 07:43:24 | 006,343,736 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Joydy Miller\Desktop\AppRemover.exe
[2011/04/22 22:33:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/22 16:40:50 | 000,532,480 | ---- | C] (Trend Micro Incorporated) -- C:\Users\Joydy Miller\Desktop\cwshredder.exe
[2011/04/20 20:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/19 12:19:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Joydy Miller\Desktop\OTL.exe
[2011/05/19 11:10:01 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Joydy Miller\Desktop\GooredFix.exe
[2011/05/19 11:03:27 | 000,709,350 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/19 11:03:27 | 000,147,414 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/19 10:58:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/19 10:58:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/19 10:58:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/19 10:58:42 | 2009,075,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/19 10:52:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/19 10:39:05 | 000,002,287 | ---- | M] () -- C:\Users\Joydy Miller\Desktop\ComboFix - Shortcut.lnk
[2011/05/18 20:29:22 | 000,000,680 | ---- | M] () -- C:\Users\Joydy Miller\AppData\Local\d3d9caps.dat
[2011/05/16 17:12:39 | 000,048,920 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/05/16 03:36:40 | 000,397,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/15 09:38:27 | 197,068,816 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/15 08:24:18 | 001,006,778 | ---- | M] () -- C:\Users\Joydy Miller\Desktop\mine2.exe
[2011/05/15 08:23:30 | 001,006,778 | ---- | M] () -- C:\Users\Joydy Miller\Desktop\mine.scr
[2011/05/15 08:22:10 | 001,006,778 | ---- | M] () -- C:\Users\Joydy Miller\Desktop\miller.com
[2011/05/14 15:54:20 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/14 14:41:46 | 000,625,664 | ---- | M] () -- C:\Users\Joydy Miller\Desktop\dds.scr
[2011/05/14 14:40:09 | 000,080,384 | ---- | M] () -- C:\Users\Joydy Miller\Desktop\MBRCheck.exe
[2011/05/14 14:38:32 | 000,302,080 | ---- | M] () -- C:\Users\Joydy Miller\Desktop\h0y7nkfi.exe
[2011/05/14 13:55:30 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Joydy Miller\Desktop\scanner.exe
[2011/05/13 18:23:59 | 001,914,496 | ---- | M] (Trend Micro Inc.) -- C:\Users\Joydy Miller\Desktop\HousecallLauncher.exe
[2011/05/13 13:21:28 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Joydy Miller\Desktop\TDSSKiller.exe
[2011/05/12 20:44:26 | 000,000,998 | ---- | M] () -- C:\Users\Joydy Miller\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
[2011/05/12 20:44:26 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2011/04/23 07:37:42 | 006,343,736 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Joydy Miller\Desktop\AppRemover.exe
[2011/04/22 18:52:42 | 000,223,784 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/04/22 16:32:46 | 001,402,880 | ---- | M] () -- C:\Users\Joydy Miller\Desktop\scanner2.msi
[2011/04/21 17:40:14 | 000,532,480 | ---- | M] (Trend Micro Incorporated) -- C:\Users\Joydy Miller\Desktop\cwshredder.exe
[2011/04/20 21:46:04 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/04/20 21:28:59 | 000,023,396 | ---- | M] () -- C:\Users\Joydy Miller\Documents\cc_20110420_212841.reg
[2011/04/20 21:25:49 | 000,000,815 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/19 10:39:05 | 000,002,287 | ---- | C] () -- C:\Users\Joydy Miller\Desktop\ComboFix - Shortcut.lnk
[2011/05/19 09:45:34 | 2009,075,712 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/16 17:15:31 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/16 03:37:39 | 000,048,920 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/05/15 17:22:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/15 17:22:47 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/15 17:22:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/15 17:22:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/15 08:57:01 | 001,006,778 | ---- | C] () -- C:\Users\Joydy Miller\Desktop\mine2.exe
[2011/05/15 08:56:58 | 001,006,778 | ---- | C] () -- C:\Users\Joydy Miller\Desktop\mine.scr
[2011/05/15 08:56:54 | 001,006,778 | ---- | C] () -- C:\Users\Joydy Miller\Desktop\miller.com
[2011/05/14 16:12:27 | 197,068,816 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/14 15:54:20 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/14 14:41:36 | 000,625,664 | ---- | C] () -- C:\Users\Joydy Miller\Desktop\dds.scr
[2011/05/14 14:40:08 | 000,080,384 | ---- | C] () -- C:\Users\Joydy Miller\Desktop\MBRCheck.exe
[2011/05/14 14:38:21 | 000,302,080 | ---- | C] () -- C:\Users\Joydy Miller\Desktop\h0y7nkfi.exe
[2011/05/12 20:44:28 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/05/12 20:44:28 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/05/12 20:44:26 | 000,000,998 | ---- | C] () -- C:\Users\Joydy Miller\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
[2011/05/12 20:44:26 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2011/04/23 19:09:20 | 000,000,680 | ---- | C] () -- C:\Users\Joydy Miller\AppData\Local\d3d9caps.dat
[2011/04/22 16:40:55 | 001,402,880 | ---- | C] () -- C:\Users\Joydy Miller\Desktop\scanner2.msi
[2011/04/20 21:45:59 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/04/20 21:28:51 | 000,023,396 | ---- | C] () -- C:\Users\Joydy Miller\Documents\cc_20110420_212841.reg
[2011/04/20 21:25:49 | 000,000,815 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/04/16 13:19:26 | 000,009,792 | -HS- | C] () -- C:\Users\Joydy Miller\AppData\Local\kb1ct45l884db54a8j0jvs53mpyp5v727vs2666h
[2011/04/16 13:19:26 | 000,009,792 | -HS- | C] () -- C:\ProgramData\kb1ct45l884db54a8j0jvs53mpyp5v727vs2666h
[2011/04/09 11:36:16 | 000,000,036 | ---- | C] () -- C:\Users\Joydy Miller\AppData\Local\housecall.guid.cache
[2011/04/03 20:36:40 | 000,000,120 | ---- | C] () -- C:\Users\Joydy Miller\AppData\Local\Cqejuzu.dat
[2011/04/03 20:36:40 | 000,000,000 | ---- | C] () -- C:\Users\Joydy Miller\AppData\Local\Eruwe.bin
[2010/01/07 17:29:19 | 000,000,000 | ---- | C] () -- C:\Users\Joydy Miller\AppData\Local\prvlcl.dat
[2009/09/12 01:42:06 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/12 01:42:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/09 16:05:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/04/17 13:46:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/04/17 13:46:32 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/04/17 13:46:32 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/04/17 13:46:32 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/04/17 13:46:32 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/04/17 13:46:32 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/04/17 13:09:22 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/04/17 13:09:22 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/04/17 13:09:22 | 000,009,484 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/04/17 13:09:22 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/11/26 11:57:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/12 05:32:33 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/07/12 05:25:51 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/07/12 05:25:51 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/07/12 05:25:42 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/07/12 05:25:38 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/07/12 04:51:37 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/04/09 15:58:18 | 000,022,723 | ---- | C] () -- C:\Windows\System32\xrxo3l3.dll
[2006/11/02 22:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:47:37 | 000,397,992 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 20:33:01 | 000,709,350 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 20:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 20:33:01 | 000,147,414 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 20:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 18:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/19 07:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 16:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/07/12 04:57:05 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/05/19 10:56:16 | 000,016,842 | ---- | M] () -- C:\ComboFix.txt
[2006/09/19 07:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/05/19 10:58:42 | 2009,075,712 | -HS- | M] () -- C:\hiberfil.sys
[2008/07/12 04:08:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/07/12 04:08:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/05/19 10:58:41 | 2322,870,272 | -HS- | M] () -- C:\pagefile.sys
[2011/05/15 11:50:40 | 000,061,848 | ---- | M] () -- C:\TDSSKiller.2.5.1.0_15.05.2011_11.49.24_log.txt
[2011/05/18 17:27:11 | 000,060,788 | ---- | M] () -- C:\TDSSKiller.2.5.1.0_18.05.2011_17.24.17_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 22:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 22:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 22:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/06/08 21:49:05 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/19 07:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 22:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2007/04/09 15:58:04 | 000,019,968 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\System32\spool\prtprocs\w32x86\xrxo3pc.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 12:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 13:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 13:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 13:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 20:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 20:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/09/30 18:13:40 | 000,000,286 | -HS- | M] () -- C:\Users\Joydy Miller\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/04/23 07:37:42 | 006,343,736 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Joydy Miller\Desktop\AppRemover.exe
[2011/04/21 17:40:14 | 000,532,480 | ---- | M] (Trend Micro Incorporated) -- C:\Users\Joydy Miller\Desktop\cwshredder.exe
[2011/05/19 11:10:01 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Joydy Miller\Desktop\GooredFix.exe
[2011/05/14 14:38:32 | 000,302,080 | ---- | M] () -- C:\Users\Joydy Miller\Desktop\h0y7nkfi.exe
[2011/05/13 18:23:59 | 001,914,496 | ---- | M] (Trend Micro Inc.) -- C:\Users\Joydy Miller\Desktop\HousecallLauncher.exe
[2011/05/14 14:40:09 | 000,080,384 | ---- | M] () -- C:\Users\Joydy Miller\Desktop\MBRCheck.exe
[2011/05/15 08:24:18 | 001,006,778 | ---- | M] () -- C:\Users\Joydy Miller\Desktop\mine2.exe
[2011/05/19 12:19:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Joydy Miller\Desktop\OTL.exe
[2010/09/01 15:33:49 | 000,083,968 | ---- | M] (eSage Lab) -- C:\Users\Joydy Miller\Desktop\remover.exe
[2011/05/14 13:55:30 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Joydy Miller\Desktop\scanner.exe
[2011/05/13 13:21:28 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Joydy Miller\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/04/24 06:17:37 | 000,000,402 | -HS- | M] () -- C:\Users\Joydy Miller\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/04/16 13:28:07 | 000,009,792 | -HS- | M] () -- C:\ProgramData\kb1ct45l884db54a8j0jvs53mpyp5v727vs2666h
[2011/04/20 21:46:04 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 566 bytes -> C:\Users\Joydy Miller\Documents\photo.eml:OECustomProperty

< End of report >

mindplayer45 · 2011/05/18

OTL Extras Log - Hope I am doing this right
OTL Extras logfile created on: 19/05/2011 12:22:40 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Joydy Miller\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.87 Gb Total Space | 85.76 Gb Free Space | 62.20% Space Free | Partition Type: NTFS

Computer Name: JBPARRAWEST-PC | User Name: Joydy Miller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-503464062-1430698429-4194658349-1005\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0556A832-3C17-4604-A49B-02F74D1F2AED}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1D94CE2C-D8A3-4BAF-A65F-AB910C00ECBE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{2789F345-72C6-4B56-9171-E2A41D29B609}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{29C74606-E457-4488-B7A9-AAB90503E7AA}" = rport=139 | protocol=6 | dir=out | app=system |
"{40B6C396-E08C-4FE9-96C6-95B2F77AF3A6}" = lport=137 | protocol=17 | dir=in | app=system |
"{4E0A612B-1FD2-4987-BA09-6B3820389D1A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{51BA1A0D-D812-4ED7-8E8C-C857D7E3ADD3}" = rport=137 | protocol=17 | dir=out | app=system |
"{53B2EA2B-1930-45BE-BAE6-1F2C72865FD3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{53F6F4D8-D1FA-4A92-B135-9248898555D4}" = rport=445 | protocol=6 | dir=out | app=system |
"{59D45875-5FCB-440E-8199-09DE904AB126}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{673D7CF2-8657-4459-9A32-91E3159451C6}" = lport=445 | protocol=6 | dir=in | app=system |
"{76BF6AEF-44A2-4435-B380-7A90F8D7BF99}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7CF40028-FB65-4CC0-8F89-ACE20897233B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{7D70D163-5799-4E35-B1C5-EA19661BA399}" = lport=139 | protocol=6 | dir=in | app=system |
"{A8433F3A-98FD-4461-8686-68A077C9C08D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BF27D399-4433-495F-B610-E9ACBF3F0A32}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C7B13DAF-123E-4BCC-9A9D-91A665EA717C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D1361396-2A20-4831-BA6A-977113F0FEF5}" = lport=138 | protocol=17 | dir=in | app=system |
"{FF8F2204-3FFD-4AED-B551-41247667948A}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049581DC-3327-410D-A8C3-2B144639B75F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{711FCBC7-189F-43AA-9125-D35D2181EC18}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{72E3E4F0-5468-4F1B-9739-7F831739D958}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{87271983-CEAC-477C-A99A-06E9D9F578DD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D60020CB-3A3D-400D-A5A1-D8B77703D5B1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DB81997C-6500-4A78-A5EB-912457098827}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F44AE66B-A844-4E6E-B298-5732265E4CE4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 24
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{784EE8DF-2273-4EBD-8372-7CE597613BCF}" = IObit Toolbar v4.4
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"Picasa2" = Picasa 2
"PROHYBRIDR" = 2007 Microsoft Office system
"Smart Defrag 2_is1" = Smart Defrag 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Encoder 9" = Windows Media Encoder 9 Series

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/05/2011 10:05:11 AM | Computer Name = jbparrawest-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 1/05/2011 10:06:11 AM | Computer Name = jbparrawest-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 1/05/2011 10:07:11 AM | Computer Name = jbparrawest-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 1/05/2011 10:08:11 AM | Computer Name = jbparrawest-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 1/05/2011 10:09:11 AM | Computer Name = jbparrawest-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 1/05/2011 10:10:11 AM | Computer Name = jbparrawest-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 1/05/2011 10:11:11 AM | Computer Name = jbparrawest-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 1/05/2011 10:12:11 AM | Computer Name = jbparrawest-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 1/05/2011 10:13:11 AM | Computer Name = jbparrawest-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 1/05/2011 10:14:11 AM | Computer Name = jbparrawest-PC | Source = SDWinSec.exe | ID = 0
Description =

[ System Events ]
Error - 18/05/2011 5:15:12 AM | Computer Name = jbparrawest-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 18/05/2011 7:50:02 PM | Computer Name = jbparrawest-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 18/05/2011 7:55:55 PM | Computer Name = jbparrawest-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 18/05/2011 7:56:44 PM | Computer Name = jbparrawest-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.103.1919.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6802.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 18/05/2011 7:58:24 PM | Computer Name = jbparrawest-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 18/05/2011 8:04:01 PM | Computer Name = jbparrawest-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 18/05/2011 8:41:05 PM | Computer Name = jbparrawest-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 18/05/2011 8:45:20 PM | Computer Name = jbparrawest-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 18/05/2011 8:48:18 PM | Computer Name = jbparrawest-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 18/05/2011 8:48:31 PM | Computer Name = jbparrawest-PC | Source = Service Control Manager | ID = 7030
Description =

< End of report >

broni · 2011/05/18

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

===================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
O15 - HKU\S-1-5-21-503464062-1430698429-4194658349-1005\..Trusted Ranges: GD ([http] in Local intranet)
O37 - HKU\S-1-5-21-503464062-1430698429-4194658349-1005\...exe [@ = exefile] -- Reg Error: Key error. File not found
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2011/04/16 13:19:26 | 000,009,792 | -HS- | C] () -- C:\Users\Joydy Miller\AppData\Local\kb1ct45l884db54a8j0jvs53mpyp5v727vs2666h
[2011/04/16 13:19:26 | 000,009,792 | -HS- | C] () -- C:\ProgramData\kb1ct45l884db54a8j0jvs53mpyp5v727vs2666h
[2011/04/03 20:36:40 | 000,000,120 | ---- | C] () -- C:\Users\Joydy Miller\AppData\Local\Cqejuzu.dat
[2011/04/03 20:36:40 | 000,000,000 | ---- | C] () -- C:\Users\Joydy Miller\AppData\Local\Eruwe.bin
@Alternate Data Stream - 566 bytes -> C:\Users\Joydy Miller\Documents\photo.eml:OECustomProperty


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

mindplayer45 · 2011/05/18

All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-21-503464062-1430698429-4194658349-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
Registry key HKEY_USERS\S-1-5-21-503464062-1430698429-4194658349-1005_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-503464062-1430698429-4194658349-1005_Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Users\Joydy Miller\AppData\Local\kb1ct45l884db54a8j0jvs53mpyp5v727vs2666h moved successfully.
C:\ProgramData\kb1ct45l884db54a8j0jvs53mpyp5v727vs2666h moved successfully.
C:\Users\Joydy Miller\AppData\Local\Cqejuzu.dat moved successfully.
C:\Users\Joydy Miller\AppData\Local\Eruwe.bin moved successfully.
ADS C:\Users\Joydy Miller\Documents\photo.eml:OECustomProperty deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Joydy Miller\Desktop\cmd.bat deleted successfully.
C:\Users\Joydy Miller\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User

User: jbparrawest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 7000 bytes
->FireFox cache emptied: 22740664 bytes
->Flash cache emptied: 348 bytes

User: Joydy Miller
->Temp folder emptied: 56146 bytes
->Temporary Internet Files folder emptied: 6896987 bytes
->Java cache emptied: 11901281 bytes
->FireFox cache emptied: 53520516 bytes
->Flash cache emptied: 768 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3218 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 91.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User

User: jbparrawest
->Flash cache emptied: 0 bytes

User: Joydy Miller
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 05192011_133228

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

broni · 2011/05/18

Still redirected?

mindplayer45 · 2011/05/18

Not after that last scan.

Log in or Sign up

Solved Pop up Re. Control Messages

broni Moderator Malware Analyst

mindplayer45 Inactive Thread Starter

mindplayer45 Inactive Thread Starter

mindplayer45 Inactive Thread Starter

mindplayer45 Inactive Thread Starter

mindplayer45 Inactive Thread Starter

broni Moderator Malware Analyst

mindplayer45 Inactive Thread Starter

mindplayer45 Inactive Thread Starter

broni Moderator Malware Analyst

mindplayer45 Inactive Thread Starter

broni Moderator Malware Analyst

mindplayer45 Inactive Thread Starter

broni Moderator Malware Analyst

mindplayer45 Inactive Thread Starter

mindplayer45 Inactive Thread Starter

broni Moderator Malware Analyst

mindplayer45 Inactive Thread Starter

broni Moderator Malware Analyst

mindplayer45 Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Pop up Re. Control Messages

broni Moderator Malware Analyst

mindplayer45 Inactive Thread Starter

mindplayer45 Inactive Thread Starter

mindplayer45 Inactive Thread Starter

mindplayer45 Inactive Thread Starter

mindplayer45 Inactive Thread Starter

broni Moderator Malware Analyst

mindplayer45 Inactive Thread Starter

mindplayer45 Inactive Thread Starter

broni Moderator Malware Analyst

mindplayer45 Inactive Thread Starter

broni Moderator Malware Analyst

mindplayer45 Inactive Thread Starter

broni Moderator Malware Analyst

mindplayer45 Inactive Thread Starter

mindplayer45 Inactive Thread Starter

broni Moderator Malware Analyst

mindplayer45 Inactive Thread Starter

broni Moderator Malware Analyst

mindplayer45 Inactive Thread Starter

Share This Page

Useful Searches