Hi There are three computer in the house only this one has the problem. I remember sometime ago there was an infection with windows 7 antivirus rogue. MSE caught and said it removed it. Have not noticed problem until yesterday. Another computer was reporting security updates so I made sure this computer was updated as whell and to suprise I find the update service not working along with firewall and security center. I went to look for them in services thinking they were just disabled. They not there either they are missing. So I am now here request any help. I tried to run DDS as requested black screen flashes and then closes do not know what is closeing it. Instructions to post anyway and letting you know that. MSE is still currently installed I have ran full scan using that it finds nothing says everything is ok but it is not. Thank you for any assistance that you may provide.

First Let Me thank Tashi.

When i first posted I was unable to run dds I am now able to so I am posting that log and attaching file

Thank you again

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Janay at 18:08:03 on 2012-03-26
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3836.2595 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\Dwm.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\eGames\Blast Thru\Game\bt.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [<NO NAME>]
dRun: [dplaysvr] C:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{76318720-F662-4DBD-AFE3-7BD6443EE48E} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{76318720-F662-4DBD-AFE3-7BD6443EE48E}\2375942554030333 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{76318720-F662-4DBD-AFE3-7BD6443EE48E}\2494747425544444 : DhcpNameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{76318720-F662-4DBD-AFE3-7BD6443EE48E}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{76318720-F662-4DBD-AFE3-7BD6443EE48E}\C6962627162797 : DhcpNameServer = 207.235.53.226
TCP: Interfaces\{BE0A0165-B507-4CE2-9650-5595A475578F} : DhcpNameServer = 192.168.1.254
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-X64: StartNow Toolbar Helper - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [(Default)]
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2010-6-25 126392]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atipmdag.sys --> C:\windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\windows\system32\drivers\hitmanpro36.sys --> C:\windows\system32\drivers\hitmanpro36.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\system32\drivers\rdpvideominiport.sys --> C:\windows\system32\drivers\rdpvideominiport.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S4 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
S4 gupdate;Google Update Service (gupdate);"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [?]
S4 gupdatem;Google Update Service (gupdatem);"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [?]
S4 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-9-11 517632]
S4 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-6-25 103792]
S4 taisregispinger;taisregispinger;C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2010-3-24 297344]
S4 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-6-25 51512]
S4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
S4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S4 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
.
=============== Created Last 30 ================
.
2012-03-26 21:22:01 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1964FBF6-F1D7-4079-AE58-95EC2DF28E2C}\offreg.dll
2012-03-26 20:41:15 -------- d-sh--w- C:\windows\BitLockerDiscoveryVolumeContents
2012-03-26 20:41:15 -------- d-----w- C:\windows\RemotePackages
2012-03-26 20:32:56 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-03-26 20:32:31 -------- d-----w- C:\Users\Janay\AppData\Roaming\uTorrent
2012-03-26 19:18:25 283200 ----a-w- C:\windows\System32\drivers\dtsoftbus01.sys
2012-03-26 19:18:15 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-03-26 19:17:57 -------- d-----w- C:\Users\Janay\AppData\Roaming\DAEMON Tools Lite
2012-03-26 19:17:55 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-03-26 17:07:31 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1964FBF6-F1D7-4079-AE58-95EC2DF28E2C}\mpengine.dll
2012-03-26 01:19:38 53248 ----a-r- C:\Users\Janay\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-03-26 01:06:27 -------- d-----w- C:\Users\Janay\AppData\Roaming\Logishrd
2012-03-24 20:26:26 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-24 15:06:30 82960 ----a-w- C:\windows\SysWow64\Picclp32.ocx
2012-03-24 15:06:30 164112 ----a-w- C:\windows\SysWow64\temp.005
2012-03-24 15:06:29 614672 ----a-w- C:\windows\SysWow64\temp.004
2012-03-24 15:06:28 1384448 ----a-w- C:\windows\SysWow64\temp.003
2012-03-24 15:06:27 22288 ----a-w- C:\windows\SysWow64\temp.002
2012-03-24 15:06:27 16896 ----a-w- C:\windows\SysWow64\temp.000
2012-03-24 15:06:27 143632 ----a-w- C:\windows\SysWow64\temp.001
2012-03-24 15:06:27 140288 ----a-w- C:\windows\SysWow64\Comdlg32.ocx
2012-03-24 15:06:26 101888 ----a-w- C:\windows\SysWow64\Vb6stkit.dll
2012-03-24 15:06:17 70088 ----a-w- C:\windows\SysWow64\Project2-1.ocx
2012-03-24 15:06:17 -------- d-----w- C:\Program Files (x86)\eGames
2012-03-23 21:15:17 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-03-23 21:15:17 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-03-23 21:15:16 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-03-23 20:27:15 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-03-23 20:27:14 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-03-23 20:27:13 3913584 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-03-23 19:56:21 -------- d-----w- C:\windows\System32\SPReview
2012-03-23 19:56:06 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-03-23 19:55:30 -------- d-----w- C:\windows\System32\EventProviders
2012-03-23 19:55:21 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-03-23 19:55:19 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-03-23 19:54:37 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-03-23 19:54:36 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-03-23 19:54:36 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-03-23 19:54:35 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-03-23 19:54:34 20992 ----a-w- C:\windows\System32\drivers\rdpvideominiport.sys
2012-03-23 19:54:34 162816 ----a-w- C:\windows\System32\rdpudd.dll
2012-03-23 19:54:34 1112064 ----a-w- C:\windows\System32\rdpcorets.dll
2012-03-23 19:54:05 -------- d-----w- C:\Users\Janay\AppData\Local\Microsoft Help
2012-03-23 19:51:39 -------- d-sh--w- C:\found.000
2012-03-23 19:47:03 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-03-23 19:27:57 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C2CA40A-EAAC-4394-9D94-063995AA52BD}\gapaengine.dll
2012-03-23 19:25:40 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-03-23 18:41:44 27424 ----a-w- C:\windows\System32\drivers\hitmanpro36.sys
2012-03-23 18:40:40 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-23 18:35:36 509952 ----a-w- C:\windows\System32\ntshrui.dll
2012-03-23 18:35:36 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll
2012-03-23 18:34:36 515584 ----a-w- C:\windows\System32\timedate.cpl
2012-03-23 18:34:35 478720 ----a-w- C:\windows\SysWow64\timedate.cpl
2012-03-23 18:34:34 498688 ----a-w- C:\windows\System32\drivers\afd.sys
2012-03-23 18:31:26 -------- d-----w- C:\ProgramData\HitmanPro
2012-03-23 18:31:03 690688 ----a-w- C:\windows\SysWow64\msvcrt.dll
2012-03-23 18:31:03 634880 ----a-w- C:\windows\System32\msvcrt.dll
2012-03-23 18:28:52 0 --sha-w- C:\windows\System32\dds_trash_log.cmd
2012-03-23 18:28:46 -------- d-----w- C:\ProgramData\Hitman Pro
2012-03-23 18:26:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-23 18:25:38 287304 ----a-w- C:\windows\System32\drivers\TrufosAlt.sys
2012-03-23 18:22:30 -------- d-----w- C:\89616d12b36e2ccbda46
2012-03-23 18:15:53 20480 ----a-w- C:\windows\svchost.exe
2012-03-23 15:12:04 -------- d-----w- C:\Users\Janay\AppData\Roaming\Malwarebytes
2012-03-23 15:11:22 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-23 15:11:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-23 14:23:11 -------- d-----w- C:\Program Files\Microsoft Security Client
.
==================== Find3M ====================
.
2012-03-23 20:42:57 175616 ----a-w- C:\windows\System32\msclmd.dll
2012-03-23 20:42:57 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
2012-01-27 05:52:58 279656 ------w- C:\windows\System32\MpSigStub.exe
.
============= FINISH: 18:08:22.45 ===============

Hi,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Uninstall the programs listed above (in red). When done, post fresh dds logs.

Hi,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Uninstall the programs listed above (in red). When done, post fresh dds logs.

I am sorry I thought I took the off. Any I just took it off. Here are the new post as requested
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Janay at 13:55:53 on 2012-03-27
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3836.2470 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\Dwm.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [<NO NAME>]
dRun: [dplaysvr] C:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
StartupFolder: C:\Users\Janay\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{76318720-F662-4DBD-AFE3-7BD6443EE48E} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{76318720-F662-4DBD-AFE3-7BD6443EE48E}\2375942554030333 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{76318720-F662-4DBD-AFE3-7BD6443EE48E}\2494747425544444 : DhcpNameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{76318720-F662-4DBD-AFE3-7BD6443EE48E}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{76318720-F662-4DBD-AFE3-7BD6443EE48E}\C6962627162797 : DhcpNameServer = 207.235.53.226
TCP: Interfaces\{BE0A0165-B507-4CE2-9650-5595A475578F} : DhcpNameServer = 192.168.1.254
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-X64: StartNow Toolbar Helper - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [(Default)]
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2010-6-25 126392]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atipmdag.sys --> C:\windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\windows\system32\drivers\hitmanpro36.sys --> C:\windows\system32\drivers\hitmanpro36.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\system32\drivers\rdpvideominiport.sys --> C:\windows\system32\drivers\rdpvideominiport.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S4 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
S4 gupdate;Google Update Service (gupdate);"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [?]
S4 gupdatem;Google Update Service (gupdatem);"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [?]
S4 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-9-11 517632]
S4 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-6-25 103792]
S4 taisregispinger;taisregispinger;C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2010-3-24 297344]
S4 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-6-25 51512]
S4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
S4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S4 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
.
=============== Created Last 30 ================
.
2012-03-27 17:30:17 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8ED75236-E779-477F-8B68-566E0FA8766B}\mpengine.dll
2012-03-26 20:41:15 -------- d-sh--w- C:\windows\BitLockerDiscoveryVolumeContents
2012-03-26 20:41:15 -------- d-----w- C:\windows\RemotePackages
2012-03-26 20:32:31 -------- d-----w- C:\Users\Janay\AppData\Roaming\uTorrent
2012-03-26 19:18:25 283200 ----a-w- C:\windows\System32\drivers\dtsoftbus01.sys
2012-03-26 19:18:15 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-03-26 19:17:57 -------- d-----w- C:\Users\Janay\AppData\Roaming\DAEMON Tools Lite
2012-03-26 19:17:55 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-03-26 01:19:38 53248 ----a-r- C:\Users\Janay\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-03-26 01:06:27 -------- d-----w- C:\Users\Janay\AppData\Roaming\Logishrd
2012-03-24 20:26:26 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-24 15:06:30 82960 ----a-w- C:\windows\SysWow64\Picclp32.ocx
2012-03-24 15:06:30 164112 ----a-w- C:\windows\SysWow64\temp.005
2012-03-24 15:06:29 614672 ----a-w- C:\windows\SysWow64\temp.004
2012-03-24 15:06:28 1384448 ----a-w- C:\windows\SysWow64\temp.003
2012-03-24 15:06:27 22288 ----a-w- C:\windows\SysWow64\temp.002
2012-03-24 15:06:27 16896 ----a-w- C:\windows\SysWow64\temp.000
2012-03-24 15:06:27 143632 ----a-w- C:\windows\SysWow64\temp.001
2012-03-24 15:06:27 140288 ----a-w- C:\windows\SysWow64\Comdlg32.ocx
2012-03-24 15:06:26 101888 ----a-w- C:\windows\SysWow64\Vb6stkit.dll
2012-03-24 15:06:17 70088 ----a-w- C:\windows\SysWow64\Project2-1.ocx
2012-03-24 15:06:17 -------- d-----w- C:\Program Files (x86)\eGames
2012-03-23 21:15:17 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-03-23 21:15:17 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-03-23 21:15:16 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-03-23 20:27:15 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-03-23 20:27:14 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-03-23 20:27:13 3913584 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-03-23 19:56:21 -------- d-----w- C:\windows\System32\SPReview
2012-03-23 19:56:06 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-03-23 19:55:30 -------- d-----w- C:\windows\System32\EventProviders
2012-03-23 19:55:21 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-03-23 19:55:19 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-03-23 19:54:37 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-03-23 19:54:36 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-03-23 19:54:36 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-03-23 19:54:35 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-03-23 19:54:34 20992 ----a-w- C:\windows\System32\drivers\rdpvideominiport.sys
2012-03-23 19:54:34 162816 ----a-w- C:\windows\System32\rdpudd.dll
2012-03-23 19:54:34 1112064 ----a-w- C:\windows\System32\rdpcorets.dll
2012-03-23 19:54:05 -------- d-----w- C:\Users\Janay\AppData\Local\Microsoft Help
2012-03-23 19:51:39 -------- d-sh--w- C:\found.000
2012-03-23 19:47:03 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-03-23 19:27:57 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C2CA40A-EAAC-4394-9D94-063995AA52BD}\gapaengine.dll
2012-03-23 19:25:40 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-03-23 18:41:44 27424 ----a-w- C:\windows\System32\drivers\hitmanpro36.sys
2012-03-23 18:40:40 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-23 18:35:36 509952 ----a-w- C:\windows\System32\ntshrui.dll
2012-03-23 18:35:36 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll
2012-03-23 18:34:36 515584 ----a-w- C:\windows\System32\timedate.cpl
2012-03-23 18:34:35 478720 ----a-w- C:\windows\SysWow64\timedate.cpl
2012-03-23 18:34:34 498688 ----a-w- C:\windows\System32\drivers\afd.sys
2012-03-23 18:31:26 -------- d-----w- C:\ProgramData\HitmanPro
2012-03-23 18:31:03 690688 ----a-w- C:\windows\SysWow64\msvcrt.dll
2012-03-23 18:31:03 634880 ----a-w- C:\windows\System32\msvcrt.dll
2012-03-23 18:28:52 0 --sha-w- C:\windows\System32\dds_trash_log.cmd
2012-03-23 18:28:46 -------- d-----w- C:\ProgramData\Hitman Pro
2012-03-23 18:26:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-23 18:25:38 287304 ----a-w- C:\windows\System32\drivers\TrufosAlt.sys
2012-03-23 18:22:30 -------- d-----w- C:\89616d12b36e2ccbda46
2012-03-23 18:15:53 20480 ----a-w- C:\windows\svchost.exe
2012-03-23 15:12:04 -------- d-----w- C:\Users\Janay\AppData\Roaming\Malwarebytes
2012-03-23 15:11:22 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-23 15:11:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-23 14:23:11 -------- d-----w- C:\Program Files\Microsoft Security Client
.
==================== Find3M ====================
.
2012-03-23 20:42:57 175616 ----a-w- C:\windows\System32\msclmd.dll
2012-03-23 20:42:57 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
2012-01-27 05:52:58 279656 ------w- C:\windows\System32\MpSigStub.exe
.
============= FINISH: 13:56:41.74 ===============

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Ran combo fix it made a system resore. Contiued to stage 50. Then it started deleting items. Restarted the computer now iexplorer error about marked for deletion. I am on another computer saved combo log to flash drive. Also dds will not run same error. I am attaching and pasting log for combo fix
ComboFix 12-03-27.03 - Janay 03/27/2012 14:07:09.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3836.2786 [GMT -4:00]
Running from: c:\users\Janay\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js
c:\program files (x86)\StartNow Toolbar\ToOLbar32.dll
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setup.dll
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.dat
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.exe
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.ico
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\windows\svchost.exe
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-02-27 to 2012-03-27 )))))))))))))))))))))))))))))))
.
.
2012-03-27 18:16 . 2012-03-27 18:16 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8ED75236-E779-477F-8B68-566E0FA8766B}\offreg.dll
2012-03-27 17:53 . 2012-03-27 17:54 -------- d-----w- c:\program files (x86)\ERUNT
2012-03-27 17:30 . 2012-03-14 00:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8ED75236-E779-477F-8B68-566E0FA8766B}\mpengine.dll
2012-03-26 20:41 . 2012-03-26 20:41 -------- d-sh--w- c:\windows\BitLockerDiscoveryVolumeContents
2012-03-26 20:41 . 2012-03-26 20:41 -------- d-----w- c:\windows\RemotePackages
2012-03-26 20:32 . 2012-03-27 17:55 -------- d-----w- c:\users\Janay\AppData\Roaming\uTorrent
2012-03-26 19:18 . 2012-03-26 19:19 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-26 19:18 . 2012-03-26 19:18 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-03-26 19:17 . 2012-03-26 19:21 -------- d-----w- c:\users\Janay\AppData\Roaming\DAEMON Tools Lite
2012-03-26 19:17 . 2012-03-26 19:18 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-03-26 01:19 . 2012-03-26 01:19 53248 ----a-r- c:\users\Janay\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-03-26 01:11 . 2012-03-26 01:11 -------- d-----w- c:\users\Janay\AppData\Roaming\Leadertech
2012-03-26 01:11 . 2012-03-26 01:11 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2012-03-26 01:06 . 2012-03-26 14:28 -------- d-----w- c:\users\Janay\AppData\Roaming\Logitech
2012-03-26 01:06 . 2012-03-26 01:06 -------- d-----w- c:\users\Janay\AppData\Roaming\Logishrd
2012-03-26 00:57 . 2012-03-26 00:57 -------- d-----w- c:\programdata\LogiShrd
2012-03-26 00:57 . 2012-03-26 01:11 -------- d-----w- c:\program files\Common Files\LogiShrd
2012-03-24 20:26 . 2012-03-14 00:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-24 15:06 . 2000-01-05 18:10 164112 ----a-w- c:\windows\SysWow64\temp.005
2012-03-24 15:06 . 1999-05-07 04:00 82960 ----a-w- c:\windows\SysWow64\Picclp32.ocx
2012-03-24 15:06 . 2000-01-05 18:10 614672 ----a-w- c:\windows\SysWow64\temp.004
2012-03-24 15:06 . 1999-12-07 15:00 1384448 ----a-w- c:\windows\SysWow64\temp.003
2012-03-24 15:06 . 2000-01-05 18:10 16896 ----a-w- c:\windows\SysWow64\temp.000
2012-03-24 15:06 . 2000-01-05 18:10 143632 ----a-w- c:\windows\SysWow64\temp.001
2012-03-24 15:06 . 1999-05-07 04:00 140288 ----a-w- c:\windows\SysWow64\Comdlg32.ocx
2012-03-24 15:06 . 1998-05-31 03:00 22288 ----a-w- c:\windows\SysWow64\temp.002
2012-03-24 15:06 . 1999-03-26 03:00 101888 ----a-w- c:\windows\SysWow64\Vb6stkit.dll
2012-03-24 15:06 . 2012-03-24 15:06 -------- d-----w- c:\program files (x86)\eGames
2012-03-24 15:06 . 2000-07-17 17:41 70088 ----a-w- c:\windows\SysWow64\Project2-1.ocx
2012-03-23 21:15 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-23 21:15 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-23 21:15 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-23 20:27 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-23 20:27 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-23 20:27 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-23 19:56 . 2012-03-23 19:56 -------- d-----w- c:\windows\system32\SPReview
2012-03-23 19:56 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-23 19:55 . 2012-03-23 19:55 -------- d-----w- c:\windows\system32\EventProviders
2012-03-23 19:55 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-23 19:55 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-23 19:54 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-23 19:54 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-23 19:54 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-23 19:54 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-23 19:54 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-23 19:54 . 2010-11-20 11:07 162816 ----a-w- c:\windows\system32\rdpudd.dll
2012-03-23 19:54 . 2010-11-20 11:03 20992 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-03-23 19:54 . 2012-03-23 19:54 -------- d-----w- c:\users\Janay\AppData\Local\Microsoft Help
2012-03-23 19:51 . 2012-03-23 19:51 -------- d-----w- C:\found.000
2012-03-23 19:47 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-23 19:27 . 2012-03-23 19:27 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C2CA40A-EAAC-4394-9D94-063995AA52BD}\gapaengine.dll
2012-03-23 19:25 . 2012-03-23 19:25 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-03-23 18:41 . 2012-03-23 18:41 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-03-23 18:40 . 2012-03-23 18:40 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-23 18:40 . 2012-03-23 18:40 -------- d-----w- c:\windows\system32\Macromed
2012-03-23 18:35 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-03-23 18:35 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-03-23 18:34 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-03-23 18:34 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-03-23 18:34 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-03-23 18:31 . 2012-03-23 18:38 -------- d-----w- c:\programdata\HitmanPro
2012-03-23 18:31 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-23 18:31 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-03-23 18:28 . 2012-03-23 18:29 -------- d-----w- c:\programdata\Hitman Pro
2012-03-23 18:26 . 2012-03-23 18:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-23 18:25 . 2012-03-23 18:25 287304 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-03-23 18:22 . 2012-03-23 23:25 -------- d-----w- C:\89616d12b36e2ccbda46
2012-03-23 15:12 . 2012-03-23 15:12 -------- d-----w- c:\users\Janay\AppData\Roaming\Malwarebytes
2012-03-23 15:11 . 2012-03-23 15:11 -------- d-----w- c:\programdata\Malwarebytes
2012-03-23 15:11 . 2012-03-23 19:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-23 14:23 . 2012-03-23 19:25 -------- d-----w- c:\program files\Microsoft Security Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-23 20:42 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-03-23 20:42 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-27 05:52 . 2011-08-14 00:40 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-06 05:15 . 2012-02-21 00:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{77CD6D66-0CDC-4955-9635-CC3C9E148E41}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
c:\users\Janay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R4 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-05-04 517632]
R4 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-01-29 103792]
R4 taisregispinger;taisregispinger;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2009-08-13 297344]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fasttrackinstallerservice
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-27 14:26:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-27 18:26
.
Pre-Run: 257,599,823,872 bytes free
Post-Run: 258,067,271,680 bytes free
.
- - End Of File - - 32A35A428E4E4EB66D4FABA83EA5648D

Hi,

Reboot and DDS should be runnable after that.

You were correct dds ran fine after that still iexplorer does not exist though so still using other computer to talk here is dds logs
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Janay at 14:50:18 on 2012-03-27
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3836.2899 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
StartupFolder: C:\Users\Janay\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{76318720-F662-4DBD-AFE3-7BD6443EE48E} : DhcpNameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{76318720-F662-4DBD-AFE3-7BD6443EE48E}\2375942554030333 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{76318720-F662-4DBD-AFE3-7BD6443EE48E}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{76318720-F662-4DBD-AFE3-7BD6443EE48E}\74275656E67237 : DhcpNameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{76318720-F662-4DBD-AFE3-7BD6443EE48E}\C6962627162797 : DhcpNameServer = 207.235.53.226
TCP: Interfaces\{BE0A0165-B507-4CE2-9650-5595A475578F} : DhcpNameServer = 192.168.1.254
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2010-6-25 126392]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atipmdag.sys --> C:\windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\windows\system32\drivers\hitmanpro36.sys --> C:\windows\system32\drivers\hitmanpro36.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\system32\drivers\rdpvideominiport.sys --> C:\windows\system32\drivers\rdpvideominiport.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S4 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
S4 gupdate;Google Update Service (gupdate);"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [?]
S4 gupdatem;Google Update Service (gupdatem);"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [?]
S4 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-9-11 517632]
S4 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-6-25 103792]
S4 taisregispinger;taisregispinger;C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2010-3-24 297344]
S4 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-6-25 51512]
S4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
S4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S4 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
.
=============== Created Last 30 ================
.
2012-03-27 18:50:56 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A9928726-9C63-42F9-89B1-04B8E27199A1}\mpengine.dll
2012-03-27 18:49:46 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-27 18:05:30 98816 ----a-w- C:\windows\sed.exe
2012-03-27 18:05:30 518144 ----a-w- C:\windows\SWREG.exe
2012-03-27 18:05:30 256000 ----a-w- C:\windows\PEV.exe
2012-03-27 18:05:30 208896 ----a-w- C:\windows\MBR.exe
2012-03-26 20:41:15 -------- d-sh--w- C:\windows\BitLockerDiscoveryVolumeContents
2012-03-26 20:41:15 -------- d-----w- C:\windows\RemotePackages
2012-03-26 20:32:31 -------- d-----w- C:\Users\Janay\AppData\Roaming\uTorrent
2012-03-26 19:18:25 283200 ----a-w- C:\windows\System32\drivers\dtsoftbus01.sys
2012-03-26 19:18:15 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-03-26 19:17:57 -------- d-----w- C:\Users\Janay\AppData\Roaming\DAEMON Tools Lite
2012-03-26 19:17:55 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-03-26 01:19:38 53248 ----a-r- C:\Users\Janay\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-03-26 01:06:27 -------- d-----w- C:\Users\Janay\AppData\Roaming\Logishrd
2012-03-24 20:26:26 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-24 15:06:30 82960 ----a-w- C:\windows\SysWow64\Picclp32.ocx
2012-03-24 15:06:30 164112 ----a-w- C:\windows\SysWow64\temp.005
2012-03-24 15:06:29 614672 ----a-w- C:\windows\SysWow64\temp.004
2012-03-24 15:06:28 1384448 ----a-w- C:\windows\SysWow64\temp.003
2012-03-24 15:06:27 22288 ----a-w- C:\windows\SysWow64\temp.002
2012-03-24 15:06:27 16896 ----a-w- C:\windows\SysWow64\temp.000
2012-03-24 15:06:27 143632 ----a-w- C:\windows\SysWow64\temp.001
2012-03-24 15:06:27 140288 ----a-w- C:\windows\SysWow64\Comdlg32.ocx
2012-03-24 15:06:26 101888 ----a-w- C:\windows\SysWow64\Vb6stkit.dll
2012-03-24 15:06:17 70088 ----a-w- C:\windows\SysWow64\Project2-1.ocx
2012-03-24 15:06:17 -------- d-----w- C:\Program Files (x86)\eGames
2012-03-23 21:15:17 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-03-23 21:15:17 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-03-23 21:15:16 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-03-23 20:27:15 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-03-23 20:27:14 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-03-23 20:27:13 3913584 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-03-23 19:56:21 -------- d-----w- C:\windows\System32\SPReview
2012-03-23 19:56:06 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-03-23 19:55:30 -------- d-----w- C:\windows\System32\EventProviders
2012-03-23 19:55:21 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-03-23 19:55:19 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-03-23 19:54:37 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-03-23 19:54:36 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-03-23 19:54:36 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-03-23 19:54:35 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-03-23 19:54:34 20992 ----a-w- C:\windows\System32\drivers\rdpvideominiport.sys
2012-03-23 19:54:34 162816 ----a-w- C:\windows\System32\rdpudd.dll
2012-03-23 19:54:34 1112064 ----a-w- C:\windows\System32\rdpcorets.dll
2012-03-23 19:54:05 -------- d-----w- C:\Users\Janay\AppData\Local\Microsoft Help
2012-03-23 19:51:39 -------- d-----w- C:\found.000
2012-03-23 19:47:03 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-03-23 19:27:57 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C2CA40A-EAAC-4394-9D94-063995AA52BD}\gapaengine.dll
2012-03-23 19:25:40 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-03-23 18:41:44 27424 ----a-w- C:\windows\System32\drivers\hitmanpro36.sys
2012-03-23 18:40:40 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-23 18:35:36 509952 ----a-w- C:\windows\System32\ntshrui.dll
2012-03-23 18:35:36 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll
2012-03-23 18:34:36 515584 ----a-w- C:\windows\System32\timedate.cpl
2012-03-23 18:34:35 478720 ----a-w- C:\windows\SysWow64\timedate.cpl
2012-03-23 18:34:34 498688 ----a-w- C:\windows\System32\drivers\afd.sys
2012-03-23 18:31:26 -------- d-----w- C:\ProgramData\HitmanPro
2012-03-23 18:31:03 690688 ----a-w- C:\windows\SysWow64\msvcrt.dll
2012-03-23 18:31:03 634880 ----a-w- C:\windows\System32\msvcrt.dll
2012-03-23 18:28:46 -------- d-----w- C:\ProgramData\Hitman Pro
2012-03-23 18:26:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-23 18:25:38 287304 ----a-w- C:\windows\System32\drivers\TrufosAlt.sys
2012-03-23 18:22:30 -------- d-----w- C:\89616d12b36e2ccbda46
2012-03-23 15:12:04 -------- d-----w- C:\Users\Janay\AppData\Roaming\Malwarebytes
2012-03-23 15:11:22 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-23 15:11:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-23 14:23:11 -------- d-----w- C:\Program Files\Microsoft Security Client
.
==================== Find3M ====================
.
2012-03-23 20:42:57 175616 ----a-w- C:\windows\System32\msclmd.dll
2012-03-23 20:42:57 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
2012-01-27 05:52:58 279656 ------w- C:\windows\System32\MpSigStub.exe
.
============= FINISH: 14:52:36.27 ===============

Hi again,


Open notepad and copy/paste the text in the quotebox below into it:



Folder::
c:\users\Janay\AppData\Roaming\uTorrent
NetSvc::
fasttrackinstallerservice
DDS::
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1 and separate 10.1.1 10.1.2 updates for it) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...


Updating Java:

Download the latest version of Java Runtime Environment (JRE) 7 Update 3 (http://www.oracle.com/technetwork/java/javase/downloads/index.html).
Click the
Download
button under JRE.
Check the box that says:
Accept License Agreement.
Click on the jre-7u3-windows-i586.exe link to download Windows Offline Installation and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-7u3-windows-i586.exe to install the newest version.


* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Here are the new logs as requested sorry about the time internet went down.

Also Windows Firewall still offline can not start says dependcies failed to start but dependicies are started it only reports dependcies base filtering engine (BFE) which is running. Also action center icon still missing tried to change sytems icons action center grayed out can not change. I just wanted you to know all of this so here are the logs

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Janay at 18:41:52 on 2012-03-27
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3836.2407 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{76318720-F662-4DBD-AFE3-7BD6443EE48E} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{76318720-F662-4DBD-AFE3-7BD6443EE48E}\2375942554030333 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{76318720-F662-4DBD-AFE3-7BD6443EE48E}\2494747425544444 : DhcpNameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{76318720-F662-4DBD-AFE3-7BD6443EE48E}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{76318720-F662-4DBD-AFE3-7BD6443EE48E}\C6962627162797 : DhcpNameServer = 207.235.53.226
TCP: Interfaces\{BE0A0165-B507-4CE2-9650-5595A475578F} : DhcpNameServer = 192.168.1.254
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2010-6-25 126392]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atipmdag.sys --> C:\windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\windows\system32\drivers\hitmanpro36.sys --> C:\windows\system32\drivers\hitmanpro36.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\system32\drivers\rdpvideominiport.sys --> C:\windows\system32\drivers\rdpvideominiport.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S4 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
S4 gupdate;Google Update Service (gupdate);"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [?]
S4 gupdatem;Google Update Service (gupdatem);"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [?]
S4 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-9-11 517632]
S4 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-6-25 103792]
S4 taisregispinger;taisregispinger;C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2010-3-24 297344]
S4 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-6-25 51512]
S4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
S4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S4 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
.
=============== Created Last 30 ================
.
2012-03-27 21:02:58 -------- d-----w- C:\Program Files (x86)\ESET
2012-03-27 20:55:27 637848 ----a-w- C:\windows\SysWow64\npdeployJava1.dll
2012-03-27 20:55:27 567696 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-03-27 20:33:43 -------- d-----w- C:\windows\System32\appmgmt
2012-03-27 20:27:57 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{03B7CDB3-FECE-4973-9E05-E537DEC7AB2A}\mpengine.dll
2012-03-27 20:13:51 -------- d-----w- C:\$RECYCLE.BIN
2012-03-27 18:05:30 98816 ----a-w- C:\windows\sed.exe
2012-03-27 18:05:30 518144 ----a-w- C:\windows\SWREG.exe
2012-03-27 18:05:30 256000 ----a-w- C:\windows\PEV.exe
2012-03-27 18:05:30 208896 ----a-w- C:\windows\MBR.exe
2012-03-26 20:41:15 -------- d-sh--w- C:\windows\BitLockerDiscoveryVolumeContents
2012-03-26 20:41:15 -------- d-----w- C:\windows\RemotePackages
2012-03-26 19:18:25 283200 ----a-w- C:\windows\System32\drivers\dtsoftbus01.sys
2012-03-26 19:18:15 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-03-26 19:17:57 -------- d-----w- C:\Users\Janay\AppData\Roaming\DAEMON Tools Lite
2012-03-26 19:17:55 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-03-26 01:19:38 53248 ----a-r- C:\Users\Janay\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-03-26 01:06:27 -------- d-----w- C:\Users\Janay\AppData\Roaming\Logishrd
2012-03-24 20:26:26 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-24 15:06:30 82960 ----a-w- C:\windows\SysWow64\Picclp32.ocx
2012-03-24 15:06:30 164112 ----a-w- C:\windows\SysWow64\temp.005
2012-03-24 15:06:29 614672 ----a-w- C:\windows\SysWow64\temp.004
2012-03-24 15:06:28 1384448 ----a-w- C:\windows\SysWow64\temp.003
2012-03-24 15:06:27 22288 ----a-w- C:\windows\SysWow64\temp.002
2012-03-24 15:06:27 16896 ----a-w- C:\windows\SysWow64\temp.000
2012-03-24 15:06:27 143632 ----a-w- C:\windows\SysWow64\temp.001
2012-03-24 15:06:27 140288 ----a-w- C:\windows\SysWow64\Comdlg32.ocx
2012-03-24 15:06:26 101888 ----a-w- C:\windows\SysWow64\Vb6stkit.dll
2012-03-24 15:06:17 70088 ----a-w- C:\windows\SysWow64\Project2-1.ocx
2012-03-24 15:06:17 -------- d-----w- C:\Program Files (x86)\eGames
2012-03-23 21:15:17 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-03-23 21:15:17 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-03-23 21:15:16 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-03-23 20:27:15 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-03-23 20:27:14 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-03-23 20:27:13 3913584 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-03-23 19:56:21 -------- d-----w- C:\windows\System32\SPReview
2012-03-23 19:56:06 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-03-23 19:55:30 -------- d-----w- C:\windows\System32\EventProviders
2012-03-23 19:55:21 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-03-23 19:55:19 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-03-23 19:54:37 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-03-23 19:54:36 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-03-23 19:54:36 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-03-23 19:54:35 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-03-23 19:54:34 20992 ----a-w- C:\windows\System32\drivers\rdpvideominiport.sys
2012-03-23 19:54:34 162816 ----a-w- C:\windows\System32\rdpudd.dll
2012-03-23 19:54:34 1112064 ----a-w- C:\windows\System32\rdpcorets.dll
2012-03-23 19:54:05 -------- d-----w- C:\Users\Janay\AppData\Local\Microsoft Help
2012-03-23 19:51:39 -------- d-----w- C:\found.000
2012-03-23 19:47:03 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-03-23 19:27:57 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C2CA40A-EAAC-4394-9D94-063995AA52BD}\gapaengine.dll
2012-03-23 19:25:40 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-03-23 18:41:44 27424 ----a-w- C:\windows\System32\drivers\hitmanpro36.sys
2012-03-23 18:40:40 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-23 18:35:36 509952 ----a-w- C:\windows\System32\ntshrui.dll
2012-03-23 18:35:36 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll
2012-03-23 18:34:36 515584 ----a-w- C:\windows\System32\timedate.cpl
2012-03-23 18:34:35 478720 ----a-w- C:\windows\SysWow64\timedate.cpl
2012-03-23 18:34:34 498688 ----a-w- C:\windows\System32\drivers\afd.sys
2012-03-23 18:31:26 -------- d-----w- C:\ProgramData\HitmanPro
2012-03-23 18:31:03 690688 ----a-w- C:\windows\SysWow64\msvcrt.dll
2012-03-23 18:31:03 634880 ----a-w- C:\windows\System32\msvcrt.dll
2012-03-23 18:28:46 -------- d-----w- C:\ProgramData\Hitman Pro
2012-03-23 18:26:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-23 18:25:38 287304 ----a-w- C:\windows\System32\drivers\TrufosAlt.sys
2012-03-23 18:22:30 -------- d-----w- C:\89616d12b36e2ccbda46
2012-03-23 15:12:04 -------- d-----w- C:\Users\Janay\AppData\Roaming\Malwarebytes
2012-03-23 15:11:22 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-23 15:11:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-23 14:23:11 -------- d-----w- C:\Program Files\Microsoft Security Client
.
==================== Find3M ====================
.
2012-03-23 20:42:57 175616 ----a-w- C:\windows\System32\msclmd.dll
2012-03-23 20:42:57 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
2012-01-27 05:52:58 279656 ------w- C:\windows\System32\MpSigStub.exe
.
============= FINISH: 18:42:42.00 ===============

Oh I have noticed that combofix always says MSE disabled as you know it get disabled before i run combofix but I always turn it back on after

Hi,

Please download Farbar Service Scanner (http://download.bleepingcomputer.com/farbar/FSS.exe) and run it on the computer with the issue.

Check all boxes.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Here is the log

Farbar Service Scanner Version: 01-03-2012
Ran by Janay (administrator) on 28-03-2012 at 06:44:37
Running from "C:\Users\Janay\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open mpsdrv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open mpsdrv registry key. The service key does not exist.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Hi,

Try Fix it here (http://support.microsoft.com/mats/windows_firewall_diagnostic/).

No this did not work I get Windows Firewall service is not started fix status not fixed Then takes me survey did this fix your problem i choose no it microsoft website

Hi,

Seems that infection has crippled the registry regarding windows firewall and possible other services. I recommend to backup important stuff and reinstall Windows.

I afraid of that

Sometimes system is too crippled to be fully fixable. This is one of such times.

Thank you for all the help

You're welcome :)