Infected. It disabled Avast.

hi,

You had the same problem
PC shutdown
Click to expand...
in one of your other threads. The re-direction is malware for sure, the shutdown issue maybe not.
Download and run TDSSkiller for the redirection. Is the shutdown a BSOD?
Any pattern to it that you notice or is it more random?

Please download TDSS Killer.exe and save it to your desktop
Double click to launch the utility. Right click in VIsta and "run as admin.." After it initializes click the start scan button.

Once the scan completes you can click the continue button.

"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."

"After clicking Next, the utility applies selected actions and outputs the result."

"A reboot might require after disinfection."

A report will be found in your Root drive Local Disk (C) as TDSSKiller.2.4.12.0_02.01.2011_17.32.21_log.txt (name, version, date, time, log.txt)
Please post the log report
 
I forgot to mention, I did run a scan in Avast. It found 6 problems. 2 were moved to the chest. the other 4 couldn't be moved, so I deleted them.

I also ran spybot. All it found was 6 cookies

But the problems has gotten worse.

Yes, it was a BSOD. The last time I had a BSOD was 7 months ago when I had a virus. I re-installed vista, and all was fine.

THis time, I've had the BSOD only once.
 
I ran it.


2011/02/19 18:50:33.0836 1240 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/19 18:50:34.0195 1240 ================================================================================
2011/02/19 18:50:34.0195 1240 SystemInfo:
2011/02/19 18:50:34.0195 1240
2011/02/19 18:50:34.0195 1240 OS Version: 6.0.6000 ServicePack: 0.0
2011/02/19 18:50:34.0195 1240 Product type: Workstation
2011/02/19 18:50:34.0195 1240 ComputerName: ESTHER-PC
2011/02/19 18:50:34.0195 1240 UserName: Esther
2011/02/19 18:50:34.0195 1240 Windows directory: C:\Windows
2011/02/19 18:50:34.0195 1240 System windows directory: C:\Windows
2011/02/19 18:50:34.0195 1240 Processor architecture: Intel x86
2011/02/19 18:50:34.0195 1240 Number of processors: 2
2011/02/19 18:50:34.0195 1240 Page size: 0x1000
2011/02/19 18:50:34.0195 1240 Boot type: Safe boot with network
2011/02/19 18:50:34.0195 1240 ================================================================================
2011/02/19 18:50:34.0507 1240 Initialize success
2011/02/19 18:50:38.0641 0436 ================================================================================
2011/02/19 18:50:38.0641 0436 Scan started
2011/02/19 18:50:38.0641 0436 Mode: Manual;
2011/02/19 18:50:38.0641 0436 ================================================================================
2011/02/19 18:50:40.0700 0436 ACPI (192bdbd1540645c4a2aa69f24cce197f) C:\Windows\system32\drivers\acpi.sys
2011/02/19 18:50:40.0825 0436 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/02/19 18:50:40.0903 0436 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/02/19 18:50:40.0997 0436 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/02/19 18:50:41.0075 0436 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/02/19 18:50:41.0231 0436 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/02/19 18:50:41.0387 0436 AgereSoftModem (4e6294a06be883c9bd685a8dfd9fcd4e) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/02/19 18:50:41.0496 0436 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/02/19 18:50:41.0636 0436 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/02/19 18:50:41.0730 0436 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/02/19 18:50:41.0792 0436 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/02/19 18:50:41.0886 0436 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/02/19 18:50:41.0995 0436 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/02/19 18:50:42.0338 0436 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/02/19 18:50:42.0416 0436 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/02/19 18:50:42.0525 0436 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/02/19 18:50:42.0635 0436 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\Windows\system32\drivers\aswFsBlk.sys
2011/02/19 18:50:42.0759 0436 aswMonFlt (317f85fb68a3be507e9ccede5e6d9ee0) C:\Windows\system32\drivers\aswMonFlt.sys
2011/02/19 18:50:42.0853 0436 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\Windows\system32\drivers\aswRdr.sys
2011/02/19 18:50:42.0900 0436 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\Windows\system32\drivers\aswSP.sys
2011/02/19 18:50:43.0009 0436 aswTdi (1408421505257846eb336feeef33352d) C:\Windows\system32\drivers\aswTdi.sys
2011/02/19 18:50:43.0103 0436 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/19 18:50:43.0134 0436 atapi (4f4fcb8b6ea06784fb6d475b7ec7300f) C:\Windows\system32\drivers\atapi.sys
2011/02/19 18:50:43.0243 0436 athr (889e7f06279fd16549b77628918ff666) C:\Windows\system32\DRIVERS\athr.sys
2011/02/19 18:50:43.0399 0436 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/02/19 18:50:43.0555 0436 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/19 18:50:43.0617 0436 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/02/19 18:50:43.0664 0436 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/02/19 18:50:43.0758 0436 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/02/19 18:50:43.0820 0436 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/02/19 18:50:43.0883 0436 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/02/19 18:50:43.0898 0436 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/02/19 18:50:44.0039 0436 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/02/19 18:50:44.0163 0436 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/19 18:50:44.0226 0436 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/19 18:50:44.0382 0436 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/02/19 18:50:44.0460 0436 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/02/19 18:50:44.0507 0436 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/19 18:50:44.0553 0436 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/02/19 18:50:44.0663 0436 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/19 18:50:44.0709 0436 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/02/19 18:50:44.0741 0436 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/02/19 18:50:44.0819 0436 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/02/19 18:50:45.0006 0436 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/02/19 18:50:45.0084 0436 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/02/19 18:50:45.0162 0436 DXGKrnl (f032a2f91287a0b800891c7bef9ca7a8) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/19 18:50:45.0287 0436 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/02/19 18:50:45.0380 0436 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/02/19 18:50:45.0505 0436 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/02/19 18:50:45.0677 0436 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/02/19 18:50:45.0770 0436 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/19 18:50:45.0817 0436 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/02/19 18:50:45.0864 0436 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/02/19 18:50:45.0957 0436 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/19 18:50:46.0020 0436 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/02/19 18:50:46.0098 0436 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/19 18:50:46.0160 0436 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/02/19 18:50:46.0301 0436 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/02/19 18:50:46.0363 0436 HDAudBus (5fd053f305b77ebe97f284b20d89dc1c) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/19 18:50:46.0394 0436 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/02/19 18:50:46.0441 0436 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/02/19 18:50:46.0503 0436 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/19 18:50:46.0628 0436 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/02/19 18:50:46.0722 0436 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2011/02/19 18:50:46.0784 0436 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/02/19 18:50:46.0909 0436 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/19 18:50:46.0987 0436 ialm (14f477463246e35f1dc932be6225598c) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/02/19 18:50:47.0127 0436 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/02/19 18:50:47.0299 0436 igfx (14f477463246e35f1dc932be6225598c) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/02/19 18:50:47.0424 0436 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/02/19 18:50:47.0595 0436 IntcAzAudAddService (a47b2875680ad67b35c6150bd0203056) C:\Windows\system32\drivers\RTKVHDA.sys
2011/02/19 18:50:47.0767 0436 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/02/19 18:50:47.0814 0436 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/19 18:50:47.0907 0436 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/19 18:50:48.0001 0436 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/02/19 18:50:48.0141 0436 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/02/19 18:50:48.0173 0436 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/02/19 18:50:48.0204 0436 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/02/19 18:50:48.0266 0436 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/19 18:50:48.0297 0436 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/02/19 18:50:48.0422 0436 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/02/19 18:50:48.0500 0436 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/19 18:50:48.0656 0436 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/19 18:50:48.0828 0436 KR10I (1e0d65f7ffeb4e99b2eec1ccb5754cc8) C:\Windows\system32\drivers\kr10i.sys
2011/02/19 18:50:48.0875 0436 KR10N (a1963360e74931222a67356c8ad48378) C:\Windows\system32\drivers\kr10n.sys
2011/02/19 18:50:48.0921 0436 KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys
2011/02/19 18:50:49.0093 0436 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/19 18:50:49.0436 0436 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/19 18:50:49.0530 0436 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys
2011/02/19 18:50:49.0592 0436 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/02/19 18:50:49.0623 0436 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/02/19 18:50:49.0779 0436 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/02/19 18:50:49.0857 0436 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/02/19 18:50:49.0935 0436 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/02/19 18:50:49.0982 0436 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/02/19 18:50:50.0107 0436 monitor (ec839ba91e45cce6eadafc418fff8206) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/19 18:50:50.0154 0436 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/19 18:50:50.0201 0436 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/19 18:50:50.0247 0436 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/02/19 18:50:50.0279 0436 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/02/19 18:50:50.0435 0436 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/19 18:50:50.0528 0436 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/02/19 18:50:50.0591 0436 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/02/19 18:50:50.0731 0436 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/19 18:50:50.0793 0436 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/19 18:50:50.0840 0436 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/19 18:50:50.0903 0436 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/02/19 18:50:50.0965 0436 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/02/19 18:50:51.0121 0436 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/02/19 18:50:51.0183 0436 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
2011/02/19 18:50:51.0246 0436 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/19 18:50:51.0293 0436 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/19 18:50:51.0449 0436 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/02/19 18:50:51.0511 0436 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/02/19 18:50:51.0605 0436 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/19 18:50:51.0667 0436 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/02/19 18:50:51.0792 0436 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/02/19 18:50:51.0917 0436 NativeWifiP (497de786240303ee67ab01f5690c24c2) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/19 18:50:52.0010 0436 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/02/19 18:50:52.0135 0436 NdisTapi (7584f1794b23b83d63cc124a8c56d103) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/19 18:50:52.0213 0436 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/19 18:50:52.0260 0436 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/19 18:50:52.0307 0436 NDProxy (874c12e3ad1431cabc854697d302c563) C:\Windows\system32\drivers\NDProxy.sys
2011/02/19 18:50:52.0416 0436 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/19 18:50:52.0478 0436 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/19 18:50:52.0681 0436 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/02/19 18:50:52.0837 0436 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/02/19 18:50:52.0915 0436 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/02/19 18:50:52.0977 0436 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/19 18:50:53.0087 0436 Ntfs (3f379380a4a2637f559444e338cf1b51) C:\Windows\system32\drivers\Ntfs.sys
2011/02/19 18:50:53.0211 0436 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/02/19 18:50:53.0274 0436 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/02/19 18:50:53.0321 0436 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/02/19 18:50:53.0352 0436 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/02/19 18:50:53.0399 0436 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/02/19 18:50:53.0508 0436 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/19 18:50:53.0679 0436 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/02/19 18:50:53.0711 0436 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/02/19 18:50:53.0742 0436 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/02/19 18:50:53.0835 0436 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
2011/02/19 18:50:54.0023 0436 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/02/19 18:50:54.0085 0436 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/02/19 18:50:54.0147 0436 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/02/19 18:50:54.0413 0436 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/19 18:50:54.0459 0436 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/02/19 18:50:54.0522 0436 PSched (b74edf14453c9987e99e66535047ebee) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/19 18:50:54.0584 0436 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\Windows\system32\Drivers\PxHelp20.sys
2011/02/19 18:50:54.0771 0436 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/02/19 18:50:54.0927 0436 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/02/19 18:50:54.0990 0436 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/19 18:50:55.0021 0436 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/19 18:50:55.0099 0436 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/19 18:50:55.0146 0436 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/19 18:50:55.0302 0436 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/19 18:50:55.0364 0436 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/19 18:50:55.0427 0436 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/02/19 18:50:55.0458 0436 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/19 18:50:55.0536 0436 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/02/19 18:50:55.0739 0436 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/19 18:50:55.0785 0436 RTL8169 (455f7f7974211ea11b81f0f4e528e258) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/02/19 18:50:55.0863 0436 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/02/19 18:50:56.0066 0436 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
2011/02/19 18:50:56.0113 0436 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/02/19 18:50:56.0191 0436 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/02/19 18:50:56.0238 0436 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/02/19 18:50:56.0363 0436 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/02/19 18:50:56.0456 0436 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/02/19 18:50:56.0503 0436 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/02/19 18:50:56.0550 0436 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/02/19 18:50:56.0690 0436 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/02/19 18:50:56.0784 0436 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/02/19 18:50:56.0831 0436 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/02/19 18:50:56.0862 0436 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/02/19 18:50:56.0940 0436 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/02/19 18:50:57.0127 0436 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/02/19 18:50:57.0236 0436 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2011/02/19 18:50:57.0392 0436 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/19 18:50:57.0501 0436 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/19 18:50:57.0579 0436 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/19 18:50:57.0720 0436 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/02/19 18:50:57.0860 0436 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/02/19 18:50:57.0907 0436 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/02/19 18:50:58.0032 0436 SynTP (2d2c815364a878c7e358d5f549711197) C:\Windows\system32\DRIVERS\SynTP.sys
2011/02/19 18:50:58.0313 0436 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
2011/02/19 18:50:58.0484 0436 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/19 18:50:58.0625 0436 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/19 18:50:58.0687 0436 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/02/19 18:50:58.0749 0436 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/02/19 18:50:58.0796 0436 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/02/19 18:50:58.0952 0436 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/19 18:50:58.0999 0436 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/19 18:50:59.0077 0436 tifm21 (f779ba4cd37963ab4600c9871b7752a3) C:\Windows\system32\drivers\tifm21.sys
2011/02/19 18:50:59.0280 0436 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\Windows\system32\drivers\Tosrfcom.sys
2011/02/19 18:50:59.0311 0436 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
2011/02/19 18:50:59.0436 0436 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/19 18:50:59.0483 0436 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2011/02/19 18:50:59.0654 0436 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/19 18:50:59.0732 0436 TVALZ (521c5f39829875adf5466dd94c6282c7) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/02/19 18:50:59.0795 0436 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/02/19 18:50:59.0935 0436 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/19 18:51:00.0029 0436 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/02/19 18:51:00.0075 0436 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/02/19 18:51:00.0231 0436 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/02/19 18:51:00.0278 0436 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/02/19 18:51:00.0309 0436 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/19 18:51:00.0419 0436 usbccgp (a028bbf8f82d99f99c1e0ca73efcb5fb) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/19 18:51:00.0559 0436 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/02/19 18:51:00.0606 0436 usbehci (15be5995d255f4067be57831d7a019e0) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/19 18:51:00.0653 0436 usbhub (3af9f47f37b44ca50de50732c6a52c38) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/19 18:51:00.0715 0436 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/02/19 18:51:00.0855 0436 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/19 18:51:00.0949 0436 usbuhci (6319543440ce8c180a12603d37934ff6) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/19 18:51:01.0043 0436 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/19 18:51:01.0214 0436 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/02/19 18:51:01.0261 0436 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/02/19 18:51:01.0308 0436 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/02/19 18:51:01.0370 0436 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/02/19 18:51:01.0417 0436 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
2011/02/19 18:51:01.0557 0436 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/02/19 18:51:01.0604 0436 volsnap (11ef6c1caef76b685233450a126125d6) C:\Windows\system32\drivers\volsnap.sys
2011/02/19 18:51:01.0651 0436 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/02/19 18:51:01.0838 0436 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/02/19 18:51:01.0885 0436 Wanarp (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/19 18:51:01.0901 0436 Wanarpv6 (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/19 18:51:02.0010 0436 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/02/19 18:51:02.0072 0436 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/19 18:51:02.0447 0436 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/02/19 18:51:02.0603 0436 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/02/19 18:51:02.0649 0436 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/19 18:51:02.0759 0436 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/19 18:51:02.0852 0436 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/19 18:51:02.0852 0436 ================================================================================
2011/02/19 18:51:02.0852 0436 Scan finished
2011/02/19 18:51:02.0852 0436 ================================================================================
2011/02/19 18:51:02.0899 0988 Detected object count: 1
2011/02/19 18:51:17.0282 0988 \HardDisk0 - will be cured after reboot
2011/02/19 18:51:17.0282 0988 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/02/19 18:51:55.0206 2036 Deinitialize success
 
ok good. Based on the log:

You had a rootkit on your machine. They hide malicious files and components from traditional antivirus/antimalware software. Rootkits bury themselves deep in the operating system. Special software is needed to detect and remove them. Even if symptoms are gone and logs are clean its still not a 100% guarantee that your machine is clean once a rootkit has been detected and removed. In my opinion you should consider a reformat/reinstall of Windows.
The best source for information on how to do this would be the computer manufacturers website.

Next you can get DDS and post its log:

Please download DDS and save it to your desktop.
Double click dds.scr to run the tool. When done, DDS.txt will open.
Save both reports to your desktop.
Please Copy/paste both logs in your reply.
 
Last edited:
DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by Esther at 12:40:56.53 on Sun 02/20/2011
Internet Explorer: 7.0.6000.16982
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1014.596 [GMT -8:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Esther\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
mStart Page = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [PINGER] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Jximehadeh] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\ogotogoloputu.dll",Startup
dRun: [lpc] rundll32.exe"c:\users\esther\appdata\roaming\sun\mnyix.dll", RegisterDll
StartupFolder: c:\users\esther\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Notify: gonrrkt - gonrrkt.dll
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\esther\appdata\roaming\mozilla\firefox\profiles\twwybyw7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: XULRunner: {73370CCD-BCBF-467A-A7C9-0C5200F1EB4B} - c:\windows\system32\config\systemprofile\appdata\local\{73370CCD-BCBF-467A-A7C9-0C5200F1EB4B}
FF - Ext: XULRunner: {D5865824-BCF7-4D4C-9529-8D270FFF8B8A} - c:\users\esther\appdata\local\{D5865824-BCF7-4D4C-9529-8D270FFF8B8A}

============= SERVICES / DRIVERS ===============

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-7 294608]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-7 17744]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-7-7 51280]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-16 40384]
S2 MSSQL$VSDOTNET;SQL Server (VSDOTNET);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-2-16 1153368]

=============== Created Last 30 ================

2011-02-18 01:43:36 428352 ----a-w- c:\windows\system32\StubInstaller.exe
2011-02-18 01:34:06 428352 ----a-w- c:\program files\mozilla firefox\StubInstaller.exe
2011-02-17 02:31:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-17 02:31:55 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-02-11 06:20:14 0 ----a-w- c:\users\esther\appdata\local\Ijilad.bin
2011-02-07 22:35:20 -------- d-----w- c:\users\esther\appdata\local\{D5865824-BCF7-4D4C-9529-8D270FFF8B8A}
2011-02-07 22:20:40 -------- d-----w- c:\program files\Yontoo Layers Client
2011-02-07 22:20:33 -------- d-----w- c:\progra~2\Tarma Installer
2011-02-07 22:19:59 -------- d-----w- c:\progra~2\gDgFmKd15400
2011-02-07 22:19:35 10752 ----a-w- c:\windows\system32\gonrrkt.dll

==================== Find3M ====================

2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr
2010-10-06 19:08:44 939956 ----a-w- c:\program files\7z465.exe

============= FINISH: 12:42:02.53 ===============






UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/7/2010 8:49:45 PM
System Uptime: 2/20/2011 12:37:35 PM (0 hours ago)

Motherboard: TOSHIBA | | IAKAA
Processor: Genuine Intel(R) CPU T2080 @ 1.73GHz | U2E1 | 1729/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 80 GiB total, 52.076 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

7-Zip 4.65
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Shockwave Player
Atheros Driver Installation Program
avast! Free Antivirus
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 3
Bluetooth Stack for Windows by Toshiba
CCleaner
CD/DVD Drive Acoustic Silencer
Chuzzle Deluxe
Crystal Reports Basic Runtime for Visual Studio 2008
Desktop Dialer
DVD MovieFactory for TOSHIBA
FATE
ffdshow v1.1.3572 [2010-09-13]
Intel(R) Graphics Media Accelerator Driver
Internet Offers
Java(TM) SE Runtime Environment 6
JEOPARDY
Microsoft .NET Framework 3.5
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (VSDOTNET)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft XML Parser
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Penguins!
Real Estate Licensing Tester AutoExam 2008 V1
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
SCRABBLE
SiteLink Web Edition
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Game Console
TOSHIBA Hardware Setup
TOSHIBA Media Center Game Console
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Utility Common Driver
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WinDVD for TOSHIBA
Yahoo! Music Jukebox
Yontoo Layers Client 1.10.01

==== End Of File ===========================
 
ok We will get another download which you can keep and use:

Please download the free version of Malwarebytes to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.
 
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5825

Windows 6.0.6000
Internet Explorer 7.0.6000.16982

2/20/2011 7:06:38 PM
mbam-log-2011-02-20 (19-06-38).txt

Scan type: Full scan (C:\|)
Objects scanned: 232853
Time elapsed: 47 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Windows\System32\config\systemprofile\AppData\Local\ogotogoloputu.dll (Trojan.Agent.U) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lpc (Trojan.Ambler.Gen) -> Value: lpc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jximehadeh (Trojan.Agent.U) -> Value: Jximehadeh -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Esther\AppData\Roaming\Sun\mnyix.dll (Trojan.Ambler.Gen) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\ctfmon.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Local\ogotogoloputu.dll (Trojan.Agent.U) -> Delete on reboot.
 
ok good. We will get one more download to use then call it quits. It called combofix, you may have used in in one of you other threads. Read through the guide then allpy the directions on your own machine. post the combofix log:

Guide to using Combofix
 
ComboFix 11-02-22.01 - Esther 02/22/2011 13:58:06.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1014.425 [GMT -8:00]
Running from: c:\users\Esther\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Esther\AppData\Local\{D5865824-BCF7-4D4C-9529-8D270FFF8B8A}
c:\users\Esther\AppData\Local\{D5865824-BCF7-4D4C-9529-8D270FFF8B8A}\chrome.manifest
c:\users\Esther\AppData\Local\{D5865824-BCF7-4D4C-9529-8D270FFF8B8A}\chrome\content\_cfg.js
c:\users\Esther\AppData\Local\{D5865824-BCF7-4D4C-9529-8D270FFF8B8A}\chrome\content\overlay.xul
c:\users\Esther\AppData\Local\{D5865824-BCF7-4D4C-9529-8D270FFF8B8A}\install.rdf
c:\windows\System32\config\systemprofile\AppData\Local\{73370CCD-BCBF-467A-A7C9-0C5200F1EB4B}
c:\windows\System32\config\systemprofile\AppData\Local\{73370CCD-BCBF-467A-A7C9-0C5200F1EB4B}\chrome.manifest
c:\windows\System32\config\systemprofile\AppData\Local\{73370CCD-BCBF-467A-A7C9-0C5200F1EB4B}\chrome\content\_cfg.js
c:\windows\System32\config\systemprofile\AppData\Local\{73370CCD-BCBF-467A-A7C9-0C5200F1EB4B}\chrome\content\overlay.xul
c:\windows\System32\config\systemprofile\AppData\Local\{73370CCD-BCBF-467A-A7C9-0C5200F1EB4B}\install.rdf
c:\windows\system32\config\systemprofile\AppData\Roaming\Adobe\plugs
c:\windows\system32\gonrrkt.dll

.
((((((((((((((((((((((((( Files Created from 2011-01-22 to 2011-02-22 )))))))))))))))))))))))))))))))
.

2011-02-22 22:08 . 2011-02-22 22:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-21 02:15 . 2011-02-21 02:15 -------- d-----w- c:\users\Esther\AppData\Roaming\Malwarebytes
2011-02-21 02:14 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-21 02:14 . 2011-02-21 02:14 -------- d-----w- c:\programdata\Malwarebytes
2011-02-21 02:14 . 2011-02-21 02:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-21 02:14 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-18 01:47 . 2011-02-18 01:47 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2011-02-18 01:43 . 2010-10-07 16:50 428352 ----a-w- c:\windows\system32\StubInstaller.exe
2011-02-18 01:34 . 2010-10-07 16:50 428352 ----a-w- c:\program files\Mozilla Firefox\StubInstaller.exe
2011-02-17 02:31 . 2011-02-17 05:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-17 02:31 . 2011-02-17 02:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-02-11 06:20 . 2011-02-21 01:53 0 ----a-w- c:\users\Esther\AppData\Local\Ijilad.bin
2011-02-07 22:23 . 2011-02-07 22:23 0 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\Ijilad.bin
2011-02-07 22:20 . 2011-02-07 22:20 -------- d-----w- c:\program files\Yontoo Layers Client
2011-02-07 22:20 . 2011-02-07 22:20 -------- d-----w- c:\programdata\Tarma Installer
2011-02-07 22:20 . 2011-02-07 22:20 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\SQL
2011-02-07 22:19 . 2011-02-16 18:14 -------- d-----w- c:\programdata\gDgFmKd15400

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-07-08 05:08 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-07-08 05:08 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-07-08 05:09 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-07-08 05:09 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2010-07-08 05:09 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-07-08 05:09 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2010-07-08 05:09 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-10 04:28 . 2010-12-10 04:28 644360 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-10-06 19:08 . 2010-10-06 19:08 939956 ----a-w- c:\program files\7z465.exe
.
Code: 
<pre>
c:\windows\System32\config\systemprofile\AppData\Roaming\Adobe\ctfmon .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2010-12-20 18:09 191488 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
"PINGER"="c:\toshiba\IVP\ISM\pinger.exe" [2006-07-20 151552]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-01-19 421888]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE" [N/A]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-29 81920]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-29 106496]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-29 98304]
"SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe" [N/A]
"NDSTray.exe"="NDSTray.exe" [N/A]

c:\users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1922036909]
2006-10-04 00:17 65616 ----a-w- c:\program files\Toshiba Registration\Registration.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
%ProgramFiles%\TOSHIBA\TBS\HSON.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2988387190-1376504491-747976677-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 MSSQL$VSDOTNET;SQL Server (VSDOTNET);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
mStart Page = hxxp://www.toshibadirect.com/dpdstart
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Esther\AppData\Roaming\Mozilla\Firefox\Profiles\twwybyw7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -

AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-22 14:10
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-02-22 14:15:10
ComboFix-quarantined-files.txt 2011-02-22 22:15

Pre-Run: 54,652,715,008 bytes free
Post-Run: 54,717,132,800 bytes free

- - End Of File - - 5884C6F05E852ECEF2EC2B5C120B2804
 
ok good. We will use combofix;

Click Start, then Run and type Notepad and click OK.
Copy/paste the text in the code box below into notepad:

Code: 
RenV::
c:\windows\System32\config\systemprofile\AppData\Roaming\Adobe\ctfmon .exe
Name the Notepad file CFScript.txt and Save it to your desktop.
now locate the file you just saved and the combofix icon, both on your desktop using your mouse drag the CFScript right on top of the combofix icon and release, combofix will run and produce a new log
please post the new combofix log.
 
I ran combofix and got the log, but I couldn't open IE or firefox. I got the message: "Illegal operation attempted on a registry key that has been marked for deletion" I tryed to open other programs and got the same message.
 
Thats a new one on me. Not sure whats going on with the reg key message. I see now Malwarebytes removed the file also;

c:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\ctfmon.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
Click to expand...

Try this:
1)Reboot your machine if you havent yet.

2)Go to start>run and type in firefox.exe or iexplore.exe and see if either one starts that way. Getting the "run" box in Vista may be slightly different.

3) try running sfc /scannow. (link below) You can also do this in safe mode if you still get the message. To reach safe mode you would tap the f8 key during a computer restart. Chose the first option from the list: safe mode, log in to your usual account. Once at the safe mode desktop run sfc /scannow.
You can read this link on another computer about how to use sfc scannow.

I wont be back online for 14-18 hours. Good luck
 
rebooting worked. Here's the combofix log.

ComboFix 11-02-22.01 - Esther 02/22/2011 17:16:53.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1014.307 [GMT -8:00]
Running from: c:\users\Esther\Desktop\ComboFix.exe
Command switches used :: c:\users\Esther\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2011-01-23 to 2011-02-23 )))))))))))))))))))))))))))))))
.

2011-02-23 01:42 . 2011-02-23 01:42 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-02-23 01:42 . 2011-02-23 01:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-21 02:15 . 2011-02-21 02:15 -------- d-----w- c:\users\Esther\AppData\Roaming\Malwarebytes
2011-02-21 02:14 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-21 02:14 . 2011-02-21 02:14 -------- d-----w- c:\programdata\Malwarebytes
2011-02-21 02:14 . 2011-02-21 02:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-21 02:14 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-18 01:47 . 2011-02-18 01:47 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2011-02-18 01:43 . 2010-10-07 16:50 428352 ----a-w- c:\windows\system32\StubInstaller.exe
2011-02-18 01:34 . 2010-10-07 16:50 428352 ----a-w- c:\program files\Mozilla Firefox\StubInstaller.exe
2011-02-17 02:31 . 2011-02-17 05:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-17 02:31 . 2011-02-17 02:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-02-11 06:20 . 2011-02-21 01:53 0 ----a-w- c:\users\Esther\AppData\Local\Ijilad.bin
2011-02-07 22:23 . 2011-02-07 22:23 0 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\Ijilad.bin
2011-02-07 22:20 . 2011-02-07 22:20 -------- d-----w- c:\program files\Yontoo Layers Client
2011-02-07 22:20 . 2011-02-07 22:20 -------- d-----w- c:\programdata\Tarma Installer
2011-02-07 22:20 . 2011-02-07 22:20 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\SQL
2011-02-07 22:19 . 2011-02-16 18:14 -------- d-----w- c:\programdata\gDgFmKd15400

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-07-08 05:08 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-07-08 05:08 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-07-08 05:09 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-07-08 05:09 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2010-07-08 05:09 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-07-08 05:09 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2010-07-08 05:09 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-10 04:28 . 2010-12-10 04:28 644360 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-10-06 19:08 . 2010-10-06 19:08 939956 ----a-w- c:\program files\7z465.exe
.
Code: 
<pre>
c:\windows\System32\config\systemprofile\AppData\Roaming\Adobe\ctfmon .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2010-12-20 18:09 191488 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
"PINGER"="c:\toshiba\IVP\ISM\pinger.exe" [2006-07-20 151552]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-01-19 421888]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE" [N/A]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-29 81920]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-29 106496]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-29 98304]
"SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe" [N/A]
"NDSTray.exe"="NDSTray.exe" [N/A]

c:\users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1922036909]
2006-10-04 00:17 65616 ----a-w- c:\program files\Toshiba Registration\Registration.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
%ProgramFiles%\TOSHIBA\TBS\HSON.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2988387190-1376504491-747976677-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 MSSQL$VSDOTNET;SQL Server (VSDOTNET);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
mStart Page = hxxp://www.toshibadirect.com/dpdstart
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Esther\AppData\Roaming\Mozilla\Firefox\Profiles\twwybyw7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-22 17:42
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-02-22 17:48:09
ComboFix-quarantined-files.txt 2011-02-23 01:48
ComboFix2.txt 2011-02-22 22:15

Pre-Run: 54,552,358,912 bytes free
Post-Run: 55,054,585,856 bytes free

- - End Of File - - 69CB1658A824EC0E2AD5F611D881355D
 
My Av seems fine.
Click to expand...
I asked because it was disabled in your post title. You can delete combofix like this;
start>run and type in:
combofix /uninstall
click ok or enter
note the space after the x and before the /

Note that the free version of Malwarebytes must be updated manually and a scan started manaully.

You can also delete the tdsskiller icon from your desktop
The how and why of making a restore point;

One of the features of Windows XP,Vista and Windows7 is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.



To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account. Turn system restore off and reboot to delete old restore points then turn system restore back on and reboot to create new ones on a regular basis.

See link

If all is good some tips to help you remain malware free:

10 Tips for Prevention and Avoidance of Malware:

There is no reason why your computer can not stay malware free.
No software can think for you. Help yourself. In no special order:

1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the Windows auto-update feature. Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here.

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing Tricks.

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.

8) Install and understand the *limitations* of a software firewall.

9) A tool for automatically hardening and securing Internet Explorer 8.0. Requires site registration for downloading. Changes some of the default settings of IE 8.0, Read the FAQ's. Or see a slide show Here and do it yourself. How to harden FireFox. for safer surfing.

10) Warez, cracks etc are very popular for carrying malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks you will encounter malware. Can you really trust the source of the file?


More info/tips with pictures, links below

Happy Safe Surfing.
 
You must log in or register to reply here.
Back
Top