Solved Google redirect is back

[Broni]

Let's try resetting router one more time...

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and Windows 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer and check for redirections.

NOTE. You may need to re-check your router security settings, as described HERE

 

[Shambo9]

Tried the first command prompt, got "the requested operation requires elevation".

I suspect I somehow got my administrator status taken since Combofix said something similar to this effect and OTL required a doublecheck prompt before I let it run.

 

[Broni]

You're not reading carefully:

in Vista and Windows 7, while holding CTRL, and SHIFT, press Enter

 

[Shambo9]

I did that. It didn't help

 

[Broni]

Please click HERE to download Kaspersky Virus Removal Tool.

• Double click on the file you just downloaded and let it install.
• It will install to your desktop.
• After that leave what is selected and put a check next to My Computer.
• Click on the option that says Threat Detection and change it to Disinfect,delete if disinfection fails.
• Then click on Start Scan.
• Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
• When the scan is done no log will be produced.
• Click on the bottom where it says Report to open the report.
• Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
• This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
• You can save this on the desktop.
• Post the contents of the document in your next reply.

 

[Shambo9]

Ok well now im posting from my phone since my computer is screwed, even in safe mode. Task manager is gone apparently. Nothing runs anymore. It asks me what program I want to use to run firefox or notepad...

Also getting bogus "Vista Home Security 2012" alerts.

 

[Broni]

I'm not sure what exactly you're doing with your computer, but obviously, you got infected again.

Start with these instructions: http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012

 

[Shambo9]

I didnt download or do anything. Avira kept running into viruses so I let it do its thing.

I dont know how to use the instructions you provided if I am unable to run any programs (including malwarebytes).

 

[Broni]

if I am unable to run any programs (including malwarebytes).

You're not reading those instruction carefully enough.
Take your time and read them again.

 

[Shambo9]

After reading the very last step, I think I'm almost positive what caused the reinfection. I hadn't noticed your instructions to remove the Adobe Reader back then (my bad).

 

[Broni]

Go on........

 

[Shambo9]

I am currently updating all programs that I need to. Google still redirects my searches.

 

[Broni]

Go back to my reply #82 when ready.

 

[Shambo9]

I have followed the instructions. I did a full Malwarebytes scan and then did ran Secunia to update some stuff. My FireFox was out of date, if that helps.

 

[Broni]

You're not reading my replies.
Please, re-read my previous reply.

 

[Shambo9]

I did all 18 steps carefully...I'm not sure what you want me to do now.

 

[Broni]

OK then.
What are the current issues?

 

[Shambo9]

I do get the occasional pop-up every now and then, mostly when I open a new tab. Google still redirects my searches. I think that's all.

I ran a gmer scan out of curiousity and it has some interesting info. Shall I post it?

 

[Broni]

Sure.

Also....

Please, download DDS from one of the 2 mirrors and save it to your desktop.

Mirror 1
Mirror 2

* Disable any script blocking protection (if present)
* Double click the dds icon to run the tool.
* When done, DDS will open two logs:
1. DDS.txt
2. Attach.txt
* Save both reports to your desktop by clicking File>Save As in each log.

Include the contents of both logs in your new topic. The scan will instruct you to post Attach.txt as an attachment. No need for that though ..... just post it's contents as you would any other log.

 

[Shambo9]

Nevermind, delete this post

 

[Shambo9]

Ignore that last post. here it is

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_26
Run by thomas at 13:41:47 on 2011-06-26
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1789.898 [GMT -5:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\syntpenh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mStart Page = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi8fac~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Bamboo Dock] "c:\program files\bamboo dock\bamboo dock\Bamboo Dock.exe"
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BambooCore] c:\program files\bamboo dock\BambooCore.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [BCSSync] "c:\program files\microsoft office10\office14\BCSSync.exe" /DelayServices
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\mallyware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [cleanddm] c:\windows\system32\config\systemprofile\appdata\local\cleanddm.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\users\thomas\appdata\roaming\micros~1\windows\startm~1\programs\startup\setup_~1.lnk - c:\users\thomas\desktop\virus removal tool\setup_9.0.0.722_25.06.2011_03-02\startup.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
dPolicies-system: EnableProfileQuota = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mi8fac~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mi8fac~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office10\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office10\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {19F91908-F9CD-4876-9EAE-AD6F4C6BAB59} - hxxp://www.sunzio.com/global/SunFolderAx.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{3D841BBD-6D6D-4148-B77E-4840388752F1} : DhcpNameServer = 192.168.10.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\programdata\ASLOC32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\thomas\appdata\roaming\mozilla\firefox\profiles\b06iw1a1.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\progra~1\mi8fac~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi8fac~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\thomas\program files\dna\plugins\npbtdna.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 18968182;18968182 Boot Guard Driver;c:\windows\system32\drivers\18968182.sys [2011-6-24 37392]
R1 18968181;18968181;c:\windows\system32\drivers\18968181.sys [2011-6-24 128016]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-7-27 20384]
R1 setup_9.0.0.722_25.06.2011_03-02drv;setup_9.0.0.722_25.06.2011_03-02drv;c:\windows\system32\drivers\1896818.sys [2011-6-24 311312]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-11 61960]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-5-5 7168]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]
S3 spvads;SoundPlane Audio Device (S);c:\windows\system32\drivers\spvads.sys [2010-11-19 48128]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-5-16 9216]
.
=============== Created Last 30 ================
.
2011-06-26 01:02:01 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-06-26 01:01:59 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-06-26 01:01:59 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-06-26 01:01:59 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-06-26 01:01:59 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-26 01:01:59 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-26 01:01:59 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-06-26 01:01:59 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-06-26 00:46:35 -------- d-----w- c:\program files\common files\DivX Shared
2011-06-26 00:38:37 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2011-06-26 00:37:22 -------- d-----w- c:\program files\common files\xing shared
2011-06-26 00:36:59 150712 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2011-06-26 00:36:36 105472 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2011-06-26 00:34:58 712976 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2011-06-26 00:26:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-26 00:03:56 -------- d-----w- c:\users\thomas\appdata\local\Secunia PSI
2011-06-26 00:03:47 -------- d-----w- c:\program files\Secunia
2011-06-25 19:18:49 -------- d-----w- c:\program files\mallyware
2011-06-24 23:47:58 37392 ----a-w- c:\windows\system32\drivers\18968182.sys
2011-06-24 23:47:58 128016 ----a-w- c:\windows\system32\drivers\18968181.sys
2011-06-24 23:47:57 311312 ----a-w- c:\windows\system32\drivers\1896818.sys
2011-06-22 02:33:14 -------- d-s---w- C:\ComboFix
2011-06-17 12:30:25 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-17 12:30:21 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-17 12:30:14 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-17 12:30:14 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-17 12:30:09 766464 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2011-06-17 12:30:05 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-17 12:30:00 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-17 12:29:58 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-17 12:29:57 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-17 12:29:50 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-06-06 23:41:01 -------- d-s---w- C:\broni12246b
2011-06-06 23:40:12 -------- d-s---w- C:\broni14842b
2011-06-06 01:50:03 -------- d-s---w- C:\yourname
2011-06-06 00:20:47 -------- d-----w- c:\program files\iPod
2011-06-03 21:26:46 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a5dbd2d6-b9f1-4812-8550-a8b43cb6569a}\mpengine.dll
2011-06-03 19:41:43 -------- d-----w- c:\users\thomas\appdata\local\{6C4A73DE-8373-4FB7-A232-E7AF808DC258}
2011-06-03 19:27:07 -------- d-----w- c:\users\thomas\appdata\roaming\.minecraft
2011-06-02 17:53:02 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-05-30 01:28:52 -------- d-----w- C:\_OTL
2011-05-29 19:40:55 -------- d-s---w- C:\broni7004b
2011-05-29 19:40:09 -------- d-s---w- C:\broni31613b
2011-05-29 19:21:45 -------- d-s---w- C:\broni7795b
2011-05-29 19:21:03 -------- d-s---w- C:\broni
2011-05-28 03:33:42 98816 ----a-w- c:\windows\sed.exe
2011-05-28 03:33:42 518144 ----a-w- c:\windows\SWREG.exe
2011-05-28 03:33:42 256512 ----a-w- c:\windows\PEV.exe
2011-05-28 03:33:42 208896 ----a-w- c:\windows\MBR.exe
.
==================== Find3M ====================
.
2011-06-26 03:50:17 263637775 ----a-w- c:\windows\DUMP6ac3.tmp
2011-06-26 03:37:21 287120143 ----a-w- c:\windows\DUMP64ba.tmp
2011-06-26 00:51:18 206637839 ----a-w- c:\windows\DUMP8027.tmp
2011-06-26 00:39:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-26 00:36:12 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-06-26 00:36:12 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-04-21 15:00:34 833024 ----a-w- c:\windows\system32\wininet.dll
2011-04-21 14:57:48 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-21 13:28:42 389632 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:08:37 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-06 21:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
============= FINISH: 13:45:45.54 ===============

 

[Shambo9]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/26/2008 11:52:45 PM
System Uptime: 6/26/2011 1:36:27 PM (0 hours ago)
.
Motherboard: ATI Corp. | | Ant3
Processor: AMD Turion(tm) X2 Dual-Core Mobile RM-70 | Socket M2/S1G1 | 500/1800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 231 GiB total, 69.995 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office system
7-Zip 4.65
ActiveState ActivePython 2.7.0.2 (32-bit)
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Community Help
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Extension Manager CS4
Adobe Extension Manager CS5
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop 7.0
Adobe Reader 8.3.0
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
AIM 7
AimOne All to MP3 Converter 1.82
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
ATI Catalyst Install Manager
Audacity 1.2.6
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
Bamboo
Bamboo Dock
Bamboo Dock 3.3
Bonjour
Camera Assistant Software for Toshiba
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CD/DVD Drive Acoustic Silencer
CDisplay 1.8
Compatibility Pack for the 2007 Office system
Definition update for Microsoft Office 2010 (KB982726)
Desktop Calendar 0.43b
DivX Converter
DivX Setup
DNA
Download Updater (AOL LLC)
ESET Online Scanner v3
Express Burn
FIFE 0.3.1
Fighter Factory 1.0.9.2005 + Update Pack 1
FLV Player 2.0 (build 25)
Free Audio CD Burner version 1.2
Free M4a to MP3 Converter 6.0
Free YouTube to iPod Converter version 3.5
Free YouTube to MP3 Converter version 3.3
Free YouTube Uploader version 3.3.11
GatheringRO
GearDrvs
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HyperCam 2
HypreCam Toolbar
iLike Sidebar
iTunes
Java Auto Updater
Java(TM) 6 Update 26
LAME v3.98.2 for Audacity
LimeWire 5.5.10
Macromedia Flash 8 Video Encoder
Malwarebytes' Anti-Malware
Memeo AutoBackup
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Expression Blend 3 SDK
Microsoft Expression Blend 4
Microsoft Expression Blend SDK for .NET 4
Microsoft Expression Blend SDK for Silverlight 4
Microsoft Expression Design 4
Microsoft Expression Encoder 4
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Expression Studio 4
Microsoft Expression Web 4
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2010
Microsoft Office FrontPage 2003
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2007
Microsoft Office Professional Edition 2003
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Minecraft Planner v1.0
MobileMe Control Panel
Mozilla Firefox 5.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenAL
OpenSpace Editor
PDF Settings
Pharos
Picasa 3
Pixillion Image Converter
PlayFLV
PowerISO
QuickBooks Financial Center
QuickTime
Ragnarok Online
Ragnarok Sakray
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Replay Media Catcher 4
Revo Uninstaller 1.91
save2pc Light 3.37
ScummVM 0.10.0
Search Toolbar
Secunia PSI (2.0.0.3003)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Excel 2010 (KB2523021)
Security Update for Microsoft InfoPath 2010 (KB2510065)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Skins
Skype Toolbars
Skype™ 5.3
Sony Noise Reduction Plug-In 2.0h
Sophos Anti-Rootkit 1.5.0
swMSM
Synaptics Pointing Device Driver
TOSHIBA Application Disc Creator
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Games
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Value Added Package
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Update for Outlook 2007 Junk Email Filter (kb972691)
VC80CRTRedist - 8.0.50727.4053
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Installer Clean Up
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Upload Tool
WinRAR archiver
WordPerfect Office X4
WPF Toolkit February 2010 (Version 3.5.50211.1)
Yahoo! Messenger
Yahoo! Software Update
.
==== End Of File ===========================

 

[Shambo9]

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-26 00:14:54
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdePort0 Hitachi_HTS542525K9SA00 rev.BBFOC33P
Running: gmer.exe; Driver: C:\Users\thomas\AppData\Local\Temp\uxliipob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x87D5B000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x87DA4000, 0x510, 0x40000040]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8BC0D000, 0x1FB52A, 0xE8000020]
? C:\Windows\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtProtectVirtualMemory 76F585D8 5 Bytes JMP 007B000A
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtWriteVirtualMemory 76F58F18 5 Bytes JMP 0092000A
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!KiUserExceptionDispatcher 76F59648 5 Bytes JMP 007A000A
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[1544] kernel32.dll!SetUnhandledExceptionFilter 759B6E2D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Windows\Explorer.EXE[3840] ntdll.dll!NtProtectVirtualMemory 76F585D8 5 Bytes JMP 005E000A
.text C:\Windows\Explorer.EXE[3840] ntdll.dll!NtWriteVirtualMemory 76F58F18 5 Bytes JMP 005F000A
.text C:\Windows\Explorer.EXE[3840] ntdll.dll!KiUserExceptionDispatcher 76F59648 5 Bytes JMP 005D000A
.text C:\Windows\system32\wuauclt.exe[4220] ntdll.dll!NtProtectVirtualMemory 76F585D8 5 Bytes JMP 0025000A
.text C:\Windows\system32\wuauclt.exe[4220] ntdll.dll!NtWriteVirtualMemory 76F58F18 5 Bytes JMP 0026000A
.text C:\Windows\system32\wuauclt.exe[4220] ntdll.dll!KiUserExceptionDispatcher 76F59648 5 Bytes JMP 0024000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5408] ntdll.dll!NtProtectVirtualMemory 76F585D8 5 Bytes JMP 0063000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5408] ntdll.dll!NtWriteVirtualMemory 76F58F18 5 Bytes JMP 0064000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5408] ntdll.dll!KiUserExceptionDispatcher 76F59648 5 Bytes JMP 0026000A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5888] USER32.dll!GetWindowInfo 76140560 5 Bytes JMP 63815451 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5888] USER32.dll!SetWindowLongA 76140736 3 Bytes JMP 639FEDA6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5888] USER32.dll!SetWindowLongA + 4 7614073A 1 Byte [ED]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5888] USER32.dll!SetWindowLongW 76141F35 3 Bytes JMP 639FED38 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5888] USER32.dll!SetWindowLongW + 4 76141F39 1 Byte [ED]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5888] USER32.dll!TrackPopupMenu 76151417 5 Bytes JMP 63815A99 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVSCAN-20110625-200652-3772738F\00000021-03F9B0F7.av$ (size mismatch) 5239088/0 bytes executable
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ZJOZ53G\backcookie[2].js 2347 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ZJOZ53G\checkBrowser[5].htm 2232 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ZJOZ53G\iframe[7] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9HTS83A\viapi[1].xml 36 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9HTS83A\rockb-webfont[1].eot 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9HTS83A\rockbi-webfont[1].eot 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9HTS83A\chunk-webfont[1].eot 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9HTS83A\t[1].gif 49 bytes

---- EOF - GMER 1.0.15 ----

 

[Broni]

Well, normally, I don't want to be a censor, but since your computer is getting reinfected I looked at your installed programs and I see stuff like µTorrent and Limewire.
If you keep downloading illegal stuff we'll never finish this topic.

This time, it looks like you're infected with a rootkit.

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[Shambo9]

Well, normally, I don't want to be a censor, but since your computer is getting reinfected I looked at your installed programs and I see stuff like µTorrent and Limewire.
If you keep downloading illegal stuff we'll never finish this topic.

This time, it looks like you're infected with a rootkit.

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

I'm willing to get rid of both of those.