Inactive Google Redirect malware

[TKell]

First off, my system is Vista - up to date with updates.

I noticed a few weeks ago that whenever I've do a search through Google and try to click on one of the result links, it will redirect to another "search-like" page. If I hit the back button, it will show the original result link. If I search with Bing, this doesn't happen.

I've read and followed the instructions on the " UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions" thread and I have the 3 logs requested.

I will post each log as a separate reply.

Thank you for your help in advance.

 

[TKell]

MalwareBytes Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4710

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

9/28/2010 8:54:12 AM
mbam-log-2010-09-28 (08-54-12).txt

Scan type: Quick scan
Objects scanned: 146658
Time elapsed: 6 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[TKell]

gmer.log file (file too big - split into 2):

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-28 12:17:09
Windows 6.0.6002 Service Pack 2
Running: 92zss7cw.exe; Driver: C:\Users\Tim\AppData\Local\Temp\kwroikow.sys


---- System - GMER 1.0.15 ----

INT 0x72 ? 87216BF8
INT 0x82 ? 87216BF8
INT 0x92 ? 87216BF8
INT 0xA2 ? 8563FBF8
INT 0xA2 ? 87216BF8
INT 0xA2 ? 87216BF8
INT 0xA2 ? 8563FBF8
INT 0xB2 ? 87216BF8
INT 0xB2 ? 87216BF8
INT 0xB2 ? 87216BF8

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\sphr.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8A55C480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8A59D900, 0x3CA, 0x48000040]
.text USBPORT.SYS!DllUnload 8EDD441B 5 Bytes JMP 872161D8
.text aahq32pa.SYS 8DF72000 22 Bytes [82, D3, 1D, 82, 6C, D2, 1D, ...]
.text aahq32pa.SYS 8DF72017 181 Bytes [00, 32, C7, 99, 82, 3D, C5, ...]
.text aahq32pa.SYS 8DF720CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...]
.text aahq32pa.SYS 8DF720DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]
.text aahq32pa.SYS 8DF720E7 714 Bytes [00, F0, 0E, 00, 00, 00, 00, ...]
.text ...
init C:\Windows\System32\Drivers\driverx.sys entry point in "init" section [0x90A5881E]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [828936D2] \SystemRoot\System32\Drivers\sphr.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [82893040] \SystemRoot\System32\Drivers\sphr.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [828937FC] \SystemRoot\System32\Drivers\sphr.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [828930BE] \SystemRoot\System32\Drivers\sphr.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8289313C] \SystemRoot\System32\Drivers\sphr.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [828A3048] \SystemRoot\System32\Drivers\sphr.sys
IAT \SystemRoot\System32\Drivers\aahq32pa.SYS[ataport.SYS!AtaPortNotification] CC000CC2
IAT \SystemRoot\System32\Drivers\aahq32pa.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55
IAT \SystemRoot\System32\Drivers\aahq32pa.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC
IAT \SystemRoot\System32\Drivers\aahq32pa.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33
IAT \SystemRoot\System32\Drivers\aahq32pa.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 8D5750FC
IAT \SystemRoot\System32\Drivers\aahq32pa.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845
IAT \SystemRoot\System32\Drivers\aahq32pa.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A
IAT \SystemRoot\System32\Drivers\aahq32pa.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D
IAT \SystemRoot\System32\Drivers\aahq32pa.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8
IAT \SystemRoot\System32\Drivers\aahq32pa.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA
IAT \SystemRoot\System32\Drivers\aahq32pa.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B
IAT \SystemRoot\System32\Drivers\aahq32pa.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B
IAT \SystemRoot\System32\Drivers\aahq32pa.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39
IAT \SystemRoot\System32\Drivers\aahq32pa.SYS[ataport.SYS!AtaPortMoveMemory] 00012284
IAT \SystemRoot\System32\Drivers\aahq32pa.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458D5600
IAT \SystemRoot\System32\Drivers\aahq32pa.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 106A50F4
IAT \SystemRoot\System32\Drivers\aahq32pa.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 38335668
IAT \SystemRoot\System32\Drivers\aahq32pa.SYS[ataport.SYS!AtaPortReadPortUshort] FC75FF36
IAT \SystemRoot\System32\Drivers\aahq32pa.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D1E85757
IAT \SystemRoot\System32\Drivers\aahq32pa.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7
IAT \SystemRoot\System32\Drivers\aahq32pa.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0
IAT \SystemRoot\System32\Drivers\aahq32pa.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6

 

[TKell]

gmer.log file - pt. 2:

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[4168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73FF7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7404A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73FFBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73FEF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73FF75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73FEE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74028395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73FFDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73FEFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73FEFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73FE71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7407CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7401C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73FED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73FE6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73FE687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73FF2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 856421F8
Device \Driver\netbt \Device\NetBT_Tcpip_{0A2E6BA9-3B42-4B4C-BBFB-E7D86FD7E9DB} 87D471F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 8563D1F8
Device \Driver\usbuhci \Device\USBPDO-0 872151F8
Device \Driver\usbuhci \Device\USBPDO-1 872151F8
Device \Driver\usbehci \Device\USBPDO-2 872141F8
Device \Driver\usbuhci \Device\USBPDO-3 872151F8
Device \Driver\usbuhci \Device\USBPDO-4 872151F8

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-5 872151F8
Device \Driver\usbuhci \Device\USBPDO-6 872151F8
Device \Driver\PCI_PNP2695 \Device\00000057 sphr.sys
Device \Driver\volmgr \Device\HarddiskVolume1 8563D1F8
Device \Driver\usbehci \Device\USBPDO-7 872141F8
Device \Driver\volmgr \Device\HarddiskVolume2 8563D1F8
Device \Driver\cdrom \Device\CdRom0 872121F8
Device \Driver\iaStor \Device\Ide\iaStor0 [82AD4EB0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [82AD4EB0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\cdrom \Device\CdRom1 872121F8
Device \Driver\volmgr \Device\HarddiskVolume3 8563D1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 87D471F8
Device \Driver\Smb \Device\NetbiosSmb 87CA51F8
Device \Driver\netbt \Device\NetBT_Tcpip_{4D29E8D7-CBE5-49B5-88C4-0C8924947BBC} 87D471F8
Device \Driver\iScsiPrt \Device\RaidPort0 870981F8

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 872151F8
Device \Driver\sptd \Device\1595728706 sphr.sys
Device \Driver\usbuhci \Device\USBFDO-1 872151F8
Device \Driver\usbehci \Device\USBFDO-2 872141F8
Device \Driver\usbuhci \Device\USBFDO-3 872151F8
Device \Driver\usbuhci \Device\USBFDO-4 872151F8
Device \Driver\usbuhci \Device\USBFDO-5 872151F8
Device \Driver\usbuhci \Device\USBFDO-6 872151F8
Device \Driver\usbehci \Device\USBFDO-7 872141F8
Device \Driver\aahq32pa \Device\Scsi\aahq32pa1 8708D1F8
Device \Driver\aahq32pa \Device\Scsi\aahq32pa1Port2Path0Target0Lun0 8708D1F8
Device \FileSystem\cdfs \Cdfs 851D9500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x62 0x24 0xFE 0x4F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x35 0xF6 0x81 0xED ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA7 0x66 0xC3 0x36 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x62 0x24 0xFE 0x4F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x35 0xF6 0x81 0xED ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA7 0x66 0xC3 0x36 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E58429B4-7B63-B67B-43E2-C3643DCE63DC}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E58429B4-7B63-B67B-43E2-C3643DCE63DC}@hagighlkcgdbmian 0x6A 0x61 0x63 0x64 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E58429B4-7B63-B67B-43E2-C3643DCE63DC}@gabfpgflhhahok 0x61 0x63 0x62 0x6B ...

---- EOF - GMER 1.0.15 ----

 

[TKell]

DDS.txt file:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Tim at 12:30:26.11 on Tue 09/28/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1593 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\opcenum.exe
c:\SSI\bin\OPCBridge.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Windows\system32\locator.exe
C:\Program Files\Common Files\Rockwell\RsvcHost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Users\Tim\Downloads\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.mst3kinfo.com/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL,avgrsstx.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-6 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-6 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-6 243024]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-12-17 20384]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 DriverX;DriverX;c:\windows\system32\drivers\Driverx.sys [2009-8-3 54112]
R2 FTActivationBoost;FactoryTalk Activation Helper;c:\program files\rockwell software\factorytalk activation\tools\FTActivationBoost.exe [2008-9-29 66848]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-18 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-24 24652]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-18 7168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 OPCBridgeService;OPCBridgeService;c:\windows\OpcBridgeSrv.exe [2009-7-31 36864]
S2 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-6-30 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-12-17 954368]
S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2010-2-5 23096]
S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [2008-7-5 39067]
S3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\system32\rsserial.sys [2008-7-5 155440]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-8-21 9216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-31 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]

=============== Created Last 30 ================

2010-09-27 17:43:05 1992580 ----a-w- c:\windows\system32\drivers\Cat.DB
2010-09-27 17:42:40 0 d---a-w- c:\programdata\TEMP
2010-09-27 17:38:34 0 d-----w- c:\programdata\PC Tools
2010-09-27 13:34:32 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-09-27 12:29:19 0 d-----w- c:\program files\iPod
2010-09-27 12:29:18 0 d-----w- c:\program files\iTunes
2010-09-27 12:26:53 0 d-----w- c:\program files\Bonjour
2010-09-22 13:40:15 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2010-09-22 13:40:15 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-09-22 13:40:15 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-09-22 13:40:15 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2010-09-22 13:40:15 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-09-22 13:40:14 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2010-09-22 13:40:14 797184 ----a-w- c:\windows\system32\FntCache.dll
2010-09-22 13:40:14 680960 ----a-w- c:\windows\system32\d2d1.dll
2010-09-22 13:40:14 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2010-09-22 13:40:14 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-09-22 13:40:14 1174528 ----a-w- c:\windows\system32\d3d10warp.dll
2010-09-22 13:40:14 1068032 ----a-w- c:\windows\system32\DWrite.dll
2010-09-22 12:19:48 0 d-----w- c:\program files\Feedback Tool
2010-09-20 16:57:35 0 d-----w- C:\_OTM
2010-09-20 13:46:13 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-20 13:46:12 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-20 13:46:12 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-20 13:46:11 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-20 13:42:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-20 13:42:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-20 13:42:38 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-15 19:23:10 0 d-----w- c:\program files\Trend Micro
2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-09-24 11:39:31 51200 ----a-w- c:\windows\inf\infpub.dat
2010-09-24 11:39:31 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-09-06 12:35:46 86016 ----a-w- c:\windows\inf\infstor.dat
2010-07-27 22:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 22:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-15 14:10:26 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-28 12:09:01 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-12-28 00:33:22 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2009-12-28 00:33:22 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2009-12-28 00:33:22 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-06-19 20:15:09 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-19 20:15:09 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-19 20:15:09 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-06-19 20:15:09 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-01-17 19:48:40 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2009-01-17 19:48:38 4 --sh--r- c:\windows\system32\drivers\taishop.sys

============= FINISH: 12:31:30.15 ===============

 

[TKell]

attach.txt file:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/17/2008 3:04:30 AM
System Uptime: 9/28/2010 8:33:33 AM (4 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | CPU | 2166/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 224 GiB total, 62.138 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel

==== System Restore Points ===================

RP609: 8/29/2010 12:00:01 AM - Scheduled Checkpoint

==== Installed Programs ======================

Leawo DVD Creator version 2.5.0.10
AAC Decoder
Active@ ISO Burner
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.5
Agree Free MP3 to M4A AAC Converter 5.0
AIM 7
AIM Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
Auto Gordian Knot 2.55
AutoUpdate
AVG Free 9.0
AviSynth 2.5
AVS DVD Copy version 3.1
AVS Ringtone Maker version 1.6
AVS Update Manager 1.0
AVS Video Converter 6
AVS Video Editor 4
AVS Video Recorder 2.4
AVS Video ReMaker 3.1.1.83
AVS YouTube Uploader version 2.1
AVS4YOU Software Navigator 1.3
Bonjour
Burn4Free CD and DVD
Canon MP210 series
CCleaner
CD/DVD Drive Acoustic Silencer
CDBurnerXP
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 2.0.16
Dell Driver Download Manager
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DNA
Download Updater (AOL LLC)
DVD Decrypter (Remove Only)
DVD MovieFactory for TOSHIBA
dvdSanta 4.00
ERUNT 1.1j
FactoryTalk Activation Client 3.02 (CPR 9 SR 2)
Feedback Tool
FinalBurner Free v2.19.0.183
Free M4a to MP3 Converter 6.1
Free Video Joiner 1.1
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2008 Standard Edition - ENU (KB971092)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
ISO Recorder
iTunes
Junk Mail filter update
K-Lite Codec Pack 4.0.0 (Full)
KB408682
Malwarebytes' Anti-Malware
Microsoft .NET Compact Framework 1.0 SP3 Developer
Microsoft .NET Compact Framework 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Document Explorer 2008
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Suite Activation Assistant
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft PrintForm Component 1.0
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Management Studio
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 Policies
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Compact 3.5 SP1 Query Tools English
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Framework Services v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ Run Time Lib Setup
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Standard Edition - ENU
Microsoft Visual Studio 2005 Standard Edition - ENU Service Pack 1 (KB926601)
Microsoft Visual Studio 2008 Standard Edition - ENU
Microsoft Visual Studio 2008 Standard Edition - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
Microsoft XML Parser
MKV Splitter
MP3 Splitter & Joiner Pro 3.48
MSDN Library for Visual Studio 2005
MSVCRT
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
OpenOffice.org 3.2
PowerISO
QuickTime
RealPlayer Basic
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Rockwell Automation USB CIP Driver Package
Rockwell Windows Firewall Configuration Utility 1.00.03
RSLinx Classic 2.54.00 CPR 9 SR 1
SD_Comms
SD_Database
SD_PPIR
SD_Recorder
SDSReporter
SDWorkstation
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Visual Studio 2005 Standard Edition - ENU (KB971023)
Security Update for Microsoft Visual Studio 2005 Standard Edition - ENU (KB971090)
Security Update for Microsoft Visual Studio 2005 Standard Edition - ENU (KB973673)
Security Update for Microsoft Visual Studio 2008 Standard Edition - ENU (KB972222)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Service Pack 1 for SQL Server 2008 (KB968369)
SID Video Cutter & Splitter 1.8.0.2
Skype web features
Skype™ 4.1
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
SuperAVConverter V9.5 Build 6500
Synaptics Pointing Device Driver
SyncToy 2.0 (x86)
System Requirements Lab
TOP Server
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Visual Studio 2005 Standard Edition - ENU (KB932232)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
VC Runtimes MSI
VC80CRTRedist - 8.0.50727.762
Video DVD Maker v3.27.0.69
Viewpoint Media Player
Visual C++ 2008 IA64 Runtime - (v9.0.30729)
Visual C++ 2008 IA64 Runtime - v9.0.30729.01
Visual C++ 2008 x64 Runtime - (v9.0.30729)
Visual C++ 2008 x64 Runtime - (v9.0.30729.4148)
Visual C++ 2008 x64 Runtime - v9.0.30729.01
Visual C++ 2008 x64 Runtime - v9.0.30729.4148
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 2008 x86 Runtime - v9.0.30729.4148
Visual MP3 Splitter & Joiner 6.1
VobSub v2.23 (Remove Only)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
WinRAR archiver
Xilisoft DVD Ripper Ultimate
XviD MPEG4 Video Codec (remove only)

==== Event Viewer Messages From Past Week ========

9/28/2010 8:35:34 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd VirtualBackplane
9/28/2010 8:33:55 AM, Error: volmgr [46] - Crash dump initialization failed!
9/27/2010 8:27:02 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/23/2010 3:38:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX DfsC jswpslwf Lbd NetBIOS netbt nsiproxy PSched RasAcd rdbss SCDEmu Smb spldr tdx VirtualBackplane Wanarpv6
9/23/2010 3:38:51 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/23/2010 3:38:51 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/23/2010 3:38:51 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
9/23/2010 3:38:51 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/23/2010 3:38:51 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/23/2010 3:38:51 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
9/23/2010 3:38:51 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/23/2010 3:38:51 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
9/23/2010 3:38:51 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/23/2010 3:38:51 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/23/2010 3:38:51 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/23/2010 3:38:51 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/23/2010 3:38:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/23/2010 3:38:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/23/2010 3:38:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/23/2010 3:37:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
9/23/2010 3:37:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/23/2010 3:37:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

==== End Of File ===========================

 

[Bobbye]

Welcome to TechSpot TKell and my grateful thanks for pasting in the logs! That cuts my search time way down when I need to identify a file and although we ask all to paste logs, few do!

Question: Are you having any problems with your network? Have you made any changes in the Startup Type for Services? IF changing Services, have you check their Dependencies? The Errors I see reported indicate these areas may be causing problems.

There are files I need to move, so I'd like you to run the following 2 programs:

Please download ComboFix from Here and save to your Desktop.

• 
  [1]. Do NOT rename Combofix unless instructed.
  [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3].Close any open browsers.
  [4]. Double click combofix.exe & follow the prompts to run.
• NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
  [5]. If Combofix asks you to install Recovery Console, please allow it.
  [6]. If Combofix asks you to update the program, always allow.
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..
==============================
Then run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the Active X control to install
4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
5. Click Start
6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
7. Click Scan
8. Wait for the scan to finish
9. Re-enable your Antivirus software.
10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

I will be setting up some script that you will run after the Combofix scan.

Important!
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

 

[TKell]

To answer your questions -
No, I'm not having any problems with my network or Internet, except for Google redirect.
To my knowledge, I haven't made any changes to startup types of any service.

I will run the 2 scans you have asked for and post the logs when finished.

 

[TKell]

Bobbye,

I seem to be having trouble running the ComboFix.exe file. It will start up and run, but then it will stop working. I let it run for 40 minutes or so yesterday and the "running" screen never changed. I've disabled the real-time virus protection that I have (AVG). Is there something else that I should do?

 

[Bobbye]

Try renaming the file to niceday.exe.

 

[TKell]

I ran the combofix this morning after renaming it to niceday.exe, but it seems to be hung up on the "preparing log report" section. It's been on this screen for about 40 minutes. How long should this take normally?
Also, when the scan was running, I received a lot of pop ups saying specific files were corrupt and it suggested running the chkdisk feature.
I don't know if these issues have to do with Vista or not. I have the 32-bit OS of Vista.

 

[Bobbye]

Go ahead and run Chkdsk. If you have not run it previously, you will find instructions and screenshots here: http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html

Let is complete- it may take a while if you don't use it regularly. The system will reboot when finished. After you set up the screens as shown, you will need to reboot to start. Just close the message and reboot- it will start automatically.

When it has finished, please try to run Combofi again.

 

[TKell]

I ran chkdisk. Then I ran ComboFix. Once it began preparing the report, I saw a "ipconfig.exe has encountered an error and needs to shutdown" type of message. I don't know if ComboFix uses this or not, but could that be the reason why the program gets stuck on the "generating log report" section?

 

[Bobbye]

Run this Command:
Start> Run> type cmd> enter> at the C prompt type ipconfig /flushdns (note space before the /)

Reboot and try Combofix again.
Please run the Eset online scan and let's see what it shows.

Remember I did ask about connection problem. There are many errors showing in the Attach.txt log indicating these problems.

Edit: Do you know what this is> OPCBridgeServic?