The ComboFix report.............. please let me know if there is another report or download, I think this was it so far?
ComboFix 12-11-28.02 - Donny 11/28/2012 20:36:25.1.1 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3318.2424 [GMT -5:00]
Running from: c:\users\Donny\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Donny\GoToAssistDownloadHelper.exe
c:\windows\system32\spool\prtprocs\w32x86\xpdpp.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-29 )))))))))))))))))))))))))))))))
.
.
2012-11-29 01:41 . 2012-11-29 01:41 -------- d-----w- c:\users\Donny\AppData\Local\temp
2012-11-29 01:41 . 2012-11-29 01:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-29 01:23 . 2012-11-29 01:23 -------- d-----w- c:\users\Donny\AppData\Local\Mozilla
2012-11-29 01:23 . 2012-11-29 01:23 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-11-28 23:46 . 2012-11-28 23:46 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-28 21:52 . 2012-11-28 21:52 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C57219CC-9522-4FC4-BAA1-2C04A4A9AAB3}\offreg.dll
2012-11-28 20:33 . 2012-10-30 23:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-28 20:33 . 2012-10-30 23:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-28 20:33 . 2012-10-30 23:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-28 20:33 . 2012-10-15 16:59 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-11-28 20:33 . 2012-10-30 23:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-28 20:33 . 2012-10-30 23:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-11-28 20:33 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-28 20:33 . 2012-10-30 23:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-28 20:33 . 2012-11-28 20:33 -------- d-----w- c:\programdata\AVAST Software
2012-11-28 20:33 . 2012-11-28 20:33 -------- d-----w- c:\program files\AVAST Software
2012-11-28 19:24 . 2012-11-28 19:25 -------- d-----w- C:\rei
2012-11-28 19:24 . 2012-11-28 19:24 -------- d-----w- c:\program files\Reimage
2012-11-28 18:57 . 2012-11-28 18:57 -------- d-----w- c:\program files\PC Tools
2012-11-28 18:54 . 2012-11-28 19:07 -------- d-----w- c:\program files\Common Files\PC Tools
2012-11-28 18:54 . 2012-11-01 20:35 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-11-28 18:54 . 2012-11-28 19:04 -------- d-----w- c:\programdata\PC Tools
2012-11-28 18:54 . 2012-11-28 18:54 -------- d-----w- c:\users\Donny\AppData\Roaming\TestApp
2012-11-28 14:00 . 2012-11-28 14:00 -------- d-----w- c:\program files\Enigma Software Group
2012-11-28 14:00 . 2012-11-28 19:03 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-11-28 14:00 . 2012-11-28 14:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-11-27 12:33 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C57219CC-9522-4FC4-BAA1-2C04A4A9AAB3}\mpengine.dll
2012-11-26 12:24 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-25 03:06 . 2012-11-28 12:53 -------- d-----w- c:\users\Donny\AppData\Roaming\System
2012-11-15 08:01 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 08:01 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 08:01 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 08:01 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 08:01 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 08:01 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 08:01 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 08:01 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 08:01 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 08:01 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 11:51 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 11:51 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-14 11:51 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-14 11:51 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-14 11:51 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-14 11:51 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-14 11:51 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-14 11:51 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-14 11:51 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-14 11:51 . 2012-10-18 17:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 11:51 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-14 11:51 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 00:55 . 2012-08-14 19:57 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 00:55 . 2012-08-14 19:57 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-02 10:28 . 2012-10-20 02:50 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8FE073F0-9027-4CB7-961C-EEAD9F29C868}\gapaengine.dll
2012-10-02 10:28 . 2012-10-02 10:28 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-30 00:54 . 2012-08-14 19:55 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 18:28 . 2012-10-10 10:55 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-02 20:52 . 2012-09-02 20:52 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-02 20:52 . 2012-09-02 20:52 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-02 20:52 . 2012-09-02 20:52 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-31 17:18 . 2012-10-10 10:55 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-31 02:03 . 2012-08-31 02:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 02:03 . 2012-03-21 00:44 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-11-20 06:17 . 2012-11-29 01:23 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RestoreDesktop"="c:\program files\Restore Desktop\RestoreDesktop.exe" [2003-03-11 45056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-05-12 495711]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 292208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2010-07-08 815704]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-11 1634112]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2012-8-14 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Donny^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
path=c:\users\Donny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
backup=c:\windows\pss\PdaNet Desktop.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 16:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-28 01:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 03:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RestoreDesktop]
2003-03-11 08:52 45056 ----a-w- c:\program files\Restore Desktop\RestoreDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 13:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Donny\Desktop\Run\a2ddax86.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\aestsrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 00:55]
.
2012-11-28 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-28 23:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://forums.nasioc.com/forums/forumdisplay.php?f=24/
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Donny\AppData\Roaming\Mozilla\Firefox\Profiles\9g0rmyez.default\
FF - prefs.js: browser.startup.homepage - hxxp://forums.nasioc.com/forums/forumdisplay.php?f=24/
FF - ExtSQL: 2012-11-28 17:26;
wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-67628195.sys
SafeBoot-Wdf01000.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-28 20:43:09
ComboFix-quarantined-files.txt 2012-11-29 01:43
.
Pre-Run: 239,437,787,136 bytes free
Post-Run: 239,536,013,312 bytes free
.
- - End Of File - - 0F1BBC9334C14F894F5B29391CA552D2