Inactive Winrscmde and svchost.exe issues

[RLong31]

Having virus issues causing windows to pop up saying program has closedRan several anti-virus/anti-malware programs in regular and safe mode and nothing worked, so that's why I'm here.

Read through and followed the 4 step preliminary stuff.

Malwarebytes log

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.06.03

Windows Vista Service Pack 2 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.19393
toni12 :: TONI12-PC [administrator]

Protection: Disabled

2/5/2013 10:34:58 PM
mbam-log-2013-02-05 (22-34-58).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 459156
Time elapsed: 1 hour(s), 20 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\0101120101464857.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\prxid93ps.dat (Malware.Trace) -> Quarantined and deleted successfully.

(end)
DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.6001.19393
Run by toni12 at 18:50:45 on 2013-02-06
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4058.1158 [GMT 9:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wermgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
\\.\globalroot\systemroot\svchost.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.msn.com
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{F3EA6DC2-787A-450A-9B7D-07DBEC5A3BEA} : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableLUA = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SMR311;Symantec SMR Utility Service 3.1.1;C:\Windows\System32\drivers\SMR311.SYS [2013-2-8 95392]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1309010.00E\symds64.sys [2013-2-6 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1309010.00E\symefa64.sys [2013-2-6 1129120]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\System32\drivers\thpdrv.sys [2009-3-26 35392]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2007-9-5 14872]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2009-7-24 504912]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [2013-1-16 1388120]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\drivers\NAVx64\1309010.00E\ccsetx64.sys [2013-2-6 167072]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\IPSDefs\20130206.001\IDSviA64.sys [2013-2-6 513184]
R1 PMCF;PMCF;C:\Windows\System32\drivers\PMCF.sys [2009-5-12 16392]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\System32\drivers\RtlProt.sys [2009-7-24 31016]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1309010.00E\ironx64.sys [2013-2-6 190072]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\NAVx64\1309010.00E\symtdiv.sys [2013-2-6 445560]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-2-7 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-2-7 44808]
R2 camsvc;TOSHIBA Web Camera Service;C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-7-24 20544]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-6 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-6 682344]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccsvchst.exe [2013-2-6 138272]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2009-7-24 57344]
R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2009-7-24 55296]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-26 138912]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-6 24176]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2009-7-24 32832]
R3 rtl819xpn64;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;C:\Windows\System32\drivers\rtl819xp.sys [2010-1-30 580128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S2 gupdate1ca4498f1f41f10;Google Update Service (gupdate1ca4498f1f41f10);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-10-4 133104]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-14 160944]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-15 183560]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-2 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-9 1492840]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-19 1020768]
S4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-15 759048]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
S4 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-3-7 36864]
S4 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-11 46448]
S4 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-10 555392]
S4 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-2-20 55808]
S4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-4-25 242176]
S4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-3-18 84480]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-02-07 19:40:5874248----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-07 19:40:58697864----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-07 18:19:4595392----a-w-C:\Windows\System32\drivers\SMR311.SYS
2013-02-06 02:44:5867599240----a-w-C:\Windows\System32\mrt.exe
2013-01-17 09:28:58273840------w-C:\Windows\System32\MpSigStub.exe
2013-01-04 01:01:269330176----a-w-C:\Windows\System32\mshtml.dll
2013-01-04 00:54:366009856----a-w-C:\Windows\SysWow64\mshtml.dll
2013-01-03 18:53:531638912----a-w-C:\Windows\System32\mshtml.tlb
2013-01-03 18:34:261638912----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-12-16 13:31:2048128----a-w-C:\Windows\System32\atmlib.dll
2012-12-16 13:12:5434304----a-w-C:\Windows\SysWow64\atmlib.dll
2012-12-16 11:08:21368128----a-w-C:\Windows\System32\atmfd.dll
2012-12-16 10:50:29293376----a-w-C:\Windows\SysWow64\atmfd.dll
2012-12-15 00:49:2824176----a-w-C:\Windows\System32\drivers\mbam.sys
2012-11-23 01:54:352770432----a-w-C:\Windows\System32\win32k.sys
2012-11-22 04:22:38456192----a-w-C:\Windows\System32\shlwapi.dll
2012-11-22 03:54:36353280----a-w-C:\Windows\SysWow64\shlwapi.dll
2012-11-20 04:22:50204288----a-w-C:\Windows\SysWow64\ncrypt.dll
2012-11-20 04:21:04253952----a-w-C:\Windows\System32\ncrypt.dll
2012-11-13 01:45:482048----a-w-C:\Windows\System32\tzres.dll
2012-11-13 01:29:512048----a-w-C:\Windows\SysWow64\tzres.dll
2012-11-09 12:35:231147392----a-w-C:\Windows\System32\wininet.dll
2012-11-09 12:35:051488384----a-w-C:\Windows\System32\urlmon.dll
2012-11-09 12:35:05108032----a-w-C:\Windows\System32\url.dll
2012-11-09 12:33:23243712----a-w-C:\Windows\System32\occache.dll
2012-11-09 12:31:321062912----a-w-C:\Windows\System32\mstime.dll
2012-11-09 12:31:0198304----a-w-C:\Windows\System32\mshtmled.dll
2012-11-09 12:30:52743424----a-w-C:\Windows\System32\msfeeds.dll
2012-11-09 12:30:5271680----a-w-C:\Windows\System32\msfeedsbs.dll
2012-11-09 12:30:0956832----a-w-C:\Windows\System32\licmgr10.dll
2012-11-09 12:29:5031744----a-w-C:\Windows\System32\jsproxy.dll
2012-11-09 12:29:401538560----a-w-C:\Windows\System32\inetcpl.cpl
2012-11-09 12:29:23219136----a-w-C:\Windows\System32\ieui.dll
2012-11-09 12:29:23132096----a-w-C:\Windows\System32\iesysprep.dll
2012-11-09 12:29:2277312----a-w-C:\Windows\System32\iesetup.dll
2012-11-09 12:29:222350592----a-w-C:\Windows\System32\iertutil.dll
2012-11-09 12:29:2172192----a-w-C:\Windows\System32\iernonce.dll
2012-11-09 12:29:21252416----a-w-C:\Windows\System32\iepeers.dll
2012-11-09 12:29:2112509696----a-w-C:\Windows\System32\ieframe.dll
2012-11-09 12:29:15459776----a-w-C:\Windows\System32\iedkcs32.dll
2012-11-09 10:55:37479232----a-w-C:\Windows\System32\html.iec
2012-11-09 10:42:46916992----a-w-C:\Windows\SysWow64\wininet.dll
2012-11-09 10:42:271212416----a-w-C:\Windows\SysWow64\urlmon.dll
2012-11-09 10:42:26105984----a-w-C:\Windows\SysWow64\url.dll
2012-11-09 10:40:28206848----a-w-C:\Windows\SysWow64\occache.dll
2012-11-09 10:38:29611840----a-w-C:\Windows\SysWow64\mstime.dll
2012-11-09 10:37:5767072----a-w-C:\Windows\SysWow64\mshtmled.dll
2012-11-09 10:37:52630272----a-w-C:\Windows\SysWow64\msfeeds.dll
2012-11-09 10:37:5255296----a-w-C:\Windows\SysWow64\msfeedsbs.dll
2012-11-09 10:37:1443520----a-w-C:\Windows\SysWow64\licmgr10.dll
2012-11-09 10:36:5425600----a-w-C:\Windows\SysWow64\jsproxy.dll
2012-11-09 10:36:431469440----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-11-09 10:36:2871680----a-w-C:\Windows\SysWow64\iesetup.dll
2012-11-09 10:36:282000384----a-w-C:\Windows\SysWow64\iertutil.dll
2012-11-09 10:36:28164352----a-w-C:\Windows\SysWow64\ieui.dll
2012-11-09 10:36:28109056----a-w-C:\Windows\SysWow64\iesysprep.dll
2012-11-09 10:36:2755808----a-w-C:\Windows\SysWow64\iernonce.dll
2012-11-09 10:36:27184320----a-w-C:\Windows\SysWow64\iepeers.dll
2012-11-09 10:36:2711111424----a-w-C:\Windows\SysWow64\ieframe.dll
2012-11-09 10:36:22387584----a-w-C:\Windows\SysWow64\iedkcs32.dll
2012-11-09 09:09:03162816----a-w-C:\Windows\System32\ieUnatt.exe
2012-11-09 09:08:5170656----a-w-C:\Windows\System32\ie4uinit.exe
2012-11-09 09:08:1312288----a-w-C:\Windows\System32\msfeedssync.exe
2012-11-09 09:01:43385024----a-w-C:\Windows\SysWow64\html.iec
2012-11-09 07:13:56133632----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-11-09 07:13:43174080----a-w-C:\Windows\SysWow64\ie4uinit.exe
2012-11-09 07:12:0613312----a-w-C:\Windows\SysWow64\msfeedssync.exe
.
============= FINISH: 18:55:04.15 ===============
attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/24/2009 12:49:21 PM
System Uptime: 2/6/2013 1:36:21 PM (5 hours ago)
.
Motherboard: TOSHIBA | | To be filled by O.E.M.
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | CPU 1 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 202.471 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 9.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
ALPS Touch Pad Driver
avast! Free Antivirus
Bing Bar
Bing Rewards Client Installer
CyberLink PowerCinema for TOSHIBA
D3DX10
Direct DiscRecorder
Dolby Control Center
Dropbox
DVD MovieFactory for TOSHIBA
Epson Connect
Epson CreativeZone
Epson Customer Participation
Epson Download Navigator
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 840 Series Printer Uninstall
EPSON WorkForce 845 Series Printer Uninstall
EpsonNet Print
EpsonNet Setup 3.3
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.1.0.366
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java(TM) 6 Update 11
Junk Mail filter update
LightScribe 1.4.124.1
LTCM Client
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton AntiVirus
Octoshape add-in for Adobe Flash Player
Picasa 2
PlayReady PC runtime
QuickBooks Financial Center
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek WiFi Protected Setup Library
Realtek WLAN Driver
RICOH R5U230 Media Driver ver.2.02.02.01
Rosetta Stone Version 3
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Segoe UI
Skype Launcher
Skype Toolbars
Skype™ 5.10
Spelling Dictionaries Support For Adobe Reader 9
TOSHIBA Agreement Notification Utility
Toshiba Application Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
TOSHIBA Internal Modem Region Select Utility
Toshiba Quality Application
TOSHIBA Recovery Disc Creator
Toshiba Registration
Toshiba Resources Page
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================

 

[Jay Pfoutz]

Hi there!

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


RogueKiller Scan

• Download RogueKiller from the following link and save it on your desktop:
  TechSpot
  Official Site (alternative
• Quit all programs
• Start RogueKiller.exe.
• Wait until Prescan has finished ...
• Click on Scan

• Wait for the end of the scan.
• The report has been created on the desktop.
• Click on the Delete button.

• The report has been created on the desktop.

• Next click on the ShortcutsFix
  
  
  
• The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.

 

[RLong31]

TDSS Killer Logs... there were 2. Working on Rogue Killer now.

 

[RLong31]

Rogue Killer Logs (3 of them):

1st Log

RogueKiller V8.4.4 [Feb 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : toni12 [Admin rights]
Mode : Scan -- Date : 02/07/2013 08:39:44
| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MJA2320BH G2 +++++
--- User ---
[MBR] 733d262d26af980391eb6ed4e338425e
[BSP] c881619778d6806114b6df1da53d60de : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 293219 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 603586560 | Size: 10525 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02072013_02d0839.txt >>
RKreport[1]_S_02072013_02d0839.txt


2nd Log:

RogueKiller V8.4.4 [Feb 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : toni12 [Admin rights]
Mode : Remove -- Date : 02/07/2013 08:42:34
| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MJA2320BH G2 +++++
--- User ---
[MBR] 733d262d26af980391eb6ed4e338425e
[BSP] c881619778d6806114b6df1da53d60de : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 293219 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 603586560 | Size: 10525 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_02072013_02d0842.txt >>
RKreport[1]_S_02072013_02d0839.txt ; RKreport[2]_D_02072013_02d0842.txt


3rd Log:


RogueKiller V8.4.4 [Feb 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : toni12 [Admin rights]
Mode : Shortcuts HJfix -- Date : 02/07/2013 08:48:33
| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 9 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 207 / Fail 0
My documents: Success 1 / Fail 1
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 83 / Fail 56
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[3]_SC_02072013_02d0848.txt >>
RKreport[1]_S_02072013_02d0839.txt ; RKreport[2]_D_02072013_02d0842.txt ; RKreport[3]_SC_02072013_02d0848.txt

 

[Jay Pfoutz]

Now, please run TDSSKiller again, and delete the TDSS File System.

After that, this:

Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.

• Be sure to print out and follow the instructions provided on that same page for performing a scan.
• Caution: This is a beta version so also read the disclaimer and back up all your data before using.
• When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
• Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
• Copy and paste the contents of these two log files in your next reply.

Adware Cleaning

Please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

• Warning! Once the scan is complete JRT will shut down your browser with NO warning.

• Shut down your protection software now to avoid potential conflicts.
• Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
• Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Copy and Paste the JRT.txt log into your next message.

 

[RLong31]

TDSS Log.... doing malwarebytes anti-rootkit next.

 

[RLong31]

Malwarebytes Anti-rootkit log:

Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org

Database version: v2013.02.08.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19393
toni12 :: TONI12-PC [administrator]

2/7/2013 8:52:53 PM
mbar-log-2013-02-07 (20-52-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30249
Time elapsed: 21 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)


System Log:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1017

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x64

Account is Administrative

Internet Explorer version: 8.0.6001.19393

Java version: 1.6.0_11

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 4255367168, free: 2597261312

------------ Kernel report ------------
02/07/2013 20:30:35
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\SMR311.SYS
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\NAVx64\1309010.00E\SYMDS64.SYS
\SystemRoot\system32\drivers\NAVx64\1309010.00E\SYMEFA64.SYS
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\system32\DRIVERS\Thpevm.SYS
\SystemRoot\system32\DRIVERS\thpdrv.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimspe64.sys
\SystemRoot\system32\DRIVERS\rixdpe64.sys
\SystemRoot\system32\DRIVERS\rtl819xp.sys
\SystemRoot\system32\DRIVERS\Rtlh64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\agrsm64.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\NAVx64\1309010.00E\ccSetx64.sys
\SystemRoot\system32\drivers\NAVx64\1309010.00E\Ironx64.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\Drivers\NAVx64\1309010.00E\SYMTDIV.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\rtlprot.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\NAVx64\1309010.00E\SRTSPX64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\Windows\system32\drivers\PMCF.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\IPSDefs\20130207.002\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\BASHDefs\20130116.013\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\Drivers\NAVx64\1309010.00E\SRTSP64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\VirusDefs\20130207.018\EX64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\VirusDefs\20130207.018\ENG64.SYS
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80069f6060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800540c050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.02.08.04
Downloaded database version: v2013.01.23.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80069f6060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80069f5700, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80069f6060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8006842250, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\
DevicePointer: 0xfffffa800540c050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xfffff88017394a20, 0xfffffa80069f6060, 0xfffffa800451f590
Lower DeviceData: 0xfffff880151479b0, 0xfffffa800540c050, 0xfffffa8008f2ce40
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 14054DEA

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 3074048 Numsec = 600512512
Partition file system is NTFS
Partition is bootable

Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 603586560 Numsec = 21555200
Partition is not bootable
Hidden partition VBR is not infected.

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Performing system, memory and registry scan...
Infected: c:\Windows\svchost.exe --> [Trojan.Agent]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1017

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x64

Account is Administrative

Internet Explorer version: 8.0.6001.19393

Java version: 1.6.0_11

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 4255367168, free: 2749169664

Removal queue found; removal started
Removing c:\Windows\svchost.exe...
Removal finished
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1017

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x64

Account is Administrative

Internet Explorer version: 8.0.6001.19393

Java version: 1.6.0_11

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 4255367168, free: 2891612160

------------ Kernel report ------------
02/07/2013 20:58:07
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\SMR311.SYS
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\NAVx64\1309010.00E\SYMDS64.SYS
\SystemRoot\system32\drivers\NAVx64\1309010.00E\SYMEFA64.SYS
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\system32\DRIVERS\Thpevm.SYS
\SystemRoot\system32\DRIVERS\thpdrv.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimspe64.sys
\SystemRoot\system32\DRIVERS\rixdpe64.sys
\SystemRoot\system32\DRIVERS\rtl819xp.sys
\SystemRoot\system32\DRIVERS\Rtlh64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\agrsm64.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\NAVx64\1309010.00E\ccSetx64.sys
\SystemRoot\system32\drivers\NAVx64\1309010.00E\Ironx64.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\Drivers\NAVx64\1309010.00E\SYMTDIV.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\rtlprot.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\NAVx64\1309010.00E\SRTSPX64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\Windows\system32\drivers\PMCF.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\IPSDefs\20130207.002\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\BASHDefs\20130116.013\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006bd5060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800540c050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006bd5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006bd4700, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006bd5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8006a212c0, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\
DevicePointer: 0xfffffa800540c050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xfffff8800e5851f0, 0xfffffa8006bd5060, 0xfffffa800490a790
Lower DeviceData: 0xfffff8800d3572a0, 0xfffffa800540c050, 0xfffffa800490fd10
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 14054DEA

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 3074048 Numsec = 600512512
Partition file system is NTFS
Partition is bootable

Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 603586560 Numsec = 21555200
Partition is not bootable
Hidden partition VBR is not infected.

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1017

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x64

Account is Administrative

Internet Explorer version: 8.0.6001.19393

Java version: 1.6.0_11

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 4255367168, free: 2620379136

=======================================

 

[RLong31]

# AdwCleaner v2.111 - Logfile created 02/07/2013 at 21:40:17
# Updated 05/02/2013 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : toni12 - TONI12-PC
# Boot Mode : Normal
# Running from : C:\Users\toni12\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19393

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\toni12\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [928 octets] - [07/02/2013 21:40:17]

########## EOF - C:\AdwCleaner[R1].txt - [987 octets] ##########

 

[RLong31]

JRT Log:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Windows (TM) Vista Home Premium x64
Ran by toni12 on Thu 02/07/2013 at 21:51:51.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/07/2013 at 22:08:00.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Jay Pfoutz]

Rootkit removal didn't work...let's do this:

Farbar Recovery Scan Tool x64

Download Farbar Recovery Scan Tool and save it to a flash drive.


Please make sure to get the 64-bit version

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

• • Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst64.exe and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to the disclaimer.
• Place a check next to List Drivers MD5 as well as the default check marks that are already there
• Press Scan button. It will do its scan and save a log on your flash drive.
• Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
  
  
  
  When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
• Type exit in the Command Prompt window and reboot the computer normally
• FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.

 

[RLong31]

FRST Log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-02-2013
Ran by SYSTEM at 08-02-2013 08:36:09
Running from F:\
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [] [x]
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8081952 2009-08-24] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-08-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [308736 2009-04-02] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [856064 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [495616 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\toni12\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [152064 2008-07-02] (Microsoft Corporation)
HKU\toni12\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2013-02-05] (Google Inc.)
HKU\toni12\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) ===================

4 ABBYY.Licensing.FineReader.Sprint.9.0; "C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe" -service [759048 2009-05-14] (ABBYY)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-30] (AVAST Software)
2 camsvc; C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
2 gupdate1ca4498f1f41f10; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [133104 2009-10-03] (Google Inc.)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
2 NAV; "C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe" /s "NAV" /m "C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
4 TNaviSrv; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2009-03-30] (TOSHIBA Corporation)

==================== Drivers (Whitelisted) =====================

2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [1388120 2013-01-15] (Symantec Corporation)
1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1309010.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-23] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-26] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\IPSDefs\20130207.002\IDSvia64.sys [513184 2013-02-05] (Symantec Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\VirusDefs\20130208.003\ENG64.SYS [126192 2013-02-05] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\VirusDefs\20130208.003\EX64.SYS [2087664 2013-02-05] (Symantec Corporation)
1 PMCF; C:\Windows\System32\Drivers\PMCF.sys [16392 2009-03-19] ()
3 rtl819xpn64; C:\Windows\System32\DRIVERS\rtl819xp.sys [580128 2010-01-30] (Realtek Semiconductor Corporation )
0 SMR311; C:\Windows\System32\Drivers\SMR311.sys [95392 2013-02-07] (Symantec Corporation)
3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1309010.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NAVx64\1309010.00E\SYMDS64.SYS [451192 2012-01-17] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NAVx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-04-15] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NAVx64\1309010.00E\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\NAVx64\1309010.00E\SYMTDIV.SYS [445560 2012-04-17] (Symantec Corporation)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-02-08 08:35 - 2013-02-08 08:35 - 00000000 ____D C:\FRST
2013-02-07 15:28 - 2013-02-07 15:28 - 01464149 ____A (Farbar) C:\Users\toni12\Downloads\FRST64.exe
2013-02-07 10:19 - 2013-02-07 11:37 - 00000000 ____D C:\Users\toni12\AppData\Local\NPE
2013-02-07 10:19 - 2013-02-07 10:19 - 00095392 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR311.SYS
2013-02-07 05:08 - 2013-02-07 05:08 - 00001275 ____A C:\Users\toni12\Desktop\JRT.txt
2013-02-07 04:51 - 2013-02-07 04:51 - 00000000 ____D C:\Windows\ERUNT
2013-02-07 04:51 - 2013-02-07 04:51 - 00000000 ____D C:\JRT
2013-02-07 04:50 - 2013-02-07 04:50 - 00547275 ____A (Oleg N. Scherbakov) C:\Users\toni12\Desktop\JRT.exe
2013-02-07 04:40 - 2013-02-07 04:41 - 00001120 ____A C:\AdwCleaner[S1].txt
2013-02-07 04:40 - 2013-02-07 04:40 - 00001053 ____A C:\AdwCleaner[R1].txt
2013-02-07 04:38 - 2013-02-07 04:39 - 00582209 ____A C:\Users\toni12\Desktop\adwcleaner.exe
2013-02-07 04:07 - 2013-02-07 04:07 - 00000000 ____D C:\Program Files (x86)\Dropbox
2013-02-07 03:26 - 2013-02-07 03:27 - 00000000 ____D C:\Users\toni12\Downloads\mbar-1.01.0.1017
2013-02-07 03:20 - 2013-02-07 03:20 - 13562257 ____A C:\Users\toni12\Downloads\mbar-1.01.0.1017.zip
2013-02-07 03:20 - 2013-02-07 03:20 - 00000000 ____D C:\Users\toni12\AppData\Local\MigWiz
2013-02-06 15:48 - 2013-02-06 15:48 - 00001215 ____A C:\Users\toni12\Desktop\RKreport[3]_SC_02072013_02d0848.txt
2013-02-06 15:42 - 2013-02-06 15:42 - 00001600 ____A C:\Users\toni12\Desktop\RKreport[2]_D_02072013_02d0842.txt
2013-02-06 15:39 - 2013-02-06 15:39 - 00001601 ____A C:\Users\toni12\Desktop\RKreport[1]_S_02072013_02d0839.txt
2013-02-06 15:35 - 2013-02-06 15:42 - 00000000 ____D C:\Users\toni12\Desktop\RK_Quarantine
2013-02-06 15:26 - 2013-02-06 15:26 - 00778240 ____A C:\Users\toni12\Desktop\RogueKiller.exe
2013-02-06 14:55 - 2013-02-07 03:11 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-02-06 14:51 - 2013-02-06 14:51 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\toni12\Downloads\tdsskiller (2).exe
2013-02-06 14:51 - 2013-02-06 14:51 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\toni12\Downloads\tdsskiller (1).exe
2013-02-06 14:50 - 2013-02-06 14:51 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\toni12\Downloads\tdsskiller.exe
2013-02-06 14:46 - 2013-02-06 14:46 - 00011624 ____A C:\Users\toni12\AppData\Local\dd_vcredistUI27AA.txt
2013-02-06 14:46 - 2013-02-06 14:46 - 00001800 ____A C:\Users\toni12\AppData\Local\dd_vcredistMSI27AA.txt
2013-02-06 14:46 - 2013-02-06 14:46 - 00001797 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-02-06 14:46 - 2013-02-06 14:46 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
2013-02-06 14:46 - 2012-10-30 15:51 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-02-06 14:46 - 2012-10-30 15:51 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-02-06 14:46 - 2012-10-30 15:50 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2013-02-06 10:22 - 2013-02-06 10:22 - 16369160 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-02-06 01:59 - 2013-02-06 01:59 - 00008673 ____A C:\Users\toni12\Desktop\attach.txt
2013-02-06 01:59 - 2013-02-06 01:55 - 00020535 ____A C:\Users\toni12\Desktop\dds.txt
2013-02-06 01:46 - 2013-02-06 01:46 - 00688992 ____R (Swearware) C:\Users\toni12\Downloads\dds.com
2013-02-06 01:46 - 2013-02-06 01:46 - 00688992 ____A (Swearware) C:\Users\toni12\Downloads\dds (1).com
2013-02-05 22:43 - 2013-02-05 22:43 - 00054148 ____A C:\Users\toni12\AppData\Local\dd_vcredistUI4693.txt
2013-02-05 22:43 - 2013-02-05 22:43 - 00001792 ____A C:\Users\toni12\AppData\Local\dd_vcredistMSI4693.txt
2013-02-05 22:38 - 2013-02-06 14:46 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-02-05 22:38 - 2012-10-30 15:50 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-02-05 22:37 - 2013-02-06 14:45 - 00000000 ____D C:\Users\All Users\AVAST Software
2013-02-05 22:37 - 2013-02-06 14:45 - 00000000 ____D C:\Program Files\AVAST Software
2013-02-05 22:37 - 2013-02-05 22:37 - 00053624 ____A C:\Users\toni12\AppData\Local\dd_vcredistUI4230.txt
2013-02-05 22:37 - 2013-02-05 22:37 - 00001824 ____A C:\Users\toni12\AppData\Local\dd_vcredistMSI4230.txt
2013-02-05 22:33 - 2013-02-05 22:33 - 00000920 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-02-05 22:33 - 2013-02-05 22:33 - 00000000 ____D C:\Users\toni12\AppData\Roaming\Malwarebytes
2013-02-05 22:33 - 2013-02-05 22:33 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-02-05 22:33 - 2013-02-05 22:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-02-05 22:33 - 2012-12-14 16:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-02-05 22:31 - 2013-02-05 22:36 - 97565024 ____A C:\Users\toni12\Downloads\avast_free_antivirus_setup.exe
2013-02-05 22:17 - 2013-02-05 22:17 - 00000732 ____A C:\Users\toni12\AppData\Local\d3d9caps64.dat
2013-02-05 21:49 - 2013-02-05 21:51 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\toni12\Downloads\mbam-setup-1.70.0.1100 (1).exe
2013-02-05 21:48 - 2013-02-05 21:49 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\toni12\Downloads\mbam-setup-1.70.0.1100.exe
2013-02-05 21:02 - 2013-02-05 21:02 - 00000000 ____A C:\Windows\setuperr.log
2013-02-05 21:02 - 2013-02-05 19:13 - 00000795 ____A C:\Windows\setupact.log
2013-02-05 20:22 - 2013-02-05 20:27 - 32652922 ____A C:\Users\toni12\Downloads\Windows_Password_Recovery_Tool_Trial.exe
2013-02-05 19:44 - 2013-02-05 19:47 - 28568733 ____A (Password Unlocker Studio. ) C:\Users\toni12\Downloads\windows_password_unlocker_professional_trial.exe
2013-02-05 19:43 - 2013-02-05 19:43 - 00000000 ____A C:\Windows\ToDisc.INI
2013-02-05 19:06 - 2013-02-05 19:09 - 29575203 ____A (Anmosoft, Inc. ) C:\Users\toni12\Downloads\WindowsPasswordResetProfessionalDemoSetup (1).exe
2013-02-05 18:42 - 2013-01-03 17:01 - 09330176 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-02-05 18:42 - 2013-01-03 16:54 - 06009856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-02-05 18:42 - 2013-01-03 10:53 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-02-05 18:42 - 2013-01-03 10:34 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-02-05 18:42 - 2012-11-22 17:54 - 02770432 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-02-05 18:42 - 2012-11-21 20:22 - 00456192 ____A (Microsoft Corporation) C:\Windows\System32\shlwapi.dll
2013-02-05 18:42 - 2012-11-21 19:54 - 00353280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll
2013-02-05 18:42 - 2012-11-19 20:22 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-02-05 18:42 - 2012-11-19 20:21 - 00253952 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-02-05 18:42 - 2012-11-02 02:47 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-02-05 18:42 - 2012-11-02 02:47 - 01794560 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-02-05 18:42 - 2012-11-02 02:19 - 01400832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-02-05 18:42 - 2012-11-02 02:19 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

==================== One Month Modified Files and Folders =======

2013-02-08 08:35 - 2013-02-08 08:35 - 00000000 ____D C:\FRST
2013-02-07 15:31 - 2009-07-23 19:46 - 01195441 ____A C:\Windows\WindowsUpdate.log
2013-02-07 15:31 - 2006-11-02 07:42 - 00032572 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-02-07 15:31 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-07 15:31 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-07 15:31 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-07 15:29 - 2009-08-12 22:12 - 00000436 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{44EFB955-2117-4EA5-AD44-C998487608FB}.job
2013-02-07 15:28 - 2013-02-07 15:28 - 01464149 ____A (Farbar) C:\Users\toni12\Downloads\FRST64.exe
2013-02-07 15:27 - 2006-11-02 04:46 - 00703516 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-07 15:09 - 2009-10-03 18:28 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-07 14:51 - 2012-04-15 13:16 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-07 11:37 - 2013-02-07 10:19 - 00000000 ____D C:\Users\toni12\AppData\Local\NPE
2013-02-07 10:19 - 2013-02-07 10:19 - 00095392 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR311.SYS
2013-02-07 10:19 - 2010-01-20 03:02 - 00498198 ____A C:\Windows\ntbtlog.txt.bak
2013-02-07 10:19 - 2009-12-16 02:28 - 00000000 ____D C:\Users\All Users\Norton
2013-02-07 10:16 - 2009-10-03 18:28 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-07 05:42 - 2006-11-02 07:07 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-02-07 05:08 - 2013-02-07 05:08 - 00001275 ____A C:\Users\toni12\Desktop\JRT.txt
2013-02-07 04:51 - 2013-02-07 04:51 - 00000000 ____D C:\Windows\ERUNT
2013-02-07 04:51 - 2013-02-07 04:51 - 00000000 ____D C:\JRT
2013-02-07 04:50 - 2013-02-07 04:50 - 00547275 ____A (Oleg N. Scherbakov) C:\Users\toni12\Desktop\JRT.exe
2013-02-07 04:48 - 2011-05-17 01:36 - 00000000 ____D C:\Users\toni12\AppData\Roaming\Dropbox
2013-02-07 04:44 - 2011-05-17 01:42 - 00000000 ___RD C:\Users\toni12\Dropbox
2013-02-07 04:41 - 2013-02-07 04:40 - 00001120 ____A C:\AdwCleaner[S1].txt
2013-02-07 04:40 - 2013-02-07 04:40 - 00001053 ____A C:\AdwCleaner[R1].txt
2013-02-07 04:39 - 2013-02-07 04:38 - 00582209 ____A C:\Users\toni12\Desktop\adwcleaner.exe
2013-02-07 04:07 - 2013-02-07 04:07 - 00000000 ____D C:\Program Files (x86)\Dropbox
2013-02-07 04:07 - 2011-05-17 01:42 - 00000934 ____A C:\Users\toni12\Desktop\Dropbox.lnk
2013-02-07 03:55 - 2008-01-20 19:26 - 00109832 ____A C:\Windows\PFRO.log
2013-02-07 03:27 - 2013-02-07 03:26 - 00000000 ____D C:\Users\toni12\Downloads\mbar-1.01.0.1017
2013-02-07 03:20 - 2013-02-07 03:20 - 13562257 ____A C:\Users\toni12\Downloads\mbar-1.01.0.1017.zip
2013-02-07 03:20 - 2013-02-07 03:20 - 00000000 ____D C:\Users\toni12\AppData\Local\MigWiz
2013-02-07 03:11 - 2013-02-06 14:55 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-02-06 15:48 - 2013-02-06 15:48 - 00001215 ____A C:\Users\toni12\Desktop\RKreport[3]_SC_02072013_02d0848.txt
2013-02-06 15:42 - 2013-02-06 15:42 - 00001600 ____A C:\Users\toni12\Desktop\RKreport[2]_D_02072013_02d0842.txt
2013-02-06 15:42 - 2013-02-06 15:35 - 00000000 ____D C:\Users\toni12\Desktop\RK_Quarantine
2013-02-06 15:39 - 2013-02-06 15:39 - 00001601 ____A C:\Users\toni12\Desktop\RKreport[1]_S_02072013_02d0839.txt
2013-02-06 15:26 - 2013-02-06 15:26 - 00778240 ____A C:\Users\toni12\Desktop\RogueKiller.exe
2013-02-06 14:53 - 2010-02-08 01:50 - 00000000 ____D C:\Users\toni12\AppData\Local\CrashDumps
2013-02-06 14:51 - 2013-02-06 14:51 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\toni12\Downloads\tdsskiller (2).exe
2013-02-06 14:51 - 2013-02-06 14:51 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\toni12\Downloads\tdsskiller (1).exe
2013-02-06 14:51 - 2013-02-06 14:50 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\toni12\Downloads\tdsskiller.exe
2013-02-06 14:47 - 2009-09-12 13:51 - 00006756 ____A C:\Users\toni12\AppData\Local\d3d9caps.dat
2013-02-06 14:46 - 2013-02-06 14:46 - 00011624 ____A C:\Users\toni12\AppData\Local\dd_vcredistUI27AA.txt
2013-02-06 14:46 - 2013-02-06 14:46 - 00001800 ____A C:\Users\toni12\AppData\Local\dd_vcredistMSI27AA.txt
2013-02-06 14:46 - 2013-02-06 14:46 - 00001797 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-02-06 14:46 - 2013-02-06 14:46 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
2013-02-06 14:46 - 2013-02-05 22:38 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-02-06 14:45 - 2013-02-05 22:37 - 00000000 ____D C:\Users\All Users\AVAST Software
2013-02-06 14:45 - 2013-02-05 22:37 - 00000000 ____D C:\Program Files\AVAST Software
2013-02-06 14:23 - 2006-11-02 07:21 - 00309800 ____A C:\Windows\System32\FNTCACHE.DAT
2013-02-06 10:23 - 2012-04-15 13:16 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-02-06 10:23 - 2011-05-17 01:45 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-02-06 10:22 - 2013-02-06 10:22 - 16369160 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-02-06 01:59 - 2013-02-06 01:59 - 00008673 ____A C:\Users\toni12\Desktop\attach.txt
2013-02-06 01:55 - 2013-02-06 01:59 - 00020535 ____A C:\Users\toni12\Desktop\dds.txt
2013-02-06 01:46 - 2013-02-06 01:46 - 00688992 ____R (Swearware) C:\Users\toni12\Downloads\dds.com
2013-02-06 01:46 - 2013-02-06 01:46 - 00688992 ____A (Swearware) C:\Users\toni12\Downloads\dds (1).com
2013-02-05 22:43 - 2013-02-05 22:43 - 00054148 ____A C:\Users\toni12\AppData\Local\dd_vcredistUI4693.txt
2013-02-05 22:43 - 2013-02-05 22:43 - 00001792 ____A C:\Users\toni12\AppData\Local\dd_vcredistMSI4693.txt
2013-02-05 22:38 - 2009-05-11 10:25 - 00000000 ____D C:\Users\All Users\Google
2013-02-05 22:38 - 2009-05-11 10:25 - 00000000 ____D C:\Program Files (x86)\Google
2013-02-05 22:37 - 2013-02-05 22:37 - 00053624 ____A C:\Users\toni12\AppData\Local\dd_vcredistUI4230.txt
2013-02-05 22:37 - 2013-02-05 22:37 - 00001824 ____A C:\Users\toni12\AppData\Local\dd_vcredistMSI4230.txt
2013-02-05 22:36 - 2013-02-05 22:31 - 97565024 ____A C:\Users\toni12\Downloads\avast_free_antivirus_setup.exe
2013-02-05 22:33 - 2013-02-05 22:33 - 00000920 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-02-05 22:33 - 2013-02-05 22:33 - 00000000 ____D C:\Users\toni12\AppData\Roaming\Malwarebytes
2013-02-05 22:33 - 2013-02-05 22:33 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-02-05 22:33 - 2013-02-05 22:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-02-05 22:17 - 2013-02-05 22:17 - 00000732 ____A C:\Users\toni12\AppData\Local\d3d9caps64.dat
2013-02-05 22:16 - 2009-05-11 10:13 - 00000000 ____D C:\Program Files (x86)\TOSHIBA
2013-02-05 22:16 - 2009-05-11 10:13 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2013-02-05 22:14 - 2009-05-11 10:27 - 00000000 ____D C:\Users\All Users\WildTangent
2013-02-05 21:51 - 2013-02-05 21:49 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\toni12\Downloads\mbam-setup-1.70.0.1100 (1).exe
2013-02-05 21:49 - 2013-02-05 21:48 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\toni12\Downloads\mbam-setup-1.70.0.1100.exe
2013-02-05 21:02 - 2013-02-05 21:02 - 00000000 ____A C:\Windows\setuperr.log
2013-02-05 20:44 - 2010-01-02 19:16 - 00000000 ____D C:\Windows\Minidump
2013-02-05 20:27 - 2013-02-05 20:22 - 32652922 ____A C:\Users\toni12\Downloads\Windows_Password_Recovery_Tool_Trial.exe
2013-02-05 19:51 - 2009-12-19 05:58 - 00002215 ____A C:\Users\Public\Desktop\Norton AntiVirus.lnk
2013-02-05 19:51 - 2009-12-19 05:57 - 00000000 ____D C:\Windows\System32\Drivers\NAVx64
2013-02-05 19:48 - 2009-08-08 17:00 - 00000000 ____D C:\Users\toni12\AppData\Local\Google
2013-02-05 19:47 - 2013-02-05 19:44 - 28568733 ____A (Password Unlocker Studio. ) C:\Users\toni12\Downloads\windows_password_unlocker_professional_trial.exe
2013-02-05 19:43 - 2013-02-05 19:43 - 00000000 ____A C:\Windows\ToDisc.INI
2013-02-05 19:14 - 2009-10-07 03:30 - 00008704 ____A C:\Users\toni12\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-05 19:13 - 2013-02-05 21:02 - 00000795 ____A C:\Windows\setupact.log
2013-02-05 19:09 - 2013-02-05 19:06 - 29575203 ____A (Anmosoft, Inc. ) C:\Users\toni12\Downloads\WindowsPasswordResetProfessionalDemoSetup (1).exe
2013-02-05 18:52 - 2009-05-11 10:59 - 00000000 ____D C:\Users\All Users\Microsoft Help
2013-02-05 18:48 - 2012-08-23 07:39 - 00000129 ____A C:\Windows\System32\MRT.INI
2013-02-05 18:44 - 2006-11-02 04:35 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-02-05 18:28 - 2009-10-03 18:18 - 00002037 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-01-17 01:28 - 2009-10-03 04:19 - 00273840 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-12-25 22:21] - [2012-08-21 03:50] - 0267648 ____A (Microsoft Corporation) 582F710097B46140F5A89A19A6573D4B


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-19 03:00:26
Restore point made on: 2012-11-20 03:00:33
Restore point made on: 2012-11-22 03:00:32
Restore point made on: 2012-11-23 03:00:24
Restore point made on: 2012-11-24 03:00:30
Restore point made on: 2012-11-25 03:00:36
Restore point made on: 2012-11-26 03:00:36
Restore point made on: 2012-11-27 03:00:36
Restore point made on: 2012-11-28 03:00:47
Restore point made on: 2012-12-08 03:00:34
Restore point made on: 2012-12-25 21:57:30
Restore point made on: 2012-12-26 03:01:02
Restore point made on: 2013-01-02 02:05:23
Restore point made on: 2013-01-02 02:48:32
Restore point made on: 2013-01-02 02:51:01
Restore point made on: 2013-01-02 02:55:33
Restore point made on: 2013-01-02 03:05:45
Restore point made on: 2013-01-18 02:08:15
Restore point made on: 2013-02-05 18:32:20
Restore point made on: 2013-02-05 18:43:38
Restore point made on: 2013-02-05 19:21:16
Restore point made on: 2013-02-06 01:21:44
Restore point made on: 2013-02-06 01:24:23
Restore point made on: 2013-02-06 10:01:35
Restore point made on: 2013-02-06 18:07:42
Restore point made on: 2013-02-07 03:53:35
Restore point made on: 2013-02-07 11:43:41

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 4058.23 MB
Available physical RAM: 3519.36 MB
Total Pagefile: 3808.09 MB
Available Pagefile: 3486.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (TI101800V0E ) (Fixed) (Total:286.35 GB) (Free:196.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (PASSWORDUNLOCKER) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
3 Drive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.3 GB) NTFS
4 Drive f: () (Removable) (Total:7.46 GB) (Free:1.45 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7658 MB 0 B

Partitions of Disk 0:
===============

Disk ID: 14054DEA

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 1500 MB 1024 KB
Partition 2 Primary 286 GB 1501 MB
Partition 3 Primary 10 GB 288 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E TOSHIBA SYS NTFS Partition 1500 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI101800V0E NTFS Partition 286 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 1:
===============

Disk ID: 004273D9

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7657 MB 32 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 F FAT32 Removable 7657 MB Healthy

=========================================================

Last Boot: 2013-02-07 05:43

==================== End Of Log =============================

 

[RLong31]

Search Log:

Farbar Recovery Scan Tool (x64) Version: 06-02-2013
Ran by SYSTEM at 2013-02-08 08:38:46
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-12-02 23:09] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009-12-02 23:09] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719

C:\Windows\SysWOW64\services.exe
[2009-12-02 23:09] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\System32\services.exe
[2009-12-02 23:09] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

====== End Of Search ======

 

[Jay Pfoutz]

Please do a search the same way in FRST for this: volsnap.sys

 

[RLong31]

Search Log:

Farbar Recovery Scan Tool (x64) Version: 06-02-2013
Ran by SYSTEM at 2013-02-08 23:44:46
Running from F:\

================== Search: "volsnap.sys" ===================

C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.0.6002.22913_none_743da78bcabba994\volsnap.sys
[2012-12-25 22:21] - [2012-08-21 03:50] - 0268160 ____A (Microsoft Corporation) FBF61EB641BEFC9B3BF6407062A6C807

C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.0.6002.18679_none_73792928b1c94f2c\volsnap.sys
[2012-12-25 22:21] - [2012-08-21 03:50] - 0267648 ____A (Microsoft Corporation) 582F710097B46140F5A89A19A6573D4B

C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_73c0cc10b194374f\volsnap.sys
[2009-12-02 23:09] - [2009-04-10 23:15] - 0269288 ____A (Microsoft Corporation) 5280AADA24AB36B01A84A6424C475C8D

C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_71d55304b4726c03\volsnap.sys
[2008-01-20 18:47] - [2008-01-20 18:47] - 0271416 ____A (Microsoft Corporation) DE4307412D98050239026E56A7DFF3C0

C:\Windows\System32\DriverStore\FileRepository\volume.inf_d5525b4d\volsnap.sys
[2009-12-02 23:09] - [2009-04-10 23:15] - 0269288 ____A (Microsoft Corporation) 5280AADA24AB36B01A84A6424C475C8D

C:\Windows\System32\DriverStore\FileRepository\volume.inf_c52a9a32\volsnap.sys
[2006-11-02 04:40] - [2006-11-02 03:51] - 0247912 ____A (Microsoft Corporation) D4674E125878F77EED0D87E6C46889AA

C:\Windows\System32\DriverStore\FileRepository\volume.inf_47e59f7b\volsnap.sys
[2008-01-20 18:47] - [2008-01-20 18:47] - 0271416 ____A (Microsoft Corporation) DE4307412D98050239026E56A7DFF3C0

C:\Windows\System32\DriverStore\FileRepository\volume.inf_0b1d42b8\volsnap.sys
[2012-12-25 22:21] - [2012-08-21 03:50] - 0267648 ____A (Microsoft Corporation) 582F710097B46140F5A89A19A6573D4B

C:\Windows\System32\drivers\volsnap.sys
[2012-12-25 22:21] - [2012-08-21 03:50] - 0267648 ____A (Microsoft Corporation) 582F710097B46140F5A89A19A6573D4B

====== End Of Search ======

 

[Jay Pfoutz]

FRST Fixlist

Please download attached fixlist.txt below, and save it to your flash drive in the same location as FRST.exe. Make sure it maintains the same name, otherwise the fix will fail.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

 

[RLong31]

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-02-2013
Ran by SYSTEM at 2013-02-11 09:14:08 Run:1
Running from F:\

==============================================

C:\Windows\System32\drivers\volsnap.sys moved successfully.
C:\Windows\System32\DriverStore\FileRepository\volume.inf_0b1d42b8\volsnap.sys copied successfully to C:\Windows\System32\drivers\volsnap.sys

==== End of Fixlog ====

 

[RLong31]

Everything seems to be running fine now. No more annoying pop-ups saying a program has failed. Only thing that is not working correctly is Windows Defender. I can access the firewall stuff, and run a scan... but it won't let me access the "Change Start-up Programs" portion. It gives me the error: Software Explorers error: 0x80070005. Access is denied.

Still a virus/mal-ware issue or something else? That's really the only thing I've noticed so far that doesn't work.

 

[Jay Pfoutz]

Yeah. We need to check something else...

Check Partitions

Please download Listparts64
Run the tool,
check the "list BCD" box
click "Scan" and post the log (Result.txt) it makes.


Be back tomorrow. Good night!

 

[RLong31]

Result.txt :


Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

Windows Legacy OS Loader
------------------------
identifier {ntldr}
device unknown
path \ntldr
description Earlier Version of Windows

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
description Toshiba Recovery Environment
ramdisksdidevice partition=\Device\HarddiskVolume1
ramdisksdipath \boot.sdi


****** End Of Log ******

 

[Jay Pfoutz]

I didn't need a log from MEMTEST. I need a log from ListParts64, please.

 

[RLong31]

My apologies.. here is results of listparts64:

ListParts by Farbar Version: 16-01-2013
Ran by toni12 (administrator) on 12-02-2013 at 07:14:15
Windows Vista (X64)
Running From: C:\Users\toni12\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 70%
Total physical RAM: 4058.23 MB
Available physical RAM: 1207.62 MB
Total Pagefile: 8293.75 MB
Available Pagefile: 4911.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.92 MB

======================= Partitions =========================

1 Drive c: (TI101800V0E ) (Fixed) (Total:286.35 GB) (Free:199.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: () (Removable) (Total:7.46 GB) (Free:1.44 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7658 MB 0 B

Partitions of Disk 0:
===============

Disk ID: 14054DEA

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 1500 MB 1024 KB
Partition 2 Primary 286 GB 1501 MB
Partition 3 Primary 10 GB 288 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI101800V0E NTFS Partition 286 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Disk ID: 004273D9

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7657 MB 32 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E FAT32 Removable 7657 MB Healthy

======================================================================================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {b5b44ba9-3e50-11de-8b96-00248c6a1e8b}
displayorder {current}
toolsdisplayorder {572bcd56-ffa7-11d9-aae0-0007e994107d}
{memdiag}
timeout 30
resume No
customactions 0x1000000720001
0x54000001
custom:54000001 {572bcd56-ffa7-11d9-aae0-0007e994107d}

Windows Boot Loader
-------------------
identifier {572bcd56-ffa7-11d9-aae0-0007e994107d}
device ramdisk=[\Device\HarddiskVolume1]\Sources\boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
path \windows\system32\boot\winload.exe
description Toshiba Recovery Environment
osdevice ramdisk=[\Device\HarddiskVolume1]\Sources\boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
systemroot \windows
nx OptIn
detecthal Yes
winpe Yes

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Microsoft Windows Vista
locale en-US
inherit {bootloadersettings}
recoverysequence {572bcd56-ffa7-11d9-aae0-0007e994107d}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {b5b44ba9-3e50-11de-8b96-00248c6a1e8b}
nx OptIn

Resume from Hibernate
---------------------
identifier {b5b44ba9-3e50-11de-8b96-00248c6a1e8b}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

Windows Legacy OS Loader
------------------------
identifier {ntldr}
device unknown
path \ntldr
description Earlier Version of Windows

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
description Toshiba Recovery Environment
ramdisksdidevice partition=\Device\HarddiskVolume1
ramdisksdipath \boot.sdi


****** End Of Log ******

 

[Jay Pfoutz]

Print this, if you like...

Click Start > type CMD and right-click on Command Prompt and select Run as administrator...

While in Command Prompt, type the following pressing Enter after each break in line of my text:

DISKPART

List Disk

select disk 0

list partition

select partition 3

delete partition override

exit

exit


NOTE: Be sure when you go to the step "list partition", verify that partition 3 is listed to delete. If so, delete partition 3.

 

[RLong31]

Done

 

[Jay Pfoutz]

New log from ListParts64 please, to verify it's gone.

 

[RLong31]

Listparts Log:

ListParts by Farbar Version: 16-01-2013
Ran by toni12 (administrator) on 13-02-2013 at 07:38:49
Windows Vista (X64)
Running From: C:\Users\toni12\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 58%
Total physical RAM: 4058.23 MB
Available physical RAM: 1679.22 MB
Total Pagefile: 8305.75 MB
Available Pagefile: 5549.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.92 MB

======================= Partitions =========================

1 Drive c: (TI101800V0E ) (Fixed) (Total:286.35 GB) (Free:197.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 10 GB

Partitions of Disk 0:
===============

Disk ID: 14054DEA

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 1500 MB 1024 KB
Partition 2 Primary 286 GB 1501 MB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI101800V0E NTFS Partition 286 GB Healthy System (partition with boot components)

======================================================================================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {b5b44ba9-3e50-11de-8b96-00248c6a1e8b}
displayorder {current}
toolsdisplayorder {572bcd56-ffa7-11d9-aae0-0007e994107d}
{memdiag}
timeout 30
resume No
customactions 0x1000000720001
0x54000001
custom:54000001 {572bcd56-ffa7-11d9-aae0-0007e994107d}

Windows Boot Loader
-------------------
identifier {572bcd56-ffa7-11d9-aae0-0007e994107d}
device ramdisk=[\Device\HarddiskVolume1]\Sources\boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
path \windows\system32\boot\winload.exe
description Toshiba Recovery Environment
osdevice ramdisk=[\Device\HarddiskVolume1]\Sources\boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
systemroot \windows
nx OptIn
detecthal Yes
winpe Yes

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Microsoft Windows Vista
locale en-US
inherit {bootloadersettings}
recoverysequence {572bcd56-ffa7-11d9-aae0-0007e994107d}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {b5b44ba9-3e50-11de-8b96-00248c6a1e8b}
nx OptIn

Resume from Hibernate
---------------------
identifier {b5b44ba9-3e50-11de-8b96-00248c6a1e8b}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

Windows Legacy OS Loader
------------------------
identifier {ntldr}
device unknown
path \ntldr
description Earlier Version of Windows

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
description Toshiba Recovery Environment
ramdisksdidevice partition=\Device\HarddiskVolume1
ramdisksdipath \boot.sdi


****** End Of Log ******