logs from computer with fake virus scanner problems

Status
Not open for further replies.
D

dario03

Fully Optimized
Messages
2,078
Logs from a friends computer that keeps getting fake virus scanners popping up.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:53:03 AM, on 4/13/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\FrankTheTank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K4USTB9H\HijackThis[1].exe
C:\Windows\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 13119 bytes


*******************************
Malware Bytes
*******************************

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3970
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904
4/13/2010 3:47:26 AM
mbam-log-2010-04-13 (03-47-26).txt
Scan type: Quick scan
Objects scanned: 108153
Time elapsed: 3 minute(s), 55 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\FrankTheTank\AppData\Local\ave.exe" /START "iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
 
******************************
Combo Fix
******************************

ComboFix 10-04-12.04 - FrankTheTank 04/13/2010 3:19.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3066.1955 [GMT -4:00]
Running from: c:\users\FrankTheTank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HKHKDMY6\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2359657292-1150276606-2096789631-500
c:\$recycle.bin\S-1-5-21-2579318607-1803140385-2259442151-500
c:\users\FrankTheTank\AppData\Local\ave.exe
c:\users\FrankTheTank\AppData\Local\Microsoft\Windows\Temporary Internet Files\48d07cP.jpg
c:\users\FrankTheTank\AppData\Local\Microsoft\Windows\Temporary Internet Files\F0qS2P.jpg
c:\users\FrankTheTank\AppData\Local\Microsoft\Windows\Temporary Internet Files\o0Xh84B.jpg
c:\users\FrankTheTank\AppData\Local\Microsoft\Windows\Temporary Internet Files\SGun5.jpg
c:\users\FrankTheTank\AppData\Roaming\.#
c:\users\FrankTheTank\AppData\Roaming\.#\MBX@3760@161F18.###
c:\users\FrankTheTank\AppData\Roaming\.#\MBX@3760@161F28.###
c:\users\FrankTheTank\AppData\Roaming\.#\MBX@444@2341F18.###
c:\users\FrankTheTank\AppData\Roaming\.#\MBX@444@2341F28.###
c:\users\FrankTheTank\AppData\Roaming\7685D55AA564D7A4A78DA0959E6C7755
c:\users\FrankTheTank\AppData\Roaming\7685D55AA564D7A4A78DA0959E6C7755\appreg70700.exe
c:\users\FrankTheTank\AppData\Roaming\7685D55AA564D7A4A78DA0959E6C7755\enemies-names.txt
c:\users\FrankTheTank\AppData\Roaming\7685D55AA564D7A4A78DA0959E6C7755\lsrslt.ini
c:\users\FrankTheTank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.2.inf
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((( Files Created from 2010-03-13 to 2010-04-13 )))))))))))))))))))))))))))))))
.
2010-04-13 07:30 . 2010-04-13 07:31 -------- d-----w- c:\users\FrankTheTank\AppData\Local\temp
2010-04-13 07:30 . 2010-04-13 07:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-13 03:46 . 2010-04-13 03:46 -------- d-----w- c:\program files\CCleaner
2010-04-09 03:42 . 2010-01-28 14:25 68200 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2010-04-09 03:42 . 2010-01-28 14:24 57344 ----a-w- c:\windows\system32\nvapo32v.dll
2010-04-09 03:42 . 2010-01-28 14:24 19456 ----a-w- c:\windows\system32\nvhdap32.dll
2010-04-09 03:40 . 2010-04-09 03:42 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-09 03:30 . 2010-04-09 03:39 1356 ----a-w- c:\users\FrankTheTank\AppData\Local\d3d9caps.dat
2010-04-09 02:29 . 2010-04-09 02:48 -------- d-----w- c:\users\Public\Modern Warfare 2
2010-04-09 01:18 . 2010-04-09 01:18 -------- d-----w- c:\users\Public\Call_Of_Duty_Modern_Warfare_2_Crack_Only-Razor1911
2010-04-09 01:14 . 2010-04-09 01:14 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-04-09 01:05 . 2010-04-09 01:05 -------- d-----w- c:\program files\Microsoft
2010-04-08 23:04 . 2010-04-01 22:10 1588224 ----a-w- c:\users\Public\SteamInstall.msi
2010-03-17 00:46 . 2010-03-17 00:46 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-03-17 00:46 . 2010-03-17 00:46 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-03-17 00:46 . 2010-03-17 00:46 1515624 ----a-w- c:\windows\system32\nvsvcr.dll
2010-03-17 00:46 . 2010-03-17 00:46 13684328 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-17 00:46 . 2010-03-17 00:46 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-03-17 00:46 . 2010-03-17 00:46 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-13 06:58 . 2010-04-09 03:49 35573 ----a-w- c:\programdata\nvModes.dat
2010-04-13 03:37 . 2008-06-11 01:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-09 05:52 . 2010-01-15 02:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-09 03:49 . 2008-07-16 00:46 -------- d-----w- c:\programdata\NVIDIA
2010-04-09 02:57 . 2009-11-28 03:45 -------- d-----w- c:\program files\Activision
2010-04-09 01:06 . 2010-04-09 01:06 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2010-04-08 23:55 . 2009-01-21 04:12 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-08 23:49 . 2008-11-20 03:39 -------- d-----w- c:\users\FrankTheTank\AppData\Roaming\Hamachi
2010-04-08 05:00 . 2010-01-07 04:55 -------- d-----w- c:\users\FrankTheTank\AppData\Roaming\Skype
2010-04-08 04:05 . 2010-01-07 04:57 -------- d-----w- c:\users\FrankTheTank\AppData\Roaming\skypePM
2010-03-29 19:24 . 2010-01-15 02:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 19:24 . 2010-01-15 02:14 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-19 08:36 . 2008-10-16 03:29 -------- d-----w- c:\users\FrankTheTank\AppData\Roaming\uTorrent
2010-03-17 06:36 . 2008-11-11 21:14 -------- d-----w- c:\program files\Electronic Arts
2010-03-13 05:11 . 2009-01-08 13:18 -------- d-----w- c:\programdata\Yahoo! Companion
2010-03-13 05:10 . 2009-01-08 13:18 -------- d-----w- c:\users\FrankTheTank\AppData\Roaming\Yahoo!
2010-03-13 05:06 . 2010-03-13 05:05 -------- d-----w- c:\programdata\Yahoo!
2010-03-13 05:06 . 2009-01-08 13:18 -------- d-----w- c:\program files\Yahoo!
2010-03-12 15:26 . 2008-07-16 00:38 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-11 08:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-11 08:03 . 2008-07-08 23:06 -------- d-----w- c:\programdata\Microsoft Help
2010-02-26 20:57 . 2009-06-10 20:48 -------- d-----w- c:\users\FrankTheTank\AppData\Roaming\teamspeak2
2010-02-25 16:08 . 2008-10-16 02:21 83288 ----a-w- c:\users\FrankTheTank\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 06:39 . 2010-04-07 10:36 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-07 10:36 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-04-07 10:36 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-04-07 10:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:39 . 2010-03-11 08:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37 . 2010-03-11 08:00 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:18 . 2010-03-11 08:00 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-15 13:31 . 2010-02-15 13:30 3206928 ----a-w- c:\programdata\Electronic Arts Inc\CNC4BetaPatch\LauncherUpdate_R15b.exe
2010-01-30 06:29 . 2010-01-30 06:29 485136 ----a-w- c:\programdata\Electronic Arts Inc\CNC4BetaPatch\LauncherUpdate_R13.exe
2010-01-29 20:17 . 2009-09-14 23:29 130987 ----a-w- c:\windows\hpoins12.dat
2010-01-27 04:07 . 2008-05-29 14:11 219752 ----a-w- c:\windows\system32\nvcohda.dll
2010-01-25 12:48 . 2010-02-25 01:45 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48 . 2010-02-25 01:45 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48 . 2010-02-25 01:45 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48 . 2010-02-25 01:45 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45 . 2010-02-25 01:45 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35 . 2010-02-25 01:45 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-25 01:45 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34 . 2010-02-25 01:45 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34 . 2010-02-25 01:45 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:44 . 2010-02-25 01:45 2048 ----a-w- c:\windows\system32\tzres.dll
2008-10-24 17:48 . 2008-10-22 09:14 1004 --sha-w- c:\windows\System32\sys_drv.dat
2008-10-16 02:20 . 2008-10-16 02:20 13 --sh--w- c:\windows\System32\drivers\fbd.sys
2008-10-16 02:20 . 2008-10-16 02:20 4 --sh--w- c:\windows\System32\drivers\taishop.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2009-11-09 23:38 2331672 ----a-w- c:\program files\Zynga\tbZyn0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 21:54 1555480 ----a-w- c:\program files\free-downloads.net\tbfree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-10-22 4608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"NDSTray.exe"="NDSTray.exe" [BU]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2007-09-19 438272]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-24 7719456]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"PCMAgent"="c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-02-14 184320]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
c:\users\FrankTheTank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
OneNote Table Of Contents.onetoc2 [2008-10-22 3656]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
R3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\DRIVERS\AVerBDA716x.sys [2008-06-23 1020160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-10-15 99376]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-04-13 c:\windows\Tasks\User_Feed_Synchronization-{68E27D7A-C028-4BD8-B654-ABED91F1B527}.job
- c:\windows\system32\msfeedssync.exe [2010-04-07 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKCU-Run-Aim6 - (no file)
HKCU-Run-appreg70700.exe - c:\users\FrankTheTank\AppData\Roaming\7685D55AA564D7A4A78DA0959E6C7755\appreg70700.exe
HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper.dll

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-04-13 03:30
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86B0EAC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x83715322
\Driver\ACPI -> acpi.sys @ 0x8069ad4c
\Driver\atapi -> ataport.SYS @ 0x82ee19a8
\Driver\iaStor -> iaStor.sys @ 0x82e4278c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2579318607-1803140385-2259442151-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:84,46,77,1a,7c,21,1c,1e,af,08,70,2a,b3,64,a2,5f,5e,43,0b,8c,18,ec,f7,
08,8c,2d,cf,f8,1b,14,d5,08,7b,da,6e,c7,03,4b,1d,51,a4,5f,bb,13,0f,45,1c,99,\
"??"=hex:47,54,40,b3,66,19,cc,bf,71,ac,3b,3b,e2,eb,01,9a
[HKEY_USERS\S-1-5-21-2579318607-1803140385-2259442151-1000\Software\SecuROM\License information*]
"datasecu"=hex:64,ed,34,97,f3,7b,16,07,cf,83,50,15,75,0e,c4,07,89,5b,2b,3f,25,
59,1a,c9,f0,00,11,27,eb,63,d3,af,94,f4,d8,ce,12,e0,cb,50,0a,4d,8e,a2,a5,56,\
"rkeysecu"=hex:eb,f5,d7,1c,bf,f0,bf,1f,c5,f1,c8,20,b1,a7,76,e3
.
Completion time: 2010-04-13 03:34:15
ComboFix-quarantined-files.txt 2010-04-13 07:34
Pre-Run: 60,218,191,872 bytes free
Post-Run: 60,174,737,408 bytes free
- - End Of File - - EFF900F4DB7169CB1FFCFC8DC72CC4EF


****************************************************************

Thanks for any help.
 
Before using your guide I ran avast and malwarebytes but when using your guide I ran

Combofix then malwarebytes and then hijackthis.
 
Ok, go ahead and run:

ccleaner and the registry cleaner
Cleanup!

Then run combofix one more time and post its log so I can see if it removed more items like it did the first time.
 
ComboFix 10-04-13.02 - FrankTheTank 04/13/2010 18:35:36.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3066.1945 [GMT -4:00]
Running from: c:\users\FrankTheTank\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\microsoft shared\OFFICE12\1033\Officeacerecr.exe
c:\program files\Common Files\microsoft shared\Works Shared\1036\MsGr3FrNatural.exe
c:\program files\nvidia corporation\physx\engine\v2.4.1\dynamicphysxcookingfc4.exe
c:\windows\temp\vmeh.tmp\svchost.exe
.
((((((((((((((((((((((((( Files Created from 2010-03-13 to 2010-04-13 )))))))))))))))))))))))))))))))
.
2010-04-13 22:46 . 2010-04-13 22:46 -------- d-----w- c:\users\FrankTheTank\AppData\Local\temp
2010-04-13 22:46 . 2010-04-13 22:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-13 22:46 . 2010-04-13 22:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-13 03:46 . 2010-04-13 03:46 -------- d-----w- c:\program files\CCleaner
2010-04-09 03:42 . 2010-01-28 14:25 68200 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2010-04-09 03:42 . 2010-01-28 14:24 57344 ----a-w- c:\windows\system32\nvapo32v.dll
2010-04-09 03:42 . 2010-01-28 14:24 19456 ----a-w- c:\windows\system32\nvhdap32.dll
2010-04-09 03:40 . 2010-04-09 03:42 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-09 03:30 . 2010-04-09 03:39 1356 ----a-w- c:\users\FrankTheTank\AppData\Local\d3d9caps.dat
2010-04-09 02:29 . 2010-04-09 02:48 -------- d-----w- c:\users\Public\Modern Warfare 2
2010-04-09 01:18 . 2010-04-09 01:18 -------- d-----w- c:\users\Public\Call_Of_Duty_Modern_Warfare_2_Crack_Only-Razor1911
2010-04-09 01:14 . 2010-04-09 01:14 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-04-09 01:05 . 2010-04-09 01:05 -------- d-----w- c:\program files\Microsoft
2010-04-08 23:04 . 2010-04-01 22:10 1588224 ----a-w- c:\users\Public\SteamInstall.msi
2010-03-24 08:04 . 2010-03-24 18:17 952768 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\2932\AdobeARM.exe
2010-03-24 08:04 . 2010-03-24 18:17 70584 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\2932\AdobeExtractFiles.dll
2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\2932\ReaderUpdater.exe
2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\2932\AcrobatUpdater.exe
2010-03-17 00:46 . 2010-03-17 00:46 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-03-17 00:46 . 2010-03-17 00:46 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-03-17 00:46 . 2010-03-17 00:46 1515624 ----a-w- c:\windows\system32\nvsvcr.dll
2010-03-17 00:46 . 2010-03-17 00:46 13684328 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-17 00:46 . 2010-03-17 00:46 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-03-17 00:46 . 2010-03-17 00:46 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-13 22:30 . 2010-04-09 03:49 35573 ----a-w- c:\programdata\nvModes.dat
2010-04-13 03:37 . 2008-06-11 01:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-09 05:52 . 2010-01-15 02:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-09 03:49 . 2008-07-16 00:46 -------- d-----w- c:\programdata\NVIDIA
2010-04-09 02:57 . 2009-11-28 03:45 -------- d-----w- c:\program files\Activision
2010-04-09 01:06 . 2010-04-09 01:06 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2010-04-08 23:55 . 2009-01-21 04:12 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-08 23:49 . 2008-11-20 03:39 -------- d-----w- c:\users\FrankTheTank\AppData\Roaming\Hamachi
2010-04-08 05:00 . 2010-01-07 04:55 -------- d-----w- c:\users\FrankTheTank\AppData\Roaming\Skype
2010-04-08 04:05 . 2010-01-07 04:57 -------- d-----w- c:\users\FrankTheTank\AppData\Roaming\skypePM
2010-03-29 19:24 . 2010-01-15 02:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 19:24 . 2010-01-15 02:14 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-19 08:36 . 2008-10-16 03:29 -------- d-----w- c:\users\FrankTheTank\AppData\Roaming\uTorrent
2010-03-17 06:36 . 2008-11-11 21:14 -------- d-----w- c:\program files\Electronic Arts
2010-03-13 05:11 . 2009-01-08 13:18 -------- d-----w- c:\programdata\Yahoo! Companion
2010-03-13 05:10 . 2009-01-08 13:18 -------- d-----w- c:\users\FrankTheTank\AppData\Roaming\Yahoo!
2010-03-13 05:06 . 2010-03-13 05:05 -------- d-----w- c:\programdata\Yahoo!
2010-03-13 05:06 . 2009-01-08 13:18 -------- d-----w- c:\program files\Yahoo!
2010-03-12 15:26 . 2008-07-16 00:38 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-11 08:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-11 08:03 . 2008-07-08 23:06 -------- d-----w- c:\programdata\Microsoft Help
2010-02-26 20:57 . 2009-06-10 20:48 -------- d-----w- c:\users\FrankTheTank\AppData\Roaming\teamspeak2
2010-02-25 16:08 . 2008-10-16 02:21 83288 ----a-w- c:\users\FrankTheTank\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 06:39 . 2010-04-07 10:36 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-07 10:36 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-04-07 10:36 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-04-07 10:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:39 . 2010-03-11 08:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37 . 2010-03-11 08:00 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:18 . 2010-03-11 08:00 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-15 13:31 . 2010-02-15 13:30 3206928 ----a-w- c:\programdata\Electronic Arts Inc\CNC4BetaPatch\LauncherUpdate_R15b.exe
2010-01-30 06:29 . 2010-01-30 06:29 485136 ----a-w- c:\programdata\Electronic Arts Inc\CNC4BetaPatch\LauncherUpdate_R13.exe
2010-01-29 20:17 . 2009-09-14 23:29 130987 ----a-w- c:\windows\hpoins12.dat
2010-01-27 04:07 . 2008-05-29 14:11 219752 ----a-w- c:\windows\system32\nvcohda.dll
2010-01-25 12:48 . 2010-02-25 01:45 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48 . 2010-02-25 01:45 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48 . 2010-02-25 01:45 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48 . 2010-02-25 01:45 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45 . 2010-02-25 01:45 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35 . 2010-02-25 01:45 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-25 01:45 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34 . 2010-02-25 01:45 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34 . 2010-02-25 01:45 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:44 . 2010-02-25 01:45 2048 ----a-w- c:\windows\system32\tzres.dll
2008-10-24 17:48 . 2008-10-22 09:14 1004 --sha-w- c:\windows\System32\sys_drv.dat
2008-10-16 02:20 . 2008-10-16 02:20 13 --sh--w- c:\windows\System32\drivers\fbd.sys
2008-10-16 02:20 . 2008-10-16 02:20 4 --sh--w- c:\windows\System32\drivers\taishop.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2009-11-09 23:38 2331672 ----a-w- c:\program files\Zynga\tbZyn0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-10-22 4608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"NDSTray.exe"="NDSTray.exe" [BU]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2007-09-19 438272]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-24 7719456]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"PCMAgent"="c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-02-14 184320]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
c:\users\FrankTheTank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
OneNote Table Of Contents.onetoc2 [2008-10-22 3656]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
R3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\DRIVERS\AVerBDA716x.sys [2008-06-23 1020160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-10-15 99376]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-04-13 c:\windows\Tasks\User_Feed_Synchronization-{68E27D7A-C028-4BD8-B654-ABED91F1B527}.job
- c:\windows\system32\msfeedssync.exe [2010-04-07 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-PhysXCoreLink - c:\program files\nvidia corporation\physx\engine\v2.4.1\dynamicphysxcookingfc4.exe
HKLM-Run-systemOffice12.0.4518.1014 - c:\program files\common files\microsoft shared\office12\1033\officeacerecr.exe
HKLM-Run-alrtintlMSOSOAPR3 - c:\program files\Common Files\microsoft shared\OFFICE12\1033\Officeacerecr.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-04-13 18:46
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86B0EAC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8370d322
\Driver\ACPI -> acpi.sys @ 0x80691d4c
\Driver\atapi -> ataport.SYS @ 0x82ee09a8
\Driver\iaStor -> iaStor.sys @ 0x82e4178c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2579318607-1803140385-2259442151-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:84,46,77,1a,7c,21,1c,1e,af,08,70,2a,b3,64,a2,5f,5e,43,0b,8c,18,ec,f7,
08,8c,2d,cf,f8,1b,14,d5,08,7b,da,6e,c7,03,4b,1d,51,a4,5f,bb,13,0f,45,1c,99,\
"??"=hex:47,54,40,b3,66,19,cc,bf,71,ac,3b,3b,e2,eb,01,9a
[HKEY_USERS\S-1-5-21-2579318607-1803140385-2259442151-1000\Software\SecuROM\License information*]
"datasecu"=hex:64,ed,34,97,f3,7b,16,07,cf,83,50,15,75,0e,c4,07,89,5b,2b,3f,25,
59,1a,c9,f0,00,11,27,eb,63,d3,af,94,f4,d8,ce,12,e0,cb,50,0a,4d,8e,a2,a5,56,\
"rkeysecu"=hex:eb,f5,d7,1c,bf,f0,bf,1f,c5,f1,c8,20,b1,a7,76,e3
.
Completion time: 2010-04-13 18:49:42
ComboFix-quarantined-files.txt 2010-04-13 22:49
ComboFix2.txt 2010-04-13 07:34
Pre-Run: 59,943,108,608 bytes free
Post-Run: 59,916,152,832 bytes free
- - End Of File - - 952E84B1B5FDBB14EB9BCFF215ABB54A
 
System restore was already turned off but I restarted the computer and ran combofix again. I'm not getting fake antivirus anymore but I am getting lots of popups and redirects in IE8. In any case heres the log

ComboFix 10-04-13.02 - FrankTheTank 04/14/2010 14:37:21.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3066.2269 [GMT -4:00]
Running from: c:\users\FrankTheTank\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-03-14 to 2010-04-14 )))))))))))))))))))))))))))))))
.
2010-04-14 18:48 . 2010-04-14 18:48 -------- d-----w- c:\users\FrankTheTank\AppData\Local\temp
2010-04-14 18:48 . 2010-04-14 18:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-14 18:48 . 2010-04-14 18:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-13 03:46 . 2010-04-13 03:46 -------- d-----w- c:\program files\CCleaner
2010-04-09 03:42 . 2010-01-28 14:25 68200 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2010-04-09 03:42 . 2010-01-28 14:24 57344 ----a-w- c:\windows\system32\nvapo32v.dll
2010-04-09 03:42 . 2010-01-28 14:24 19456 ----a-w- c:\windows\system32\nvhdap32.dll
2010-04-09 03:40 . 2010-04-09 03:42 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-09 03:30 . 2010-04-09 03:39 1356 ----a-w- c:\users\FrankTheTank\AppData\Local\d3d9caps.dat
2010-04-09 02:29 . 2010-04-09 02:48 -------- d-----w- c:\users\Public\Modern Warfare 2
2010-04-09 01:18 . 2010-04-09 01:18 -------- d-----w- c:\users\Public\Call_Of_Duty_Modern_Warfare_2_Crack_Only-Razor1911
2010-04-09 01:14 . 2010-04-09 01:14 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-04-09 01:05 . 2010-04-09 01:05 -------- d-----w- c:\program files\Microsoft
2010-04-08 23:04 . 2010-04-01 22:10 1588224 ----a-w- c:\users\Public\SteamInstall.msi
2010-03-24 08:04 . 2010-03-24 18:17 952768 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\2932\AdobeARM.exe
2010-03-24 08:04 . 2010-03-24 18:17 70584 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\2932\AdobeExtractFiles.dll
2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\2932\ReaderUpdater.exe
2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\2932\AcrobatUpdater.exe
2010-03-17 00:46 . 2010-03-17 00:46 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-03-17 00:46 . 2010-03-17 00:46 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-03-17 00:46 . 2010-03-17 00:46 1515624 ----a-w- c:\windows\system32\nvsvcr.dll
2010-03-17 00:46 . 2010-03-17 00:46 13684328 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-17 00:46 . 2010-03-17 00:46 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-03-17 00:46 . 2010-03-17 00:46 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-14 18:14 . 2010-04-09 03:49 35573 ----a-w- c:\programdata\nvModes.dat
2010-04-13 03:37 . 2008-06-11 01:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-09 05:52 . 2010-01-15 02:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-09 03:49 . 2008-07-16 00:46 -------- d-----w- c:\programdata\NVIDIA
2010-04-09 02:57 . 2009-11-28 03:45 -------- d-----w- c:\program files\Activision
2010-04-09 01:06 . 2010-04-09 01:06 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2010-04-08 23:55 . 2009-01-21 04:12 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-08 23:49 . 2008-11-20 03:39 -------- d-----w- c:\users\FrankTheTank\AppData\Roaming\Hamachi
2010-04-08 05:00 . 2010-01-07 04:55 -------- d-----w- c:\users\FrankTheTank\AppData\Roaming\Skype
2010-04-08 04:05 . 2010-01-07 04:57 -------- d-----w- c:\users\FrankTheTank\AppData\Roaming\skypePM
2010-03-29 19:24 . 2010-01-15 02:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 19:24 . 2010-01-15 02:14 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-19 08:36 . 2008-10-16 03:29 -------- d-----w- c:\users\FrankTheTank\AppData\Roaming\uTorrent
2010-03-17 06:36 . 2008-11-11 21:14 -------- d-----w- c:\program files\Electronic Arts
2010-03-13 05:11 . 2009-01-08 13:18 -------- d-----w- c:\programdata\Yahoo! Companion
2010-03-13 05:10 . 2009-01-08 13:18 -------- d-----w- c:\users\FrankTheTank\AppData\Roaming\Yahoo!
2010-03-13 05:06 . 2010-03-13 05:05 -------- d-----w- c:\programdata\Yahoo!
2010-03-13 05:06 . 2009-01-08 13:18 -------- d-----w- c:\program files\Yahoo!
2010-03-12 15:26 . 2008-07-16 00:38 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-11 08:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-11 08:03 . 2008-07-08 23:06 -------- d-----w- c:\programdata\Microsoft Help
2010-02-26 20:57 . 2009-06-10 20:48 -------- d-----w- c:\users\FrankTheTank\AppData\Roaming\teamspeak2
2010-02-25 16:08 . 2008-10-16 02:21 83288 ----a-w- c:\users\FrankTheTank\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 06:39 . 2010-04-07 10:36 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-07 10:36 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-04-07 10:36 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-04-07 10:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:39 . 2010-03-11 08:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37 . 2010-03-11 08:00 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:18 . 2010-03-11 08:00 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-15 13:31 . 2010-02-15 13:30 3206928 ----a-w- c:\programdata\Electronic Arts Inc\CNC4BetaPatch\LauncherUpdate_R15b.exe
2010-01-30 06:29 . 2010-01-30 06:29 485136 ----a-w- c:\programdata\Electronic Arts Inc\CNC4BetaPatch\LauncherUpdate_R13.exe
2010-01-29 20:17 . 2009-09-14 23:29 130987 ----a-w- c:\windows\hpoins12.dat
2010-01-27 04:07 . 2008-05-29 14:11 219752 ----a-w- c:\windows\system32\nvcohda.dll
2010-01-25 12:48 . 2010-02-25 01:45 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48 . 2010-02-25 01:45 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48 . 2010-02-25 01:45 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48 . 2010-02-25 01:45 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45 . 2010-02-25 01:45 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35 . 2010-02-25 01:45 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-25 01:45 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34 . 2010-02-25 01:45 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34 . 2010-02-25 01:45 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:44 . 2010-02-25 01:45 2048 ----a-w- c:\windows\system32\tzres.dll
2008-10-24 17:48 . 2008-10-22 09:14 1004 --sha-w- c:\windows\System32\sys_drv.dat
2008-10-16 02:20 . 2008-10-16 02:20 13 --sh--w- c:\windows\System32\drivers\fbd.sys
2008-10-16 02:20 . 2008-10-16 02:20 4 --sh--w- c:\windows\System32\drivers\taishop.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2009-11-09 23:38 2331672 ----a-w- c:\program files\Zynga\tbZyn0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-10-22 4608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"NDSTray.exe"="NDSTray.exe" [BU]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2007-09-19 438272]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-24 7719456]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"PCMAgent"="c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-02-14 184320]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
c:\users\FrankTheTank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
OneNote Table Of Contents.onetoc2 [2008-10-22 3656]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
R3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\DRIVERS\AVerBDA716x.sys [2008-06-23 1020160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-10-15 99376]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-04-14 c:\windows\Tasks\User_Feed_Synchronization-{68E27D7A-C028-4BD8-B654-ABED91F1B527}.job
- c:\windows\system32\msfeedssync.exe [2010-04-07 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-04-14 14:48
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86B0EAC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x83714322
\Driver\ACPI -> acpi.sys @ 0x80699d4c
\Driver\atapi -> ataport.SYS @ 0x82edc9a8
\Driver\iaStor -> iaStor.sys @ 0x82e3d78c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2579318607-1803140385-2259442151-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:84,46,77,1a,7c,21,1c,1e,af,08,70,2a,b3,64,a2,5f,5e,43,0b,8c,18,ec,f7,
08,8c,2d,cf,f8,1b,14,d5,08,7b,da,6e,c7,03,4b,1d,51,a4,5f,bb,13,0f,45,1c,99,\
"??"=hex:47,54,40,b3,66,19,cc,bf,71,ac,3b,3b,e2,eb,01,9a
[HKEY_USERS\S-1-5-21-2579318607-1803140385-2259442151-1000\Software\SecuROM\License information*]
"datasecu"=hex:64,ed,34,97,f3,7b,16,07,cf,83,50,15,75,0e,c4,07,89,5b,2b,3f,25,
59,1a,c9,f0,00,11,27,eb,63,d3,af,94,f4,d8,ce,12,e0,cb,50,0a,4d,8e,a2,a5,56,\
"rkeysecu"=hex:eb,f5,d7,1c,bf,f0,bf,1f,c5,f1,c8,20,b1,a7,76,e3
.
Completion time: 2010-04-14 14:51:42
ComboFix-quarantined-files.txt 2010-04-14 18:51
ComboFix2.txt 2010-04-13 22:49
ComboFix3.txt 2010-04-13 07:34
Pre-Run: 59,896,147,968 bytes free
Post-Run: 59,893,948,416 bytes free
- - End Of File - - 7E586E3035786430E3EA2849C85E06DA
 
Much better, now run malwarebytes and then hiajackthis so we can take care of the redirects. Post hijackthis log here
 
Ran Malwarebytes and it found 18 things and got rid of them all. I did still get redirected when opening IE though. Here is the Hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:26:29 AM, on 4/15/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\FrankTheTank\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Personalized Start Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 12372 bytes
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
N
Your computer appears to be correctly configured, but the device or resource (DNS server) is not responding"
Replies
0
Views
4K
nev
N
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
Back
Top Bottom