Troubling Virus

[Jester12]

I seem to have a BAD virus it keeps trying to keep me from updating my virus protection.
I have tried Norton , Panda , AGV, none of them seem to work right and they never find ANYTHING.
That in and of itself seems like a bad sign.

Here is my Hijackthis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:11:00 PM, on 6/30/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2012\Iface.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Feutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F19IOJ2A\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2012\Inicio.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Registry Repair Wizard Scheduler] "C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe" /startup
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)" -"http://www.mccsmiramar.com/"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsCtrlS.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2012\TPSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9711 bytes

Thank you for any help you can give,

[DamianLohrenz]

Your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help.  First Warning. Superdave.

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
******************************************************
Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
Registry Repair Wizard Scheduler
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners
************************************************
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O15 - Trusted Zone: http://*.mcafee.com

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
************************************************

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
************************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
***************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

[Jester12]

Here is the DDS report

.
DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Feutz at 18:52:43 on 2011-07-01
.
============== Running Processes ===============
.
C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Feutz\Downloads\dds.scr
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mWinlogon: Userinit=userinit.exe,
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1

and the attach file

.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
7-Zip 9.20
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.6
Adobe Shockwave Player
AIO_Scan
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AviSynth 2.5
BeerSmith 2
BeerSmith Brewing Software
Bonjour
BufferChm
Camera Assistant Software for Toshiba
CCleaner
CD/DVD Drive Acoustic Silencer
Compatibility Pack for the 2007 Office system
Copy
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
DVD MovieFactory for TOSHIBA
EA Download Manager UI
eSupportQFolder
F4100
F4100_doccd
F4100_Help
GearDrvs
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Product Assistant
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
Intel® Matrix Storage Manager
ISO Recorder
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) 6 Update 3
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.0.1200
McAfee Virtual Technician
mCorev32.ism_new
mCPlug
MediaCoder 0.6.1
mHelp
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft XML Parser
mMHouse
MobileMe Control Panel
Mozilla Firefox 4.0.1 (x86 en-US)
MpcStar 4.0
mPfMgr
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Napster
Napster Burn Engine
Norton 360
Norton Security Scan
Plants vs. Zombies
ProMash
PSSWCORE
QuickBooks Financial Center
QuickTime
RealPlayer
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.0
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Skype Toolbars
Skype™ 5.3
SolutionCenter
SPORE™
Status
SUPERAntiSpyware
Synaptics Pointing Device Driver
TomTom HOME 2.7.6.2056
TomTom HOME Visual Studio Merge Modules
Toolbox
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TrayApp
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Videora iPod Converter 5.04
VideoToolkit01
VirtualCloneDrive
Vuze
WebReg
WildTangent Games
Windows Live ID Sign-in Assistant
Windows Media Encoder 9 Series
.
==== End Of File ===========================

[Jester12]

And Malwarebytes found nothing.

All of this was done in Safe Mode if that matters.

[SuperDave]

Why are you running in Safe Mode?

Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL
Trusted Zone: internet
Trusted Zone: mcafee.com

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
**************************************************************
Please read here for more information about WildTangent. Your choice if you want to remove it or not.

If you choose to follow my advice, please follow these instructions.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

•WildTangent Web Driveror anything related to WildTangent.
**********************************************************
Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[Jester12]

Thats was the only way to get my computer to run without locking up after 30 seconds.
Now I can no longer get online with it , I have to use my desktop.
Here is what you requested

All processes killed
Error: Unable to interpret <Code: [Select]> in the current context!
========== OTL ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 2836 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Feutz
->Temp folder emptied: 198468 bytes
->Temporary Internet Files folder emptied: 3588766 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44689630 bytes
->Flash cache emptied: 419 bytes
 
User: Public
 
User: Robin
->Temp folder emptied: 738432 bytes
->Temporary Internet Files folder emptied: 49767954 bytes
->Java cache emptied: 33798 bytes
->Flash cache emptied: 5588 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 488536 bytes
Windows Temp folder emptied: 1575809 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 96.00 mb
 
 
OTL by OldTimer - Version 3.2.25.0 log created on 07032011_121109

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Once again Thank You for any help you can give.

[SuperDave]

Thats was the only way to get my computer to run without locking up after 30 seconds.

Are you sure it's not overheating? Is it dusty inside?
Did you try running ComboFix?

[Jester12]

Found out that all the past Antivirus programs had installed virtual hardware drivers and they were conflicting.
I uninstalled them and low and behold my computer ran long enough for Panda to find and kill the Malware.
I think........so far............ so good.

Once again Thank you for all the help you put out to the helpless ( ME! @ least)
I will be back if I find any more probs.

[SuperDave]

Found out that all the past Antivirus programs had installed virtual hardware drivers and they were conflicting.
I uninstalled them and low and behold my computer ran long enough for Panda to find and kill the Malware.
I think........so far............ so good.

Once again Thank you for all the help you put out to the helpless ( ME! @ least)
I will be back if I find any more probs.

We really should run some more scans to make sure it is clean.

[Jester12]

Sure, What scans do you want me to run?

[SuperDave]

You can start by running SAS and MBAM as instructed in Reply # 2 and also this one below.

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

[Jester12]

Mbam and SAS did not find anything at all.
and here is the log you asked for.

 Results of screen317's Security Check version 0.99.17 
 Windows Vista Service Pack 2 (UAC is enabled)
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 Panda Antivirus Pro 2012   
 Norton 360     
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 CCleaner     
 Java(TM) 6 Update 26 
 Java(TM) 6 Update 3 
 Out of date Java installed!
Flash Player Out of Date!
 Adobe Flash Player    10.0.12.36 
 Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Windows Defender MSASCui.exe
 Panda Security Panda Antivirus Pro 2012 psksvc.exe 
 Panda Security Panda Antivirus Pro 2012 TPSrv.exe 
 Panda Security Panda Antivirus Pro 2012 PsCtrlS.exe 
 Panda Security Panda Antivirus Pro 2012 PavFnSvr.exe 
 Panda Security Panda Antivirus Pro 2012 pavsrvx86.exe 
 Panda Security Panda Antivirus Pro 2012 AVENGINE.EXE 
 Panda Security Panda Antivirus Pro 2012 PsImSvc.exe 
 Panda Security Panda Antivirus Pro 2012 ApVxdWin.exe 
 Panda Security Panda Antivirus Pro 2012 Iface.exe 
 Panda Security Panda Antivirus Pro 2012 PAVJOBS.EXE 
 Windows Defender MSASCui.exe   
``````````End of Log````````````

[SuperDave]

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
******************************************************
You should uninstall Java(TM) 6 Update 3 It's no longer needed.

Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[Jester12]

 ComboFix 11-07-10.03 - Feutz 07/10/2011   9:15.1.2 - x86
Running from: c:\users\Feutz\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\_rise_of_the_scarrid.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\msconfig.exe
c:\windows\system32\no
c:\windows\system32\SV
c:\windows\system32\SV\toscdspd.cpl.mui
.
.
(((((((((((((((((((((((((   Files Created from 2011-06-10 to 2011-07-10  )))))))))))))))))))))))))))))))
.
.
2011-07-10 16:36 . 2011-07-10 16:36   --------   d-----w-   c:\users\Robin\AppData\Local\temp
2011-07-10 16:36 . 2011-07-10 16:36   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-07-09 22:15 . 2011-07-09 22:15   --------   d-----w-   c:\program files\ConduitEngine
2011-07-09 22:14 . 2011-07-09 22:14   --------   d-----w-   c:\users\Feutz\AppData\Local\Conduit
2011-07-09 22:14 . 2011-07-09 22:14   --------   d-----w-   c:\program files\Vuze_Remote
2011-07-09 16:37 . 2011-07-09 16:37   --------   d-----w-   C:\found.005
2011-07-09 16:30 . 2011-07-09 16:30   --------   d-----w-   C:\40d9b26e2a8b3f767a
2011-07-09 03:07 . 2011-07-10 16:13   179428   ----a-w-   c:\windows\system32\drivers\APPFCONT.DAT
2011-07-09 03:07 . 2010-09-09 23:23   193864   ----a-w-   c:\windows\system32\drivers\idsflt.sys
2011-07-09 03:07 . 2009-09-25 21:54   46856   ----a-w-   c:\windows\system32\drivers\wnmflt.sys
2011-07-09 03:07 . 2009-09-25 21:54   53256   ----a-w-   c:\windows\system32\drivers\dsaflt.sys
2011-07-09 03:06 . 2011-01-31 23:41   83528   ----a-w-   c:\windows\system32\drivers\APPFLT.SYS
2011-07-09 03:06 . 2009-09-25 21:54   22024   ----a-w-   c:\windows\system32\drivers\fnetmon.sys
2011-07-09 03:06 . 2009-09-25 21:54   159112   ----a-w-   c:\windows\system32\drivers\NETFLTDI.SYS
2011-07-08 22:15 . 2011-06-20 15:57   7074640   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{39B46583-8D1C-412D-8F9B-1A6B8892B1F2}\mpengine.dll
2011-07-07 10:00 . 2011-07-07 10:00   --------   d-----w-   C:\ef60c58cdd1f56bf95401cfaf20940ef
2011-07-07 00:18 . 2011-07-07 00:18   --------   d-----w-   C:\78584a5e440f81cc72
2011-07-05 10:00 . 2011-07-05 10:00   --------   d-----w-   C:\760eb5305c2b3efcab91dcc17084bd
2011-07-04 23:18 . 2011-07-04 23:18   --------   d-----w-   C:\found.004
2011-07-04 22:45 . 2011-07-04 22:45   --------   d-----w-   c:\windows\system32\x64
2011-07-04 22:45 . 2008-02-12 03:13   920088   ----a-w-   c:\windows\system32\igxpun.exe
2011-07-03 18:51 . 2011-07-03 18:51   --------   d-----w-   c:\users\Feutz\AppData\Local\Panda Security
2011-07-03 18:45 . 2010-06-23 01:13   26696   ----a-w-   c:\windows\system32\drivers\pavboot.sys
2011-07-03 18:45 . 2007-03-16 02:38   54832   ----a-w-   c:\windows\system32\pavcpl.cpl
2011-07-03 18:45 . 2003-10-23 01:23   446464   ----a-w-   c:\windows\system32\HHActiveX.dll
2011-07-03 18:45 . 2010-06-22 00:02   193344   ----a-w-   c:\windows\system32\TpUtil.dll
2011-07-03 18:45 . 2010-06-22 00:01   520000   ----a-w-   c:\windows\system32\PavSHook.dll
2011-07-03 18:45 . 2010-06-22 00:01   87360   ----a-w-   c:\windows\system32\PavLspHook.dll
2011-07-03 18:45 . 2010-06-22 00:01   55616   ----a-w-   c:\windows\system32\pavipc.dll
2011-07-03 18:45 . 2007-02-08 17:53   107568   ----a-w-   c:\windows\system32\SYSTOOLS.DLL
2011-07-03 18:44 . 2011-07-03 18:45   --------   d-----w-   c:\program files\Panda Security
2011-07-03 18:44 . 2011-07-03 18:44   --------   d-----w-   c:\windows\system32\PAV
2011-07-03 18:44 . 2011-07-03 18:44   --------   d-----w-   c:\users\Feutz\AppData\Roaming\Panda Security
2011-07-03 18:44 . 2011-07-03 18:44   --------   d-----w-   c:\programdata\Panda Security
2011-07-03 18:44 . 2010-09-01 18:09   201032   ----a-w-   c:\windows\system32\drivers\neti1644.sys
2011-07-03 18:44 . 2010-05-21 20:50   54344   ----a-w-   c:\windows\system32\drivers\amm8660.sys
2011-07-03 18:44 . 2010-03-24 19:55   55552   ----a-w-   c:\windows\system32\avldr.dll
2011-07-01 20:05 . 2011-07-01 20:05   388096   ----a-r-   c:\users\Feutz\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-01 01:28 . 2011-07-01 01:28   --------   d-----w-   c:\users\Feutz\AppData\Roaming\SUPERAntiSpyware.com
2011-07-01 01:28 . 2011-07-01 01:28   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-07-01 01:28 . 2011-07-01 01:28   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-06-30 13:03 . 2011-06-30 13:03   --------   d-----w-   C:\d6aaef27f533ca95ed452bdd47deb9
2011-06-30 04:59 . 2011-06-30 04:59   --------   d-----w-   C:\60dd7279dace78af16
2011-06-29 14:05 . 2011-06-29 14:05   --------   d-----w-   C:\6bd801315f181fe169cd3798
2011-06-29 13:14 . 2011-06-29 13:14   --------   d-----w-   C:\058d8e97ce6d35b88fe00fef6563
2011-06-29 00:42 . 2011-06-29 00:43   --------   d-----w-   C:\SMCLPAV
2011-06-28 12:54 . 2005-04-04 06:02   753664   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-06-28 12:54 . 2005-04-04 06:02   69714   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-06-28 12:54 . 2005-04-04 06:01   274432   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-06-28 12:54 . 2005-04-04 06:00   184320   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-06-28 12:54 . 2005-04-04 05:59   5632   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-06-28 12:54 . 2011-06-28 12:54   200836   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-06-28 12:54 . 2011-06-28 12:54   331908   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-06-26 17:25 . 2011-07-05 05:12   --------   d-----w-   c:\users\Feutz\AppData\Roaming\QuickScan
2011-06-26 17:22 . 2011-06-26 17:22   --------   d-----w-   c:\users\Feutz\AppData\Local\Mozilla
2011-06-26 14:44 . 2011-06-26 14:44   --------   d-----w-   C:\a8b79eb2bb60353fc6
2011-06-25 16:25 . 2011-06-25 16:32   --------   d-----w-   c:\users\Feutz\AppData\Local\ElevatedDiagnostics
2011-06-20 17:40 . 2011-06-20 17:40   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-06-19 20:15 . 2011-06-19 20:15   --------   d-----w-   c:\program files\BeerSmith2
2011-06-19 16:28 . 2011-06-19 16:28   --------   d-----w-   C:\5cee7e0f1b01fbec51c15a1462
2011-06-19 14:16 . 2011-06-20 17:41   --------   d-----w-   c:\program files\Common Files\Java
2011-06-19 14:16 . 2011-06-19 14:16   --------   d-----w-   C:\4756e36812682c0f88ddac0bd9665fb6
2011-06-19 13:54 . 2011-06-19 13:54   --------   d-----w-   C:\found.003
2011-06-19 01:08 . 2011-06-19 01:08   --------   d-----w-   C:\found.002
2011-06-17 01:28 . 2011-06-17 01:28   --------   d-----w-   C:\found.001
2011-06-17 00:52 . 2011-04-14 14:59   75264   ----a-w-   c:\windows\system32\drivers\dfsc.sys
2011-06-17 00:52 . 2011-04-21 13:58   273408   ----a-w-   c:\windows\system32\drivers\afd.sys
2011-06-17 00:52 . 2011-04-29 13:25   146432   ----a-w-   c:\windows\system32\drivers\srv2.sys
2011-06-17 00:52 . 2011-04-29 13:25   102400   ----a-w-   c:\windows\system32\drivers\srvnet.sys
2011-06-17 00:37 . 2011-06-17 00:37   --------   d-----w-   c:\users\Robin\AppData\Roaming\AVG10
2011-06-16 02:54 . 2011-06-16 02:59   --------   d-----w-   c:\users\Feutz\AppData\Roaming\AVG
2011-06-16 02:08 . 2010-12-20 16:35   563712   ----a-w-   c:\windows\system32\oleaut32.dll
2011-06-16 02:08 . 2011-05-02 17:16   739328   ----a-w-   c:\windows\system32\inetcomm.dll
2011-06-16 02:08 . 2011-04-29 13:24   214016   ----a-w-   c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 02:08 . 2011-04-29 13:24   79872   ----a-w-   c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 02:08 . 2011-04-29 13:24   106496   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 02:08 . 2011-05-02 12:02   2409784   ----a-w-   c:\program files\Windows Mail\OESpamFilter.dat
2011-06-16 01:03 . 2011-06-16 01:03   --------   d-----w-   C:\$AVG
2011-06-16 00:29 . 2011-06-16 00:29   --------   d--h--w-   c:\programdata\Common Files
2011-06-16 00:27 . 2011-06-30 00:21   --------   d-----w-   c:\programdata\AVG10
2011-06-16 00:16 . 2011-07-01 00:28   --------   d-----w-   c:\program files\AVG
2011-06-16 00:11 . 2011-06-30 00:21   --------   d-----w-   c:\programdata\MFAData
2011-06-15 17:59 . 2011-07-04 21:14   --------   d-----w-   c:\programdata\Norton
2011-06-15 00:54 . 2011-06-15 00:54   --------   d-----w-   c:\program files\Trend Micro
2011-06-13 22:38 . 2011-06-25 15:46   --------   d-----w-   c:\programdata\Kaspersky Lab
2011-06-13 22:38 . 2011-06-15 00:39   --------   d-----w-   c:\program files\Kaspersky Lab
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 12:52 . 2011-06-02 12:52   161792   ----a-w-   c:\windows\system32\msls31.dll
2011-06-02 12:52 . 2011-06-02 12:52   1126912   ----a-w-   c:\windows\system32\wininet.dll
2011-06-02 12:52 . 2011-06-02 12:52   86528   ----a-w-   c:\windows\system32\iesysprep.dll
2011-06-02 12:52 . 2011-06-02 12:52   76800   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2011-06-02 12:52 . 2011-06-02 12:52   74752   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2011-06-02 12:52 . 2011-06-02 12:52   63488   ----a-w-   c:\windows\system32\tdc.ocx
2011-06-02 12:52 . 2011-06-02 12:52   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2011-06-02 12:52 . 2011-06-02 12:52   367104   ----a-w-   c:\windows\system32\html.iec
2011-06-02 12:52 . 2011-06-02 12:52   74752   ----a-w-   c:\windows\system32\iesetup.dll
2011-06-02 12:52 . 2011-06-02 12:52   23552   ----a-w-   c:\windows\system32\licmgr10.dll
2011-06-02 12:52 . 2011-06-02 12:52   152064   ----a-w-   c:\windows\system32\wextract.exe
2011-06-02 12:52 . 2011-06-02 12:52   150528   ----a-w-   c:\windows\system32\iexpress.exe
2011-06-02 12:52 . 2011-06-02 12:52   1427456   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-06-02 12:52 . 2011-06-02 12:52   420864   ----a-w-   c:\windows\system32\vbscript.dll
2011-06-02 12:52 . 2011-06-02 12:52   35840   ----a-w-   c:\windows\system32\imgutil.dll
2011-06-02 12:52 . 2011-06-02 12:52   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2011-06-02 12:52 . 2011-06-02 12:52   1797632   ----a-w-   c:\windows\system32\jscript9.dll
2011-06-02 12:52 . 2011-06-02 12:52   142848   ----a-w-   c:\windows\system32\ieUnatt.exe
2011-06-02 12:52 . 2011-06-02 12:52   11776   ----a-w-   c:\windows\system32\mshta.exe
2011-06-02 12:52 . 2011-06-02 12:52   101888   ----a-w-   c:\windows\system32\admparse.dll
2011-06-02 12:52 . 2011-06-02 12:52   110592   ----a-w-   c:\windows\system32\IEAdvpack.dll
2011-05-29 16:11 . 2011-03-30 00:03   39984   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-25 02:14 . 2010-06-27 01:40   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-04-14 16:26 . 2011-06-26 17:22   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 23:54   175912   ----a-w-   c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 23:54   175912   ----a-w-   c:\program files\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2008-07-04 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-30 4911104]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-26 413696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE" [2011-04-13 1000768]
"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2012\Inicio.exe" [2011-02-02 70464]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2010-03-24 19:55   55552   ----a-w-   c:\windows\System32\avldr.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Feutz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Feutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 12:15   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-21 01:15   1826816   ----a-w-   c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-02-06 23:25   202256   ----a-w-   c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38   247144   ----a-w-   c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Persistence"=c:\windows\system32\igfxpers.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"SmoothView"=%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R0 30587362;30587362 Boot Guard Driver;c:\windows\system32\DRIVERS\30587362.sys

R1 30587361;30587361;c:\windows\system32\DRIVERS\30587361.sys

R1 setup_9.0.0.722_17.06.2011_02-59drv;setup_9.0.0.722_17.06.2011_02-59drv;c:\windows\system32\DRIVERS\3058736.sys

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys

R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\UP_date\PEDrv.sys

R3 utkwnty5;AVZ Kernel Driver;c:\windows\system32\Drivers\utkwnty5.sys

S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2010-06-23 26696]
S1 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT.SYS [2011-01-31 83528]
S1 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT.SYS [2009-09-25 53256]
S1 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetmon.SYS [2009-09-25 22024]
S1 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT.SYS [2010-09-09 193864]
S1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETFLTDI.SYS [2009-09-25 21:54 159112]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8660.sys [2010-05-21 54344]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe [2010-08-16 28992]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\DRIVERS\neti1644.sys [2010-09-01 201032]
S3 PavSRK.sys;PavSRK.sys;c:\windows\system32\PavSRK.sys

S3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys

.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Feutz\AppData\Roaming\Mozilla\Firefox\Profiles\6ut3ou0q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
AddRemove-BeerSmith - d:\\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-10 09:36
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4017210073-3623525190-2501994021-1000\Software\SecuROM\License information*]
"datasecu"=hex:c4,80,29,ed,05,d0,45,d9,29,7e,6a,37,9e,64,ce,c2,e9,37,98,c4,c1,
   7a,60,54,48,c8,de,53,bb,04,84,f3,48,bf,48,d0,5c,7b,fb,b9,8f,53,3c,c9,29,d9,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-07-10  09:39:54
ComboFix-quarantined-files.txt  2011-07-10 16:39
.
Pre-Run: 64,629,080,064 bytes free
Post-Run: 64,618,516,480 bytes free
.
- - End Of File - - 9BA2BF4A39A7726341E7AE7D0F85015D

Hope this helps