HJT Log...Need assistance please :)

[Jenerren]

Hi, Ok, This is a long story lol. So, a few months ago I went to log onto my game (runescape) and someone had changed my password. I did all the usual things, scanned my computer with Avast and spybot and even had a person in the computer industry check it over to see if it was compromised in any way. He didn't find anything but obviously it had been compromised. So fast forward to today, the account in the above mentioned game has once again been compromised, now, I'm not worried about the game at all...I'm worried about my personal banking details, etc being used because obviously someone is finding my passwords out. I'm assuming it is a key logger. Oh, I also opened up my task manager and looked over each process that was running and all were legit. I am extremely stumped at how this individual is getting my passwords. I am the only person that uses my computer, I do not log onto that game at any other computer and I'm not connected to the internet wirelessly.   I really need to figure this out, it drives me crazy that someone is invading my privacy so any help at all is EXTREMELY APPRECIATED!    So here's my log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:15 PM, on 11/3/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\ehome\ehmsas.exe
C:\Users\Jennifer\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Tray Temperature] C:\PROGRA~1\AWS\MiniBug.exe 1
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\partner.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9281 bytes

[Derek]

I am pretty sure this is the keylogger

O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\partner.exe

If you have previously or already installed Combofix, delete any existing version of ComboFix you have sitting on your desktop

Please read and follow all these instructions very carefully

Download ComboFix from Here to your Desktop.

**Note:  It is important that it is saved directly to your desktop  and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

• Very Important! Temporarily disable your anti-virus and  anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
• Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  
• Remember to re enable the protection again after combofix has finished
  

--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running

Double click on combofix.exe & follow the prompts.

If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this
When finished, it will produce a report for you. 
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.

[Jenerren]

Hi, so I followed all of your directions. Thank you so much for helping me out So here are the results of the scans: (When I ran HijackThis I got this message: For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may not be able to fix this. I don't know if that's relevant or not.)

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:15 PM, on 11/3/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\ehome\ehmsas.exe
C:\Users\Jennifer\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Tray Temperature] C:\PROGRA~1\AWS\MiniBug.exe 1
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\partner.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9281 bytes

And the combo fix log:

ComboFix 09-11-04.02 - Jennifer 11/04/2009 15:23.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2813.1945 [GMT -5:00]
Running from: c:\users\Jennifer\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2036848099-160209580-2947422689-500
c:\$recycle.bin\S-1-5-21-2103767596-3858802898-114832178-500
c:\users\Jennifer\autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2009-10-04 to 2009-11-04  )))))))))))))))))))))))))))))))
.

2009-11-04 20:41 . 2009-11-04 20:43   --------   d-----w-   c:\users\Jennifer\AppData\Local\temp
2009-11-04 20:41 . 2009-11-04 20:41   --------   d-----w-   c:\users\Default\AppData\Local\temp
2009-11-04 02:41 . 2009-11-04 02:41   --------   d-----w-   c:\program files\Trend Micro
2009-11-03 03:08 . 2009-11-03 03:08   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-10-27 12:19 . 2009-10-27 12:19   --------   d-----w-   c:\programdata\AIM
2009-10-27 12:19 . 2009-10-27 12:19   8192   d-----w-   c:\program files\AIM
2009-10-27 12:19 . 2009-10-27 12:19   --------   d-----w-   c:\program files\Common Files\Software Update Utility
2009-10-27 12:18 . 2009-05-08 12:53   604672   ----a-w-   c:\windows\system32\WMSPDMOD.DLL
2009-10-15 20:29 . 2009-10-15 20:29   --------   d-----w-   c:\users\Jennifer\AppData\Local\Grubby Games
2009-10-13 16:12 . 2009-11-04 01:04   --------   d-----w-   c:\users\Jennifer\AppData\Local\AIM
2009-10-06 13:13 . 2009-10-07 15:38   40960   d-----w-   c:\users\Jennifer\games

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-04 16:49 . 2009-02-10 03:42   38   ----a-w-   c:\users\Jennifer\jagex_runescape_preferences.dat
2009-11-04 16:40 . 2009-09-02 16:11   63   ----a-w-   c:\users\Jennifer\jagex_runescape_preferences2.dat
2009-11-03 03:08 . 2008-05-05 18:33   4096   d-----w-   c:\program files\Java
2009-10-27 16:18 . 2009-05-06 22:13   1   ----a-w-   c:\users\Jennifer\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-10-27 12:19 . 2009-03-13 23:58   --------   d-----w-   c:\program files\Common Files\AOL
2009-10-25 20:53 . 2009-02-21 18:04   4096   d-----w-   c:\programdata\Spybot - Search & Destroy
2009-10-20 03:27 . 2009-02-09 23:59   16384   d-----w-   c:\users\Jennifer\AppData\Roaming\Azureus
2009-10-19 17:45 . 2009-03-18 17:28   4096   d-----w-   c:\program files\HP Games
2009-10-19 17:44 . 2009-03-18 18:09   --------   d-----w-   c:\program files\WildGames
2009-10-05 15:50 . 2009-10-05 15:50   --------   d-----w-   c:\program files\Microsoft
2009-10-01 14:29 . 2009-10-03 00:31   195440   ------w-   c:\windows\system32\MpSigStub.exe
2009-09-28 16:34 . 2009-03-11 21:42   10686001   ----a-w-   c:\users\Jennifer\AppData\Roaming\Azureus\plugins\azump\mplayer.exe
2009-09-28 16:32 . 2009-03-11 20:15   4096   d-----w-   c:\program files\Vuze
2009-09-28 12:08 . 2009-02-21 18:04   8192   d-----w-   c:\program files\Spybot - Search & Destroy
2009-09-14 04:07 . 2009-09-14 04:07   --------   d-----w-   c:\users\Jennifer\AppData\Roaming\Friday's games
2009-09-14 04:04 . 2009-09-14 04:01   --------   d-----w-   c:\users\Jennifer\AppData\Roaming\Wildgames_DressUpRush
2009-09-14 02:17 . 2008-05-05 18:00   8192   d--h--w-   c:\program files\InstallShield Installation Information
2009-09-09 11:56 . 2006-11-02 11:18   4096   d-----w-   c:\program files\Windows Mail
2009-08-29 00:27 . 2009-09-03 00:41   4240384   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-03 00:41   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
2009-08-17 16:10 . 2009-07-24 12:33   1279456   ----a-w-   c:\windows\system32\aswBoot.exe
2009-08-17 16:05 . 2009-07-24 12:34   114768   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-07-24 12:34   20560   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:05 . 2009-07-24 12:33   53328   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2009-08-17 16:04 . 2009-07-24 12:34   51376   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-07-24 12:34   23152   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:02 . 2009-07-24 12:34   97480   ----a-w-   c:\windows\system32\AvastSS.scr
2009-08-14 21:04 . 2009-08-14 21:04   239088   ----a-w-   c:\users\Jennifer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-08-14 16:27 . 2009-09-09 11:46   904776   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 11:46   17920   ----a-w-   c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 11:46   9728   ----a-w-   c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 11:46   17920   ----a-w-   c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 11:46   11264   ----a-w-   c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 11:46   27136   ----a-w-   c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 11:46   8704   ----a-w-   c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 11:46   19968   ----a-w-   c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 11:46   10240   ----a-w-   c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 11:46   30720   ----a-w-   c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 11:46   105984   ----a-w-   c:\windows\system32\netiohlp.dll
2009-02-09 18:22 . 2009-02-09 18:22   13   --sh--r-   c:\windows\System32\drivers\fbd.sys
2009-02-09 18:21 . 2009-02-09 18:21   4   --sh--r-   c:\windows\System32\drivers\taishop.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-07-18 133104]
"Aim"="c:\program files\AIM\aim.exe" [2009-10-01 3634024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-03 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-08 6037504]
"NDSTray.exe"="NDSTray.exe" [BU]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-21 1826816]

c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-3 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):a7,27,36,a0,6d,e2,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2036848099-160209580-2947422689-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [7/24/2009 7:34 AM 114768]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [1/20/2009 8:24 PM 20384]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [7/24/2009 7:34 AM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [7/24/2009 7:33 AM 53328]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [4/17/2008 2:19 AM 40960]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2/21/2009 1:04 PM 1153368]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [12/3/2007 8:03 PM 126976]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/13/2009 6:59 PM 24652]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [5/5/2008 1:06 PM 7168]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [4/24/2008 9:35 PM 73728]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [1/20/2009 8:23 PM 954368]
S3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [1/20/2009 8:35 PM 110576]
S3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDRV.SYS [5/16/2008 12:59 PM 9216]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2036848099-160209580-2947422689-1000Core.job
- c:\users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-18 20:39]

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2036848099-160209580-2947422689-1000UA.job
- c:\users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-18 20:39]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-Tray Temperature - c:\progra~1\AWS\MiniBug.exe
HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-04 15:44
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???p?IZ???8 ??`  

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-11-04 15:50
ComboFix-quarantined-files.txt  2009-11-04 20:50

Pre-Run: 109,987,057,664 bytes free
Post-Run: 146,689,929,216 bytes free

[Derek]

Download the attached CFScript.txt  and save it to your  desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop  in the list of selections in that window & press save)
Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished
Close any open browsers
Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

 



 

This will start ComboFix again.  It may ask to reboot.  Post the contents of Combofix.txt in your next reply together with a new HijackThis log.


Note: these instructions and script were created specifically for this user.  If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum

This will create a zip file inside C:\QooBox\quarantine named something like  [38]-Submit_2008-01-17@17.50.zip 

at the end it will pop up an alert  & open your browser and  ask you to send the zip file

please follow those instructions. We need to see the zip file before we can carry on with the fix

If there is no pop up alert or open browser then

please go to  http://www.thespykiller.co.uk/index.php?board=1.0 and upload these files so I can examine them and if needed distribute them to antivirus companies.
Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to  upload the files ( do not post HJT logs there as they will not get dealt with)

Files to submit:
the zip file  inside C:\QooBox\quarantine created by combofix named something like  [38]-Submit_2008-01-17@17.50.zip 

or to
http://www.bleepingcomputer.com/submit-malware.php?channel=38

[Jenerren]

So this is what happened when I did as you instructed. I did the combo fix thing, it rebooted my computer and as it was creating a log, my computer shut down improperly and when i started it again normally I got this message :

Problem signature:
  Problem Event Name:   BlueScreen
  OS Version:   6.0.6002.2.2.0.768.3
  Locale ID:   1033

Additional information about the problem:
  BCCode:   f4
  BCP1:   00000003
  BCP2:   85DD9A38
  BCP3:   85DD9B84
  BCP4:   8203C650
  OS Version:   6_0_6002
  Service Pack:   2_0
  Product:   768_1

Files that help describe the problem:
  C:\Windows\Minidump\Mini110509-01.dmp
  C:\Users\Jennifer\AppData\Local\temp\WER-77080-0.sysdata.xml
  C:\Users\Jennifer\AppData\Local\temp\WER8F63.tmp.version.txt
-----------------------------------------------------------------------------------
So I ran HijackThis and got the log but I do not have a log available for combo fix because I was unsure of running it again. I submitted the zip file to bleepingcomputer.com. I did not create a new topic and post it here because I assume you meant submit it to one or the other. Also, what about checking the MBR and the Bios? I was told to ask this question lol.
-----------------------------------------------------------------------------------
Here's the log file from HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:16 AM, on 11/5/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AIM\aim.exe
C:\Users\Jennifer\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7776 bytes

[Derek]

lets see what this shows

download gmer rootkit detector from http://gmer.net

unzip it & double click the gmer.exe file

it will do a quick scan automatically, when that finishes,

select the rootkit tab & press scan

when it has finished press copy & post back the log it makes

[Jenerren]

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-05 13:05:09
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Jennifer\AppData\Local\Temp\pwtirkow.sys


---- User code sections - GMER 1.0.15 ----

.text           C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtCreateFile + 6               773943DA 4 Bytes  [28, 00, 05, 00]
.text           C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtCreateFile + B               773943DF 1 Byte  [E2]
.text           C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenFile + 6                 77394BBA 4 Bytes  [68, 00, 05, 00]
.text           C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenFile + B                 77394BBF 1 Byte  [E2]
.text           C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenProcess + 6              77394C3A 4 Bytes  [A8, 01, 05, 00]
.text           C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenProcess + B              77394C3F 1 Byte  [E2]
.text           C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenProcessToken + 6         77394C4A 4 Bytes  CALL 76395150 C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)
.text           C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenProcessToken + B         77394C4F 1 Byte  [E2]
.text           C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenProcessTokenEx + 6       77394C5A 4 Bytes  [A8, 02, 05, 00]
.text           C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenProcessTokenEx + B       77394C5F 1 Byte  [E2]
.text           C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenThread + 6               77394CAA 4 Bytes  [68, 01, 05, 00]
.text           C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenThread + B               77394CAF 1 Byte  [E2]
.text           C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenThreadToken + 6          77394CBA 4 Bytes  [68, 02, 05, 00]
.text           C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenThreadToken + B          77394CBF 1 Byte  [E2]
.text           C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenThreadTokenEx + 6        77394CCA 4 Bytes  CALL 763951D1 C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)
.text           C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenThreadTokenEx + B        77394CCF 1 Byte  [E2]
.text           C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtQueryAttributesFile + 6      77394D5A 4 Bytes  [A8, 00, 05, 00]
.text           C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtQueryAttributesFile + B      77394D5F 1 Byte  [E2]
.text           C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtQueryFullAttributesFile + 6  77394E0A 4 Bytes  CALL 7639530F C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)
.text           C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtQueryFullAttributesFile + B  77394E0F 1 Byte  [E2]
.text           C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtSetInformationFile + 6       773952EA 4 Bytes  [28, 01, 05, 00]
.text           C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtSetInformationFile + B       773952EF 1 Byte  [E2]
.text           C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtSetInformationThread + 6     7739533A 4 Bytes  [28, 02, 05, 00]
.text           C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtSetInformationThread + B     7739533F 1 Byte  [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\system32\services.exe[648] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]        00130002
IAT             C:\Windows\system32\services.exe[648] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW]              00130000
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                   [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]                     [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]      [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]                     [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]       [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]                    [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                      [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]                      [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]                   [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]                 [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]                   [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]      [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]                     [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW]                     [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]                    [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]       [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]                      [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                      [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA]                     [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter]      [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW]                     [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]      [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA]                     [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW]                   [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW]                     [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]                    [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]                  [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                    [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]                  [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                    [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                    [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA]                    [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]                    [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW]                    [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExW]                   [005DD6FD] C:\Program Files\AIM\aim.exe (AOL Instant Messenger/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA]                [005DD68F] C:\Program Files\AIM\aim.exe (AOL Instant Messenger/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW]                    [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW]                  [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA]                    [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW]                   [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA]                   [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter]    [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA]                   [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA]                     [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1292] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter]      [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                               [73437817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                [7348A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                            [7343BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                      [7342F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                [734375E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                             [7342E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                 [73468395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                    [7343DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                            [7342FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                             [7342FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                              [734271CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                      [734BCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                         [7345C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                            [7342D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                      [73426853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                     [7342687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                        [73432AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                             Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                             Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                             aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                             aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

[Derek]

that isn't showing anything wrong

you can get a blue screen when removing in use drivers and I think that si what happened

reboot again and then run combofix again please so we see what it finds

[Jenerren]

Ok, do you want me to run it with the CFScript.txt or just run it normally?

[Derek]

just run it normally

[Would you do all this for nothing?]

You have come to The Spykiller for help because your Antivirus or Antispyware hasn't been able to fix your problem.

Modern Malware has become so involved and difficult to fix that it takes a very long time and a lot of hard work to read all the logs posted here and research and prepare the fixes for you. In many cases each part of the fix takes about 30 minutes to prepare, so a large part of my time is spent helping you

Would you do all this for nothing?

The reason I run this site is to raise funds for Hedgehog Rescue

Please donate if I have helped you or you have found this site useful.

You can donate safely and securely by using the paypal service, just click on one of the buttons below.

To donate in UK £

To donate in US$

To donate in Euro €

Any amount no matter how small is gratefully accepted and needed to ensure we keep the Rescue Centre running

To donate via paypal when the button doesn't appear or the link doesn't work: just go to www.paypal.com or your country's paypal log in page and chose send money and use help@thehedgehog.co.uk as recipient email address and select other service as the option. then follow prompts

[Information]

  
  Information
   Security & Protection Blog
   Prevention
   Using Autoruns
     System Restore
  Rss feeds
     Microsoft at Home
     MSRC
     Malware blog

Take the Kaspersky Challenge: See what your current antivirus is missing. Our free online virus scanner is a great way to find out if you have any viruses or spyware on your machine without having to uninstall your current antivirus software or install a new one.

Kaspersky Online Scanner

Most importantly, you can see what viruses your current antivirus software let slip through! Now works with ANY Java enabled browser