How to remove boot.tidserv?

I have a laptop I use at college and most searches are being redirected to other unwanted websites.
It has WindowsXP sp3, malwarebytes and Norton Security suite. Malwarebytes is constantly blocking outgoing access.

I removed the laptop's HD and installed it as USB in my home computer to scan for viruses. Norton finds BOOT.TIDSERV but it is unable to remove it.
I reinstalled the HD in the laptop and try unsucessfully to run both RKILL and TDSKiller as advised from previous posts. RKILL displays a brief CMD windows (1/2 second)and disappears, leaving no text file. TDSKiller does not even starts.

TKS, Dilson.

Hello Dilson.

Please run these and post back the logs.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log
• List Installed Programs
• List Devices
• List Users, Partitions and Memory size.
• List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please download TDSSKiller.zip and and extract it.

• Run TDSSKiller.exe.
• Click Start scan.
• When it is finished the utility outputs a list of detected objects with description.
  The utility automatically selects an action (Cure or Delete) for malicious objects.
  The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
• Let reboot if needed and tell me if the tool needed a reboot.
• Click on Report and post the contents of the text file that will open.
  
  Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1 <<<== Use this one first.

Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
  For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

• If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
• If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

• Make sure the "Perform Quick Scan" option is selected.
• Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
• Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware

Hi, Boopme.

1- Results from MiniToolBox:

MiniToolBox by Farbar
Ran by Me (administrator) on 01-01-2012 at 14:34:10
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

802.11b/g Mini Card Wireless Adapter = Wireless Network Connection (Connected)
Realtek RTL8102E Family PCI-E Fast Ethernet NIC = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : your-0d10610b06

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.fl.comcast.net.



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : hsd1.fl.comcast.net.

Description . . . . . . . . . . . : 802.11b/g Mini Card Wireless Adapter

Physical Address. . . . . . . . . : 00-21-85-86-86-F9

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.5.108

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.5.1

DHCP Server . . . . . . . . . . . : 192.168.5.1

DNS Servers . . . . . . . . . . . : 75.75.75.75

75.75.76.76

Lease Obtained. . . . . . . . . . : Sunday, January 01, 2012 1:50:10 PM

Lease Expires . . . . . . . . . . : Monday, January 02, 2012 1:50:10 PM



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8102E Family PCI-E Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-21-85-E4-A3-5C

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 74.125.115.106, 74.125.115.103, 74.125.115.147, 74.125.115.99
74.125.115.105, 74.125.115.104



Pinging google.com [74.125.113.147] with 32 bytes of data:



Reply from 74.125.113.147: bytes=32 time=43ms TTL=52

Reply from 74.125.113.147: bytes=32 time=44ms TTL=52



Ping statistics for 74.125.113.147:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 43ms, Maximum = 44ms, Average = 43ms

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 98.139.180.149, 209.191.122.70



Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



Reply from 72.30.2.43: bytes=32 time=94ms TTL=50

Reply from 72.30.2.43: bytes=32 time=95ms TTL=50



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 94ms, Maximum = 95ms, Average = 94ms

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 21 85 86 86 f9 ...... 802.11b/g Mini Card Wireless Adapter - Packet Scheduler Miniport
0x3 ...00 21 85 e4 a3 5c ...... Realtek RTL8102E Family PCI-E Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.5.1 192.168.5.108 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.5.0 255.255.255.0 192.168.5.108 192.168.5.108 25
192.168.5.108 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.5.255 255.255.255.255 192.168.5.108 192.168.5.108 25
224.0.0.0 240.0.0.0 192.168.5.108 192.168.5.108 25
255.255.255.255 255.255.255.255 192.168.5.108 192.168.5.108 1
255.255.255.255 255.255.255.255 192.168.5.108 3 1
Default Gateway: 192.168.5.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/31/2011 08:20:10 AM) (Source: Application Error) (User: )
Description: Faulting application services.exe, version 5.1.2600.5755, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00065848.
Processing media-specific event for [services.exe!ws!]

Error: (12/29/2011 05:13:51 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978.
Processing media-specific event for [explorer.exe!ws!]

Error: (12/26/2011 10:23:00 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978.
Processing media-specific event for [explorer.exe!ws!]

Error: (12/26/2011 06:41:21 PM) (Source: Microsoft Office 11) (User: )
Description: Rejected Safe Mode action : Microsoft Office Word.

Error: (12/25/2011 03:08:12 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (12/25/2011 03:08:09 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (01/01/2012 01:50:27 PM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (12/30/2011 10:45:45 PM) (Source: 0) (User: )
Description: MSHOME :1d192.168.5.108192.168.5.102

Error: (12/30/2011 10:40:35 PM) (Source: 0) (User: )
Description: MSHOME :1d192.168.5.108192.168.5.102

Error: (12/30/2011 10:35:25 PM) (Source: 0) (User: )
Description: MSHOME :1d192.168.5.108192.168.5.102

Error: (12/30/2011 10:44:48 AM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (12/29/2011 11:31:31 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.5.108 for the Network Card with network address 002185E4A35C has been
denied by the DHCP server 192.168.5.1 (The DHCP Server sent a DHCPNACK message).

Error: (12/29/2011 06:18:48 AM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\DOCUME~1\Me\LOCALS~1\Temp\nssD.tmp\NasDetectPlugin.dll.
Reference error message: The operation completed successfully.
.

Error: (12/29/2011 06:18:47 AM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC90.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (12/29/2011 06:18:47 AM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (12/29/2011 04:37:42 AM) (Source: System Error) (User: )
Description: Error code 1000000a, parameter1 967cd4f2, parameter2 00000002, parameter3 00000001, parameter4 80522d11.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Photoshop Elements 2.0 (Version: 2.0)
Adobe Reader 8.1.2 (Version: 8.1.2)
Bluetooth Stack for Windows by Toshiba (Version: v6.00.03)
BurnRecovery (Version: 1.00.0613)
Intel® Graphics Media Accelerator Driver
LaserJet 1020 series
MagicCute Data Recovery 2011.1
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Memeo Instant Backup (Version: 4.60.0.7916)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
MiniTool Partition Wizard Home Edition 7.0
Norton Security Suite (Version: 5.1.0.29)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.16.0001)
Realtek High Definition Audio Driver (Version: 5.10.0.5618)
Seagate Dashboard (Version: 1.1.0.1548)
System Control Manager (Version: 2.0208.0807.001)
Ulead Burn.Now 4.5 (Version: 4.5.0)
Ulead Burn.Now 4.5 SE (Version: 4.5.0)
USB 2.0 Card Reader (Version: 1.0.0.0)
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Atheros (AR5416) Net (04/08/2008 7.6.0.200) (Version: 04/08/2008 7.6.0.200)
Windows Driver Package - Ralink Technology, Corp. (RT80x86) Net (05/19/2008 1.01.03.0000) (Version: 05/19/2008 1.01.03.0000)
Windows Driver Package - Realtek (rtl8187Se) Net (07/10/2008 5.9067.0710.2008) (Version: 07/10/2008 5.9067.0710.2008)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
WinRAR archiver
WinTree
WinZip 11.1 (Version: 11.1.7466)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 2037.23 MB
Available physical RAM: 1192.73 MB
Total Pagefile: 3929.42 MB
Available Pagefile: 3137.92 MB
Total Virtual: 2047.88 MB
Available Virtual: 1961.28 MB

========================= Partitions: =====================================

1 Drive c: (OS_Install) (Fixed) (Total:107.88 GB) (Free:16.18 GB) NTFS
2 Drive d: (USB20FD) (Removable) (Total:7.53 GB) (Free:7.43 GB) FAT32
3 Drive x: (GoFlex Home Public) (Network) (Total:1863.01 GB) (Free:1861.75 GB) NTFS
4 Drive y: (GoFlex Home Backup) (Network) (Total:1863.01 GB) (Free:1861.75 GB) NTFS
5 Drive z: (GoFlex Home Personal) (Network) (Total:1863.01 GB) (Free:1861.75 GB) NTFS

========================= Users: ========================================

User accounts for \\YOUR-0D10610B06

Administrator Guest HelpAssistant
Me SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini122911-01.dmp

**** End of log ****

2- The program TDSSKiller refuses to run on this laptop, neither from the desktop nor from an external drive. When I double-click it, nothing happens. It runs fine in other computers in the house, though.
3- The log from MBAM is as follows:

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.31.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Me :: YOUR-0D10610B06 [administrator]

Protection: Enabled

1/1/2012 3:15:35 PM
mbam-log-2012-01-01 (15-15-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 179923
Time elapsed: 4 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


4- As a final note, MalwareBytes keeps popping this message:

Malwarebytes Anti-Malware
Successfully blocked access to a potential malicious website: 206.161.121.2
These IP addresses varies from 206.161.121.3 to 206.161.121.4

Thank-you,
Dilson.

Hello,I removed the accidental double post.

Tou have 2 of these installed.
Ulead Burn.Now 4.5 (Version: 4.5.0)
Ulead Burn.Now 4.5 SE (Version: 4.5.0)

Remove one or both and reinstall one.


For TDSS...
Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.

Thank-you, Boopme.

It seems as if the new FixTDSS took care of my issue. My searches are not redirected to some obscure site anylonger; now I get exactly the results I search for and Malwarebytes is not indicating any malicious activities.
After running FixTDSS I got the following scan result:
***infected MBR detected
I clicked "repair" and the message says the repair was sucessful.

Thank-you again. I can now use this laptop at college for the spring term, starting in two days from now.

Dilson

You're welcome,, That would be it hthe trouble maker in the MBR. Sometimes there are remnants. Please do these last steps so you will br OK at school.
In Control Panel ,,Add/remove ...remove >> Adobe Reader 8.1.2 (Version: 8.1.2)

Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional

>>>>>>>>>>>>>>>>
I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
• Check
• Click the button.
• Accept any security warnings from your browser.
• Under scan settings, check and check Remove found threats
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Push the button.
• Push

NOTE: In some instances if no malware is found there will be no log produced.



If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

• Go to Start > Programs > Accessories > System Tools and click "System Restore".
• Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

• Then use Disk Cleanup to remove all but the most recently created Restore Point.
• Go to Start > Run and type: Cleanmgr
• Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
• Click the "More Options" tab, then click the "Clean up" button under System Restore.
• Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
• Click Yes, then click Ok.
• Click Yes again when prompted with "Are you sure you want to perform these actions?"
• Disk Cleanup will remove the files and close automatically.

Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:

• Simple and easy ways to keep your computer safe.
• How did I get infected?, With steps so it does not happen again!.
• Hardening Windows Security - Part 1 & Part 2.
• Configuring Internet Explorer for Practical Security and Privacy - How to Secure Your Web Browser.
• Your Guide To Staying Safe Online.
• Use Task Manager to close pop-up messages to safely exit malware attacks.

• Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

• Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:

• USB-Based Malware Attacks.
• When is AUTORUN.INF really an AUTORUN.INF?.
• Please disable Autorun asap!.

Hello there!

I'm new and I know this post is old but I was hoping somebody could help.

Here are the results from the mimitoolbox:

iniToolBox by Farbar Version: 18-01-2012
Ran by Marty (administrator) on 29-04-2012 at 20:21:25
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Could not flush the DNS Resolver Cache: Function failed during execution.




========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Connected)
Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : toshiba-user

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection

Physical Address. . . . . . . . . : 00-18-DE-53-5F-4B

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.102

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

Lease Obtained. . . . . . . . . . : Sunday, April 29, 2012 8:09:34 PM

Lease Expires . . . . . . . . . . : Monday, April 30, 2012 8:09:34 PM



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-A0-D1-5A-BA-AD

Server: UnKnown
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.225.73, 74.125.225.78, 74.125.225.64, 74.125.225.65
74.125.225.66, 74.125.225.67, 74.125.225.68, 74.125.225.69, 74.125.225.70
74.125.225.71, 74.125.225.72



Pinging google.com [74.125.225.67] with 32 bytes of data:



Reply from 74.125.225.67: bytes=32 time=79ms TTL=55

Reply from 74.125.225.67: bytes=32 time=81ms TTL=55



Ping statistics for 74.125.225.67:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 79ms, Maximum = 81ms, Average = 80ms

Server: UnKnown
Address: 192.168.2.1

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 209.191.122.70



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=158ms TTL=48

Reply from 98.139.183.24: bytes=32 time=116ms TTL=48



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 116ms, Maximum = 158ms, Average = 137ms

Server: UnKnown
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 de 53 5f 4b ...... Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
0x3 ...00 a0 d1 5a ba ad ...... Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.102 192.168.1.102 20
192.168.1.0 255.255.255.0 192.168.1.102 192.168.1.102 25
192.168.1.102 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.102 192.168.1.102 25
224.0.0.0 240.0.0.0 192.168.1.102 192.168.1.102 25
255.255.255.255 255.255.255.255 192.168.1.102 3 1
255.255.255.255 255.255.255.255 192.168.1.102 192.168.1.102 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/29/2012 07:11:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4093

Error: (04/29/2012 07:11:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4093

Error: (04/29/2012 07:11:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/29/2012 07:11:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1968

Error: (04/29/2012 07:11:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1968

Error: (04/29/2012 07:11:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/29/2012 06:18:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 46750

Error: (04/29/2012 06:18:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 46750

Error: (04/29/2012 06:18:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/29/2012 06:18:37 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 44781


System errors:
=============
Error: (04/29/2012 08:12:36 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.

Error: (04/29/2012 08:10:27 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort1

Error: (04/29/2012 08:09:40 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated unexpectedly. It has done this 1 time(s).

Error: (04/29/2012 08:09:32 PM) (Source: Service Control Manager) (User: )
Description: The Kodak Camera Connection Software service failed to start due to the following error:
%%2

Error: (04/29/2012 08:09:32 PM) (Source: Service Control Manager) (User: )
Description: The Kodak DCFS2K Driver service failed to start due to the following error:
%%2

Error: (04/29/2012 07:39:21 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated unexpectedly. It has done this 1 time(s).

Error: (04/29/2012 07:39:15 PM) (Source: Service Control Manager) (User: )
Description: The Kodak Camera Connection Software service failed to start due to the following error:
%%2

Error: (04/29/2012 07:39:14 PM) (Source: Service Control Manager) (User: )
Description: The Kodak DCFS2K Driver service failed to start due to the following error:
%%2

Error: (04/29/2012 07:11:19 PM) (Source: Service Control Manager) (User: )
Description: The Kodak Camera Connection Software service failed to start due to the following error:
%%2

Error: (04/29/2012 07:11:18 PM) (Source: Service Control Manager) (User: )
Description: The Kodak DCFS2K Driver service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (07/01/2009 10:18:58 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/01/2009 10:18:48 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/01/2009 10:18:26 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

6300 (Version: 71.0.215.000)
6300_Help (Version: 71.0.215.000)
6300Trb (Version: 71.0.215.000)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 10 Plugin (Version: 10.0.12.36)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.233)
Adobe Reader 9.5.1 (Version: 9.5.1)
Adobe Shockwave Player 11 (Version: 11)
AiO_Scan_CDA (Version: 71.0.215.000)
AiOSoftwareNPI (Version: 71.0.215.000)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
avast! Free Antivirus (Version: 7.0.1426.0)
BlackBerry Desktop Software 6.0 (Version: 6.0.0.43)
BlackBerry Device Software Updater (Version: 5.0.1.17)
Blasterball 2 Revolution (Version: WT004723)
Bonjour (Version: 3.0.0.10)
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Tool
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.7.2.11)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon Internet Library for ZoomBrowser EX (Version: 1.6.3.9)
Canon MOV Decoder (Version: 1.5.0.7)
Canon MOV Encoder (Version: 1.3.1.3)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.4.1.9)
Canon MP Navigator EX 4.0
Canon MP495 series MP Drivers
Canon MP495 series User Registration
Canon My Printer
Canon Solution Menu EX
Canon Utilities Digital Photo Professional 3.8 (Version: 3.8.1.0)
Canon Utilities EOS Utility (Version: 2.8.1.0)
Canon Utilities Original Data Security Tools (Version: 1.8.0.1)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities Picture Style Editor (Version: 1.7.0.0)
Canon Utilities WFT Utility (Version: 3.5.1.1)
Canon Utilities ZoomBrowser EX (Version: 6.5.1.15)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.3.0.4)
CardRd81 (Version: 4.00.0000.0004)
CCHelp (Version: 4.00.0000.0001)
CCleaner (Version: 3.17)
CCScore (Version: 4.00.0001.0001)
CD/DVD Drive Acoustic Silencer (Version: 1.00.008)
CR2 (Version: 4.00.0000.0003)
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell DJ Explorer
Desktop Dialer
Destinations (Version: 70.0.170.000)
DeviceManagementQFolder (Version: 1.00.0000)
DocProc (Version: 7.0.0.0)
DocProcQFolder (Version: 1.00.0000)
DocumentViewer (Version: 70.0.170.000)
DocumentViewerQFolder (Version: 1.00.0000)
DVD-RAM Driver (Version: 5.0.2.5)
ESSAdpt (Version: 4.00.0001.0001)
ESSANUP (Version: 4.00.0001.0001)
ESSBrwr (Version: 4.00.0000.0001)
ESSCAM (Version: 4.00.0001.0001)
ESSCDBK (Version: 4.00.0001.0001)
ESScore (Version: 4.00.0001.0001)
ESSCT (Version: 4.00.0000.0001)
ESSgui (Version: 4.00.0000.0004)
ESShelp (Version: 4.00.0000.0003)
ESSini (Version: 4.00.0001.0001)
ESSPCD (Version: 4.00.0000.0001)
ESSPDock (Version: 4.00.0002.0001)
ESSSONIC (Version: 4.00.0000.0003)
ESSTUTOR (Version: 4.00.0000.0003)
ESSvpaht (Version: 4.00.0000.0003)
ESSvpot (Version: 4.00.0000.0001)
eSupportQFolder (Version: 1.00.0000)
Facebook Plug-In
Fax_CDA (Version: 71.0.215.000)
GemMaster Mystic
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.57)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HLPCCTR (Version: 4.00.0000.0003)
HLPIndex (Version: 4.00.0000.0003)
HLPPDOCK (Version: 4.00.0000.0002)
HLPRFO (Version: 4.00.0000.0004)
HP Document Viewer 7.0 (Version: 7.0)
HP Imaging Device Functions 7.0 (Version: 7.0)
HP Photosmart, Officejet and Deskjet 7.0.A
HP Solution Center 7.0 (Version: 7.0)
ImgBurn (Version: 2.5.6.0)
InstantShareDevicesMFC (Version: 70.0.170.000)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4543)
Intel® PROSet/Wireless Software (Version: 10.50.0000)
InterVideo WinDVD Creator 2 (Version: 2.0.14.400)
InterVideo WinDVD for TOSHIBA (Version: 5.0-B11.561)
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
Kodak EasyShare software
KSU (Version: 632.62.0002.0001)
Mah Jong Quest (Version: WT009953)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
McAfee Security Scan Plus (Version: 2.1.121.2)
mCore (Version: 7.00.0000)
mDrWiFi (Version: 7.00.0000)
MemTurbo 4
mHelp (Version: 7.00.0000)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft UI Engine (Version: 4.0.0318.1)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727)
Microsoft Works (Version: 08.05.0818)
mIWA (Version: 7.00.0000)
mLogView (Version: 7.00.0000)
mMHouse (Version: 7.00.0000)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 5.0.1 (x86 en-US) (Version: 5.0.1)
mPfMgr (Version: 7.00.0000)
mPfWiz (Version: 7.00.0000)
mProSafe (Version: 9.00.0000)
MSN
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Musicmatch® Jukebox (Version: 10.00.3030)
mWlsSafe (Version: 9.00.0000)
mXML (Version: 7.00.0000)
mZConfig (Version: 7.00.0000)
Netflix Movie Viewer (Version: 1.2.211)
NewCopy_CDA (Version: 71.0.215.000)
Notifier (Version: 4.00.0000.0001)
OCR Software by I.R.I.S 7.0 (Version: 7.0)
Office 2003 Trial Assistant (Version: 1.0.0)
Orbit Downloader
OTtBP (Version: 4.00.0000.0003)
OTtBPSDK (Version: 4.00.0000.0000)
Otto
PanoStandAlone (Version: 70.0.170.000)
PCDLNCH (Version: 4.00.0001.0001)
Picasa 3 (Version: 3.8)
ProductContextNPI (Version: 71.0.215.000)
Readme (Version: 71.0.215.000)
RealPlayer Basic
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5288)
Revo Uninstaller Pro 2.5.3 (Version: 2.5.3)
Scan (Version: 7.0.0.0)
ScannerCopy (Version: 7.0.0.0)
SD Secure Module (Version: 1.0.4)
SFR (Version: 3.03.0001.0002)
SFR2 (Version: 3.03.0000.0002)
SolutionCenter (Version: 70.0.170.000)
Sonic Encoders (Version: 1.00)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Status (Version: 70.0.170.000)
Synaptics Pointing Device Driver (Version: 10.0.11.2)
Toolbox (Version: 70.0.170.000)
TOSHIBA Assist
TOSHIBA ConfigFree (Version: 5.90.07)
TOSHIBA Controls
TOSHIBA Direct Disc Writer (Version: 1.0.0.9b)
TOSHIBA Disc Creator (Version: 1.0.0.21)
TOSHIBA Game Console
TOSHIBA Hotkey Utility (Version: 1.00.01PL)
Toshiba Media Center Game Console (Version: 1.0.0)
TOSHIBA PC Diagnostic Tool (Version: 3.2.3)
TOSHIBA Power Saver (Version: 7.03.07.I)
TOSHIBA Recovery Disc Creator (Version: 1.0.0.6a)
Toshiba Registration (Version: 1.00.0000)
TOSHIBA SD Memory Card Format (Version: 2.2.0.0)
TOSHIBA Software Modem (Version: 2.1.68 (SM2168ALD05))
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility (Version: 1.00.01PL)
TOSHIBA Utilities (Version: 1.00.05PL)
TOSHIBA Virtual Sound (Version: 1.03.13)
TOSHIBA Zooming Utility
Touch and Launch
TrayApp (Version: 70.0.170.000)
Unload (Version: 7.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
URGE (Version: 1.1.8115.0)
VCAMCEN (Version: 4.00.0001.0002)
Viewpoint Media Player
VPRINTOL (Version: 4.00.0000.0001)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 70.0.170.000)
WildTangent Web Driver
Winamp (Version: 5.621 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Internet Explorer 7 (Version: 20061027.150806)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Format 11 runtime
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 56%
Total physical RAM: 501.96 MB
Available physical RAM: 218.39 MB
Total Pagefile: 1225.37 MB
Available Pagefile: 686.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.02 MB

========================= Partitions: =====================================

1 Drive c: (SQ004207P01) (Fixed) (Total:74.23 GB) (Free:28.09 GB) NTFS

========================= Users: ========================================

User accounts for \\TOSHIBA-USER

Administrator ASPNET Guest
HelpAssistant Marty SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

For some reason I can't get TDSSKiller.exe to scan.

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.28.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Marty :: TOSHIBA-USER [administrator]

Protection: Enabled

4/29/2012 8:53:02 PM
mbam-log-2012-04-29 (20-53-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232593
Time elapsed: 27 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

After TDSS I also want you to run ESET from post 6

***infected MBR detected

C:\Documents and Settings\Marty\My Documents\My Music\OrbitSetup4.1.02.exe Win32/OpenCandy application deleted - quarantined

Everything seems to be running good! Where do I make a donation?

If you'd like to contribute something that would be very much appreciated..
Make a donation to some people here that would appreciate it. They help or developed some of the tools we use here to clean computers,train people here in malware removal or are ajust hard workers.

I am still adding to this list.

farbar
fireman4it
JSntgRvr
m0le
myrti
sempai
Thunder
SweetTech