Need Help - Virus

[Untouch]

Holy crap there's alot more to do, dam.
I will do it after I finish some work.

Edit: Updated with logs:

Code:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\Users\Peter\AppData\Local\Temp\neaoxrscwm.exe not found.
C:\Users\Peter\AppData\Local\Temp\lFtEnd.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Peter
->Temp folder emptied: 840848690 bytes
->Temporary Internet Files folder emptied: 195101611 bytes
->Java cache emptied: 185108 bytes
->FireFox cache emptied: 96872748 bytes
->Flash cache emptied: 126802 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 2428680 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8467291 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50534 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,091.00 mb


OTM by OldTimer - Version 3.1.17.1 log created on 10282010_195236

Files moved on Reboot...
C:\Users\Peter\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

ESET log:

Code:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=e16a10d287599147a494bbe147c020a8
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-28 08:10:55
# local_time=2010-10-28 09:10:55 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16777213 100 75 2947938 17551174 0 0
# compatibility_mode=5893 16776574 100 94 6135363 40757704 0 0
# compatibility_mode=8192 67108863 100 0 175 175 0 0
# scanned=192945
# found=2
# cleaned=2
# scan_time=4000
C:\Users\Peter\AppData\Local\VirtualStore\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul    Win32/Dursg.A trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Users\Peter\AppData\Roaming\2E6C5AEB0A74A68919A38810C4B77857\local.ini    Win32/Adware.AntimalwareDoctor.AE.Gen application (cleaned by deleting - quarantined)    00000000000000000000000000000000    C

hijackthis log:

Code:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:31:34, on 28/10/2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100915010709.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKCU\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2630905953-320564568-2076093293-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2630905953-320564568-2076093293-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16776 bytes

[Quintus]

Any other issues? Please post fresh logs at PasteBin for a final check.

[Untouch]

Nope, it all seems to be fine now. Thanks
http://pastebin.com/Kuv0ykvi

[Quintus]

Add in new DDS logs please.

[Untouch]

DDS: http://pastebin.com/muYETupu

Attach: http://pastebin.com/B4ZKnZCx

[Quintus]

• Step 5
  
  System Restore maintains a backup of your programs however it may also backup infections therefore constant flushing is required to create a clean Restore Point.
  
  
  1. On the Start Menu, right-click Computer > Properties > System Protection link.
     
  2. Click Configure.
     
  3. Click Delete > Continue > OK.
     
  4. You are now back at the System Protection Tab.
     
  5. Click Create > <Any Title Here> > Create.
     
  6. A prompt should tell you that it was successful. Click Close.
     
  7. Click OK.
     
  8. System Restore will be working again and will have a new Restore Point.

• Step 6
  
  Besides compromising network security, their association with illegal file-sharing creates legal liabilities for their employers. More often than not, companies aren't aware of software license violations and other infractions their workers commit through file-sharing.
  
  More from 'this' article.
  
  
  I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer. Your system is at risk. Even if you are using a safe P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
  
  I strongly recommend that you uninstall the following program(s) present in your system through Add or Remove Programs for Windows XP and Programs and Features for Vista and Windows 7:

• • µTorrent
  
  Note: If you choose not to remove the program(s), please do not use them until this computer is clean.
  
  Here is the list of Safe and Unsafe P2P Programs.
  
  Clean

• • Ares
    
  • Azureus 2.5.0.0
    
  • BitComet
    
  • Bittorrent
    
  • E-Mule
    
  • Frostwire
    
  • Limewire
    
  • µTorrent
  
  Unsafe

• • Azureus Vuze
    
  • BearShare
    
  • Bitlord
    
  • BittorrentUltra
    
  • iMesh
  
  You can see more of that 'here'.

• Step 7
  
  
  Looking at your log, I have seen that you have the program(s) below installed. I highly suggest a removal through Add or Remove Programs or Programs and Features. I am asking you this for I have seen negative feedback from users. Should the program(s) in question be utterly clean, no such comment should be seen. Take this as a pre-cautionary measure. Better safe than sorry.
  
  The list below shows the program(s) with poor or flawed reputation that you currently have installed in your system:

• • vShare Plugin
  
  Please respond back if you encounter difficulties uninstalling the program(s).

• Step 8
  
  Your current copy of Java Runtime Environment is outdated. Older versions contain vulnerabilities therefore it is essential that you update it.

• • To get the latest version of Java please go 'here'.
    
  • Go to 'Start' > 'Control Panel' > 'Programs and Features'.
    
  • Search in the list for all previous installed versions of Java. You currently have:
    • Java™ 6 Update 17
  • Choose 'Uninstall'.
    
  • Now install the version(s) you downloaded earlier.

• Step 9
  
  Please run HijackThis. Click 'Do a system scan only' and place a check next to the following line(s) if present:
  
  O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
  O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
  
  Then, close all other open windows and click 'Fix Checked'. You are to reboot your system afterwards.

• In your next post, please provide the following:
  • A Fresh HijackThis (HJT) Log

• Format of Response
  
  
  Code:

  [color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]

[color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]

[color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]

[color=#00BFFF][b]Link To Requested Logs:[/b][/color]

[Untouch]

Just finished step 8. Going out driving now so I'll do step 9 and post the log in just over 1 hour 30mins.

[Untouch]

Ok, here's the new log: http://pastebin.com/5x9hWamr

[Quintus]

Required Clean-Ups

★ CleanUp! With OT Move It (OTM) by Old Timer ★

This will remove all temporary files stored in your computer and as well as the files generated by the specialised tools I instructed you to use.

• For Windows Vista and Windows 7:
  • Download OT Move It (OTM) by Old Timer 'here' and save it to your Desktop. Please click the Go (Arrow Button) or press Enter in the URL address bar to start the download.
    
  • Please double-click OTM to run it.
    
  • No programs other than OTM should be running; we will perform a reboot after.
    
  • On the interface, click the Cleanup! button.
    
  • Select Yes after the prompt and wait for the reboot.

★ Make Internet Explorer Less Vulnerable ★

I ask that you do not disregard this step whether you are using Internet Explorer or not as your main browser. Please be advised that though you don't seem to be using this, I can assure you that most of your everyday applications uses this browser's technology to update thereby solidifying the necessity to update it. Do not leave a single component of your system vulnerable.

• • At Internet Explorer's interface navigate to Tools > Internet Options.
    
  • Click once on the Security > Internet > Custom Level buttons.
    
  • Change the following to the designated modifications.
    • ActiveX Controls and Plug-Ins
      • Download Signed ActiveX Controls > Prompt
        
      • Download Unsigned ActiveX Controls > Disable
        
      • Initialise And Script ActiveX Controls Not Marked As Safe > Disable
    • Miscellaneous
      • Installation Of Desktop Items > Prompt
        
      • Launching Programs And Files In An iFrame > Prompt
        
      • Navigate Sub-frames Across Different Domains > Prompt
  • When all these settings have been made, click on the OK button.
    
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    
  • Next press the Apply button and then the OK to exit the Internet Properties page.

★ Set A Clean System Restore Point ★

This is done to prevent possible reinfection. Your System Restore Points need to be constantly flushed the reason being the infections residing in your system once could have been, more or less, saved in one of your Restore Points. System Restore is a protected directory; your tools can not access it to delete these files. Re-infection is imminent if this is left unattended. Now, after successfully cleaning your system, creating a clean Restore Point is essential in case you will ever need a clean backup.

• For Windows 7

• 1. On the Start Menu, right-click Computer > Properties > System Protection link.
     
  2. Click Configure.
     
  3. Click Delete > Continue > OK.
     
  4. You are now back at the System Protection Tab.
     
  5. Click Create > <Any Title Here> > Create.
     
  6. A prompt should tell you that it was successful. Click Close.
     
  7. Click OK.
     
  8. System Restore will be working again and will have a new Restore Point.

A Quick Summary To Prevent Reinfection

1. Install an anti-virus and keep it updated. Run complete system scans.

"An antivirus (or anti-virus) software is used to prevent, detect, and remove malware, including computer viruses, worms, and Trojan horses. Such programs may also prevent and remove adware, spyware, and other forms of malware".

You have to make sure you have an anti-virus installed. Update your anti-virus everyday to make sure it has the latest signatures. Yes, updating is essential in maintaining your computer. The latest updates will ensure the integrity of your chosen program. Some paid anti-viruses even offer hourly updates and the reason for this is clear - malware gets advanced and new variants are detected in a short span of time. In addition to updating, perform a complete scan weekly. You might think you don't need it however you do. Don't rely on your instincts that your system is clean.

2. Install and maintain a good firewall.

"A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices which is configured to permit or deny computer applications based upon a set of rules and other criteria."

Make sure you have a firewall installed. A firewall helps monitor connections both inward and outbound. If you have not installed a firewall yet, please be advised that the pre-installed firewall that you have is not much of a protection against attacks. A firewall helps monitor connections both inward and outbound therefore having a specialised firewall is essential.

3. Update Java Runtime Environment.

"The Java Runtime Environment (JRE), also known as Java Runtime, is part of the Java Development Kit (JDK), a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java application; it consists of the Java Virtual Machine (JVM), core classes, and supporting files. "

You must make sure your Java is up to date. Older versions have vulnerabilities that can be exploited. Follow the steps below to update Java.

For Vista and Windows 7:

• • To get the latest version of Java please go 'here'.
    
  • Go to 'Start' > 'Control Panel' > 'Programs and Features' or 'Uninstall a Program'.
    
  • Search in the list for all previous installed versions of Java. You currently have:
    • Java™ 6 Update *
      
    • Java™ SE Development Kit 6 Update *
  • Choose 'Uninstall'.
    
  • Now install the version(s) you downloaded earlier.

4. Clear Temporary files.

• Click 'here' to download ATF-Cleaner by Atribune. Save it to your Desktop.

• • Double-click ATF-Cleaner.exe and select 'Run' when prompted to execute the program.
    
  • Under the 'Main' tab, please check the 'Select All' box.
    
  • Press the 'Empty Selected' button.
    • If you are using Firefox as your browser:
      • Click the 'Firefox' tab at the top and check the 'Select All' box.
        
      • Press the 'Empty Selected' button.
        
      • Note: If you wish to keep your saved passwords, click 'No' at the next prompt.
  • • If you are using Opera as your browser:
      • Click the 'Opera' tab at the top and check the 'Select All' box.
        
      • Press the 'Empty Selected' button.
        
      • Note: If you wish to keep your saved passwords, click 'No' at the next prompt.
  • Click 'Exit' on the 'Main' tab to close the program.

5. Keep your computer updated.

You may currently have an outdated Windows Operating System. It is highly recommended you install the latest updates as these are extremely important which contain fixes for several bugs and security issues that attackers exploit. Always make sure that you are protected on all sides. Microsoft offers these updates free of charge. I present to you the option to perform the update.

• • Running Windows Update
    • Go to the 'Official Microsoft Windows Update' site using the latest version of Internet Explorer.
      
      1. On the Tools menu in Internet Explorer, click Internet Options.
         
      2. Click the Security tab.
         
      3. Click the Trusted Sites icon, and then click Sites....
         
      4. Uncheck the Require Server Verification checkbox.
         
      5. Make sure the following URLs are listed in the Web Sites list box:
         
         Code:

         http://*.windowsupdate.microsoft.com
http://*.windowsupdate.com
  • • • A pop-up will automatically open.
        
      • If the pop-up failed to open, click the Start button, click All Programs, and then click Windows Update.
        
      • Install the Important Updates and reboot as required.

6. Prevention is better than any cure.

Constant vigilance is your number one tool. Aside from keeping in mind safe surfing habits, specific tools are there to further enhance your security. The good thing is that they are free, reliable and low on system resources. Even having them running together won't slow down your system. To download, simply click on the name of each software.

► CCleaner

CCleaner is a freeware system optimization, privacy and cleaning tool. CCleaner is the number-one tool for cleaning your Windows PC. It protects your privacy online and makes your computer faster and more secure. Easy to use and a small, fast download.

• Run CCleaner regularly, suggestively after you are done browsing or using your system for the day as it cleans temporary files such as cookies that may prove harmful.
  • Open CCleaner.
    • On the CCleaner tab, select Analyze and wait for the analysation.
      • Click on the Run Cleaner button.
    • On the Registry tab, select Scan For Issues and wait until it finishes.
      • Select Fix Selected Issues > No > Fix All Selected Issues > Close.

► MVPS Hosts

MVPS Hosts helps to protect your Privacy and Security by blocking sites that may track your viewing habits. In many cases using a well designed HOSTS file can speed the loading of web pages by not having to wait for these ads, annoying banners, hit counters, etc. to load. This also helps to protect your Privacy and Security by blocking sites that may track your viewing habits, also known as "click-thru tracking" or Data Miners. Simply using a HOSTS file is not a cure-all against all the dangers on the Internet, but it does provide another very effective "Layer of Protection".

• Make sure to check the MVPS Hosts 'site' for updates monthly.

► SpywareBlaster

Spywareblaster prevents the installation of ActiveX-based spyware and other potentially unwanted programs. SpywareBlaster can help keep your system secure, without interfering with the "good side" of the web. And unlike other programs, SpywareBlaster does not have to remain running in the background. It works alongside the programs you have to help secure your system.

• Update SpywareBlaster everyday as it adds a list of restricted sites and cookies.
  • Open SpywareBlaster.
    
  • Click Updates > Check For Updates.
    
  • If updates are available, refresh the entries by going to Protection Status > Enable All Protection.

► WinPatrol

WinPatrol's Host-based Intrusion Prevention System (HIPS) takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. WinPatrol was the pioneer in using a heuristic behavioral approach to detecting attacks and violations of your computing environment. It continues to be the most powerful system monitor for its small memory footprint.

• Watch for WinPatrol alerts. It will monitor any unwanted changes to your system, such as startup programs and Active X additions.

7. Ask questions.

• If you have any other questions, please post them on this thread. Else, use the Report button and report my post as Lock Request.

Thank you,
Quintus

[єץє]

Nice post there Quintus :O