Firefox tab opening itself randomly

I downloaded the TDSKiller.exe and run but not sort out the problem of firefox tab opening itself.

DragonMaster Jay wrote:

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:

• Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  
• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  
• If you have already asked for help somewhere, please post the link to the topic you were helped.
  
• We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:
  
  Reply to this topic with the word BUMP, or
  see this topic.
  
  
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

---

Please download TDSSKiller from here and save it to your Desktop.

• Doubleclick TDSSKiller.exe to run the tool
  
• Click the Start Scan button
  
• After the scan has finished, click the Close button
  
• Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Hello there.

ComboFix scan

Please download ComboFix by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:

• Close any open browsers.
  
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
  

Running ComboFix:

• Double click on ComboFix.exe & follow the prompts.
  
• When ComboFix finishes, it will produce a report for you.
  
• Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
  

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Hi,
Here is the log report.
ComboFix 12-10-09.01 - paras 10/10/2012 5:40.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4040.2038 [GMT 5.5:30]
Running from: c:\users\paras\Desktop\ComboFix.exe
AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: PC Tools Spyware Doctor with AntiVirus *Enabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\paras\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-09-10 to 2012-10-10 )))))))))))))))))))))))))))))))
.
.
2012-10-10 00:17 . 2012-10-10 00:17 -------- d-----w- c:\users\ReportServer\AppData\Local\temp
2012-10-10 00:17 . 2012-10-10 00:17 -------- d-----w- c:\users\MSSQLSERVER\AppData\Local\temp
2012-10-10 00:17 . 2012-10-10 00:17 -------- d-----w- c:\users\MSSQLFDLauncher\AppData\Local\temp
2012-10-05 01:28 . 2012-10-05 01:28 -------- d-----r- c:\users\paras\Podcasts
2012-09-25 00:55 . 2012-09-25 00:55 -------- d-----w- c:\windows\SysWow64\xlive
2012-09-25 00:55 . 2012-09-25 00:55 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-09-25 00:45 . 2012-10-10 00:16 -------- d-----w- c:\users\paras\AppData\Local\assembly
2012-09-15 01:51 . 2012-09-15 01:51 -------- d-----w- c:\users\paras\AppData\Roaming\CellularEmulator
2012-09-15 01:38 . 2012-09-15 01:39 -------- d-----w- c:\program files (x86)\Windows Mobile 6 SDK
2012-09-15 00:40 . 2012-09-15 00:40 -------- d-----w- c:\program files\Microsoft Device Emulator
2012-09-15 00:40 . 2012-09-15 00:40 -------- d-----w- c:\program files (x86)\Microsoft Device Emulator
2012-09-14 22:47 . 2012-09-14 22:47 -------- d-----w- c:\program files (x86)\NuGet 1.2
2012-09-14 22:33 . 2012-09-14 22:34 -------- d-----w- C:\Python27
2012-09-14 22:32 . 2012-09-14 22:32 -------- d-----w- c:\program files\Microsoft SDKs
2012-09-14 22:31 . 2012-09-14 22:31 -------- d-----w- c:\program files (x86)\Windows Kits
2012-09-14 22:28 . 2012-09-14 22:28 -------- d-----w- c:\program files (x86)\NuGet
2012-09-14 22:27 . 2012-09-14 22:28 -------- d-----w- c:\program files\IIS Express
2012-09-14 22:27 . 2012-09-14 22:28 -------- d-----w- c:\program files (x86)\IIS Express
2012-09-14 22:27 . 2012-09-14 22:27 -------- d-----w- c:\program files (x86)\Microsoft Web Tools
2012-09-14 22:25 . 2012-09-14 22:31 1131520 ----a-w- c:\programdata\Microsoft\VWDExpress\11.0\1033\ResourceCache.dll
2012-09-14 22:22 . 2012-09-14 22:22 -------- d-----w- c:\program files (x86)\Microsoft Help Viewer
2012-09-14 22:20 . 2012-09-14 22:24 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 11.0
2012-09-14 17:29 . 2012-09-14 17:29 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2012-09-14 17:29 . 2012-09-14 22:32 -------- d-----w- c:\programdata\Package Cache
2012-09-14 17:13 . 2012-09-14 17:13 -------- d-----w- c:\program files\Microsoft
2012-09-13 23:34 . 2012-09-13 23:34 -------- d-----w- C:\WebAppToolkitMobileVS2010
2012-09-11 03:18 . 2008-07-12 02:48 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-09-11 03:18 . 2012-09-11 03:18 -------- d-----w- c:\program files (x86)\Microsoft Expression
2012-09-11 03:18 . 2012-09-11 03:18 -------- d-----w- c:\program files (x86)\WPF Toolkit
2012-09-11 03:15 . 2010-02-04 04:31 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2012-09-11 03:15 . 2010-02-04 04:31 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2012-09-11 03:15 . 2010-02-04 04:31 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2012-09-11 03:15 . 2010-02-04 04:31 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2012-09-11 03:15 . 2009-03-09 09:57 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2012-09-11 03:15 . 2007-03-12 11:12 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll
2012-09-11 03:15 . 2009-09-04 11:59 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-09-11 03:15 . 2007-04-04 13:23 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2012-09-11 03:13 . 2012-09-11 03:13 -------- d-----w- c:\program files (x86)\Microsoft XNA
2012-09-11 03:10 . 2012-09-11 03:10 204224 ----a-w- c:\programdata\Microsoft\VPDExpress\10.0\1033\ResourceCache.dll
2012-09-11 03:00 . 2012-09-11 03:00 -------- d-----w- c:\program files (x86)\Microsoft XDE
2012-09-11 03:00 . 2009-09-04 11:59 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2012-09-11 03:00 . 2009-09-04 11:59 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-09-11 03:00 . 2009-09-04 11:59 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2012-09-11 03:00 . 2009-09-04 11:59 2582888 ----a-w- c:\windows\system32\D3DCompiler_42.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-23 01:27 . 2012-07-08 07:13 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-23 01:27 . 2012-07-08 07:13 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-14 22:47 . 2012-07-08 15:18 2438368 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-08-27 20:19 . 2012-09-04 00:00 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0DDC9EF6-DD5E-465E-BFB3-7F9E27FE91AA}\mpengine.dll
2012-07-26 13:38 . 2012-07-26 13:38 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2012-07-26 13:38 . 2012-07-26 13:38 837072 ----a-w- c:\windows\SysWow64\vcamp110d.dll
2012-07-26 13:38 . 2012-07-26 13:38 82888 ----a-w- c:\windows\SysWow64\mfcm110u.dll
2012-07-26 13:38 . 2012-07-26 13:38 82888 ----a-w- c:\windows\SysWow64\mfcm110.dll
2012-07-26 13:38 . 2012-07-26 13:38 8234952 ----a-w- c:\windows\SysWow64\mfc110ud.dll
2012-07-26 13:38 . 2012-07-26 13:38 821200 ----a-w- c:\windows\SysWow64\msvcp110d.dll
2012-07-26 13:38 . 2012-07-26 13:38 8164296 ----a-w- c:\windows\SysWow64\mfc110d.dll
2012-07-26 13:38 . 2012-07-26 13:38 74704 ----a-w- c:\windows\SysWow64\mfc110fra.dll
2012-07-26 13:38 . 2012-07-26 13:38 74704 ----a-w- c:\windows\SysWow64\mfc110deu.dll
2012-07-26 13:38 . 2012-07-26 13:38 73680 ----a-w- c:\windows\SysWow64\mfc110esn.dll
2012-07-26 13:38 . 2012-07-26 13:38 729560 ----a-w- c:\windows\SysWow64\vccorlib110d.dll
2012-07-26 13:38 . 2012-07-26 13:38 72656 ----a-w- c:\windows\SysWow64\mfc110ita.dll
2012-07-26 13:38 . 2012-07-26 13:38 70608 ----a-w- c:\windows\SysWow64\mfc110rus.dll
2012-07-26 13:38 . 2012-07-26 13:38 64976 ----a-w- c:\windows\SysWow64\mfc110enu.dll
2012-07-26 13:38 . 2012-07-26 13:38 53712 ----a-w- c:\windows\SysWow64\mfc110jpn.dll
2012-07-26 13:38 . 2012-07-26 13:38 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2012-07-26 13:38 . 2012-07-26 13:38 53200 ----a-w- c:\windows\SysWow64\mfc110kor.dll
2012-07-26 13:38 . 2012-07-26 13:38 46032 ----a-w- c:\windows\SysWow64\mfc110cht.dll
2012-07-26 13:38 . 2012-07-26 13:38 46032 ----a-w- c:\windows\SysWow64\mfc110chs.dll
2012-07-26 13:38 . 2012-07-26 13:38 4446152 ----a-w- c:\windows\SysWow64\mfc110u.dll
2012-07-26 13:38 . 2012-07-26 13:38 4411848 ----a-w- c:\windows\SysWow64\mfc110.dll
2012-07-26 13:38 . 2012-07-26 13:38 320976 ----a-w- c:\windows\SysWow64\vcamp110.dll
2012-07-26 13:38 . 2012-07-26 13:38 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2012-07-26 13:38 . 2012-07-26 13:38 1678792 ----a-w- c:\windows\SysWow64\msvcr110d.dll
2012-07-26 13:38 . 2012-07-26 13:38 153536 ----a-w- c:\windows\SysWow64\atl110.dll
2012-07-26 13:38 . 2012-07-26 13:38 144848 ----a-w- c:\windows\SysWow64\vcomp110d.dll
2012-07-26 13:38 . 2012-07-26 13:38 115656 ----a-w- c:\windows\SysWow64\vcomp110.dll
2012-07-26 13:38 . 2012-07-26 13:38 111560 ----a-w- c:\windows\SysWow64\mfcm110d.dll
2012-07-26 13:38 . 2012-07-26 13:38 110544 ----a-w- c:\windows\SysWow64\mfcm110ud.dll
2012-07-26 09:52 . 2012-07-26 09:52 997336 ----a-w- c:\windows\system32\vccorlib110d.dll
2012-07-26 09:52 . 2012-07-26 09:52 90056 ----a-w- c:\windows\system32\mfcm110u.dll
2012-07-26 09:52 . 2012-07-26 09:52 90056 ----a-w- c:\windows\system32\mfcm110.dll
2012-07-26 09:52 . 2012-07-26 09:52 828872 ----a-w- c:\windows\system32\msvcr110.dll
2012-07-26 09:52 . 2012-07-26 09:52 74704 ----a-w- c:\windows\system32\mfc110fra.dll
2012-07-26 09:52 . 2012-07-26 09:52 74704 ----a-w- c:\windows\system32\mfc110deu.dll
2012-07-26 09:52 . 2012-07-26 09:52 73680 ----a-w- c:\windows\system32\mfc110esn.dll
2012-07-26 09:52 . 2012-07-26 09:52 72656 ----a-w- c:\windows\system32\mfc110ita.dll
2012-07-26 09:52 . 2012-07-26 09:52 70608 ----a-w- c:\windows\system32\mfc110rus.dll
2012-07-26 09:52 . 2012-07-26 09:52 661448 ----a-w- c:\windows\system32\msvcp110.dll
2012-07-26 09:52 . 2012-07-26 09:52 64976 ----a-w- c:\windows\system32\mfc110enu.dll
2012-07-26 09:52 . 2012-07-26 09:52 5606856 ----a-w- c:\windows\system32\mfc110u.dll
2012-07-26 09:52 . 2012-07-26 09:52 5579208 ----a-w- c:\windows\system32\mfc110.dll
2012-07-26 09:52 . 2012-07-26 09:52 53712 ----a-w- c:\windows\system32\mfc110jpn.dll
2012-07-26 09:52 . 2012-07-26 09:52 53200 ----a-w- c:\windows\system32\mfc110kor.dll
2012-07-26 09:52 . 2012-07-26 09:52 46032 ----a-w- c:\windows\system32\mfc110cht.dll
2012-07-26 09:52 . 2012-07-26 09:52 46032 ----a-w- c:\windows\system32\mfc110chs.dll
2012-07-26 09:52 . 2012-07-26 09:52 385480 ----a-w- c:\windows\system32\vcamp110.dll
2012-07-26 09:52 . 2012-07-26 09:52 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2012-07-26 09:52 . 2012-07-26 09:52 1957328 ----a-w- c:\windows\system32\msvcr110d.dll
2012-07-26 09:52 . 2012-07-26 09:52 177096 ----a-w- c:\windows\system32\atl110.dll
2012-07-26 09:52 . 2012-07-26 09:52 153040 ----a-w- c:\windows\system32\vcomp110d.dll
2012-07-26 09:52 . 2012-07-26 09:52 124360 ----a-w- c:\windows\system32\vcomp110.dll
2012-07-26 09:52 . 2012-07-26 09:52 120776 ----a-w- c:\windows\system32\mfcm110d.dll
2012-07-26 09:52 . 2012-07-26 09:52 119760 ----a-w- c:\windows\system32\mfcm110ud.dll
2012-07-26 09:52 . 2012-07-26 09:52 1106384 ----a-w- c:\windows\system32\msvcp110d.dll
2012-07-26 09:52 . 2012-07-26 09:52 10915784 ----a-w- c:\windows\system32\mfc110ud.dll
2012-07-26 09:52 . 2012-07-26 09:52 10843080 ----a-w- c:\windows\system32\mfc110d.dll
2012-07-26 09:52 . 2012-07-26 09:52 1077688 ----a-w- c:\windows\system32\vcamp110d.dll
2012-07-21 08:15 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-07-21 08:15 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-24 6595928]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2011-11-01 1053056]
"googletalk"="c:\users\paras\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"332BigDog"="c:\program files (x86)\USB Camera2\VM332_STI.EXE" [2010-01-19 536576]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Tutorials"="c:\program files (x86)\Tuto4pc\tyutoriyala.exe" [2012-06-13 3674984]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"ISTray"="c:\program files (x86)\PC Tools\PC Tools Security\pctsGui.exe" [2012-06-22 2673624]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"UpdateTutorialsHP"="c:\users\paras\AppData\Roaming\Tuto4pc\Tuto4pc\UpdateTyutoriyalaStnicHP.exe" [2012-06-13 990056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-23 250288]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-15 79376]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files (x86)\Lenovo\ReadyComm\AppSvc.exe [2010-12-27 509280]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files (x86)\Lenovo\ReadyComm\ConnSvc.exe [2010-12-27 578912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-08 114144]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-19 20992]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2010-09-30 299520]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-19 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R3 xpvcom;XPVCOM Port;c:\windows\system32\Drivers\xpvcom.sys [x]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [2011-12-25 120704]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-29 311656]
R4 RsFx0200;RsFx0200 Driver;c:\windows\system32\DRIVERS\RsFx0200.sys [2012-02-11 334936]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-29 427880]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2012-07-08 39008]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-06-22 65664]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-06-22 706776]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-06-22 341200]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-06-22 251560]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-06-22 575448]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-02-18 13336]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2012-02-11 2348632]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-06-22 402368]
S2 UDisk Monitor;UDisk Monitor;c:\program files\MBlaze UI\bin\MonServiceUDisk.exe [2011-12-25 405504]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2012-07-08 29792]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-10-21 76912]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2012-02-11 49752]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-06-22 85224]
S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [2012-06-22 92928]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-06-22 41968]
S3 vm2uvcflt;Vimicro USB Camera Filter 2;c:\windows\system32\Drivers\vm2uvcflt.sys [2010-09-21 15056]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys [2010-12-10 234960]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-15 11280]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
REG_SZ
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-08 01:27]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2241577194-2472724853-336906900-1000Core.job
- c:\users\paras\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22 05:11]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2241577194-2472724853-336906900-1000UA.job
- c:\users\paras\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22 05:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-07-08 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-07-08 5908928]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 418840]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com
mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8
mStart Page = hxxp://www.yahoo.com/?ilc=8
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\paras\AppData\Roaming\Mozilla\Firefox\Profiles\995hwerg.default-1346774142823\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-10 05:49:34
ComboFix-quarantined-files.txt 2012-10-10 00:19
.
Pre-Run: 45,929,652,224 bytes free
Post-Run: 51,570,274,304 bytes free
.
- - End Of File - - 407F98D2DB2405ABF7349C4C33E15203

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.



-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.



------------------------

Click the Start Scan button.



-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue




----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.





--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  
• Click on Delete.
  
• A logfile will automatically open after the scan has finished.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.