Can't remove trojan help

[Kiwi4]

AVG detected that I have a trojan virus infecting thees files when I open up Mozilla Firefox:

c:\Windows\system32\drivers\gxvxfaxpycrdriifwxncvirgvwwubodjomwp.sys
C:\Windows\system32\gxvxcnatoqwjxnnacptuuusenlldxvcrawixh.dll
C:\Windows\system32\gxvxcgjavcjjrbaieysrojipcsruayfnvcml.dll

I can only get on my laptop in safe mode. It will not boot normally!

I installed from another computer the recommended programs of: Malwarebytes. SuperAntiSpyware, Hijackthis but none of which will run on my computer. When I attempt to use them my computer shuts down. Same thing happens when I use SpyBot Search and Destroy or any other anti-virus software. Any ideas on how to get rid of the trojan?

 

[touch]

Hello Kiwi4

Please download combofix here -> https://www.techspot.com/downloads/5587-combofix.html

Before Saving it to Desktop, please rename it to something like 123.com to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after
scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post

 

[Kiwi4]

Thank you for the reply. I ran the combo fix as suggested. Here's my log file:

ComboFix 09-06-05.07 - Nicole 06/06/2009 10:54.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1013.325 [GMT -4:00]
Running from: c:\users\Nicole\Downloads\1234.com
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Nicole\AppData\Roaming\inst.exe
c:\windows\system32\drivers\gxvxcfaxpycrdriifwxncvirgvwwubodjomwp.sys
c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
c:\windows\system32\gxvxcgjavcjjrbaieysrojipcsruoayfnvjcm.dll
c:\windows\system32\gxvxcnatoqwjxnnacptuuusenlldxvcrawixh.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gxvxcserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-06 to 2009-06-06 )))))))))))))))))))))))))))))))
.

2009-06-06 14:59 . 2009-06-06 15:18 -------- d-----w- c:\users\Nicole\AppData\Local\temp
2009-06-05 22:38 . 2009-06-05 22:38 -------- d-sh--w- C:\found.000
2009-06-02 12:01 . 2009-06-02 12:01 -------- d-----w- c:\program files\Trend Micro
2009-06-02 12:00 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-02 12:00 . 2009-06-02 12:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-02 12:00 . 2009-06-02 12:00 -------- d-----w- c:\progra~2\Malwarebytes
2009-06-02 12:00 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-02 11:54 . 2009-06-02 11:54 -------- d-----w- c:\program files\CCleaner
2009-06-02 11:02 . 2009-06-02 11:04 -------- d-s---w- C:\123

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-06 15:00 . 2008-08-04 07:49 -------- d-----w- c:\users\Nicole\AppData\Roaming\Spyware Terminator
2009-06-06 15:00 . 2008-08-04 18:17 -------- d-----w- c:\progra~2\Spyware Terminator
2009-06-06 14:47 . 2008-03-23 17:54 -------- d-----w- c:\users\Nicole\AppData\Roaming\Skype
2009-06-06 12:07 . 2008-03-23 17:56 -------- d-----w- c:\users\Nicole\AppData\Roaming\skypePM
2009-06-02 11:11 . 2007-08-02 05:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-01 17:02 . 2008-06-16 16:33 -------- d-----w- c:\progra~2\avg8
2009-05-21 17:48 . 2007-07-29 05:31 -------- d-----w- c:\users\Nicole\AppData\Roaming\uTorrent
2009-05-18 13:54 . 2007-11-07 09:04 -------- d-----w- c:\users\Nicole\AppData\Roaming\.purple
2009-05-17 23:46 . 2008-06-13 23:46 -------- d-----w- c:\progra~2\Symantec
2009-05-17 23:40 . 2008-04-07 07:48 -------- d-----w- c:\program files\Norton Security Scan
2009-05-17 23:39 . 2008-06-15 23:01 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-15 20:00 . 2007-06-07 02:52 -------- d-----w- c:\users\Nicole\AppData\Roaming\SiteAdvisor
2009-05-15 14:28 . 2009-02-12 01:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-15 14:28 . 2008-06-16 16:34 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-15 14:28 . 2008-06-16 16:34 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-14 08:06 . 2007-03-28 12:14 -------- d-----w- c:\progra~2\Microsoft Help
2009-05-14 08:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-03-21 05:22 . 2009-03-21 05:22 125 ----a-w- C:\DelUS.bat
2009-03-17 03:16 . 2009-04-17 01:04 14848 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:16 . 2009-04-17 01:04 25600 ----a-w- c:\windows\system32\amxread.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 417792]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-31 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-31 151552]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-31 126976]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-02 835584]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-26 1840128]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-19 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]
"SiteAdvisor"="c:\program files\SiteAdvisor\6261\SiteAdv.exe" [2006-10-18 35928]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-10-26 185632]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-15 1947928]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-08-04 1783808]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-02-07 4374528]
"NDSTray.exe"="NDSTray.exe" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

 

[Kiwi4]

my log post exceeds limits

 

[Kiwi4]

attempting to post log file still....

 

[Kiwi4]

still isn't letting me

 

[Kiwi4]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{28130F52-3192-4018-8632-71B8A84086BB}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{F23D7922-BC62-499A-9DB6-3C87C8BF517E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{ABBC0027-5D31-4A5A-9F7C-7693744AAF11}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8FF0287A-10D9-4A8B-BFFB-5C17484BF75D}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{CBE8D9C2-70EC-4D76-9224-650FE27170CA}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BC175D89-50EA-4ECD-B777-F8B2BB4F63E4}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2C7FCD33-B00A-4EA2-A7D3-46FA9AFAC85A}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0375E23F-084E-4A6C-8E26-89CA8D8158A7}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0A780A99-0D9E-492C-8DAB-F7C6A265EEAB}"= UDP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{287AB078-3896-4616-90E6-84FD1CBB8160}"= TCP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{B9A9F7D1-2E8F-47DA-AA19-AFC95A00AADC}"= UDP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{DC33EA1F-92AD-422A-82D6-DBB78F0F240B}"= TCP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{F398248E-8B20-4F3B-B9A8-8A0788A110B7}"= UDP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exeMSRegisterFile
"{A563E240-9C52-41B7-BC6C-71AD06E380E8}"= TCP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exeMSRegisterFile
"{AED2EA8D-3CCD-483D-B8D0-A76C246FF719}"= UDP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{1182779B-8CDF-4766-B918-1CEB0DEBD155}"= TCP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{706CBF08-083A-4F2B-90C4-F83668D20164}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C34FF2CE-F450-46DA-91D1-71DF66D22DE9}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{501942C3-F957-47F8-BB8C-E39B153A5B27}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{8F7622AA-1AD3-467A-A022-82A2F78A97B4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{60D08683-3264-47CE-9664-9F93CB0DFF48}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{96332A51-89F1-4AC2-85C8-36A1E39CBD56}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{4656517F-02B4-4970-8F7D-0AA3D7CAFD21}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{E8EEDF1B-E05F-44E6-9F04-6E1CCF2CA0E0}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{A1A39CCF-50FE-4863-8B2E-5C443021A3C2}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{E7D5F52C-B30E-487B-9540-13773F433B81}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{3ECB5C01-C680-49EC-A481-EAD98687A05E}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{9B205CE7-E22C-47E8-9D8D-F1979D91B235}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{A4550CFA-9D9E-4FD1-8202-F995FF4564F4}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{A002665D-BFFC-4889-AA70-7D8B33AD6C6F}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype
"UDP Query User{38CDFE07-0549-442C-A388-11294BBE7337}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype
"TCP Query User{76DD1E39-10A5-4641-A1F3-F6FB39E24BC2}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:iTunes
"UDP Query User{E8B66173-0FCB-46DA-B035-67C29FEC9FEC}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:iTunes
"TCP Query User{D1B77E38-78AF-4478-A225-D22A81054B15}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{E0BA7546-600A-4DFD-84F7-84F0DF0483AC}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{AA5CD046-AFFF-42CD-93BA-7C5F35A30EF3}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{92FE3D2E-59F8-476A-ADE2-9BB49D9136D0}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [6/16/2008 12:34 PM 325896]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [8/4/2008 2:17 PM 141312]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/11/2009 9:30 PM 298776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/2/2007 1:55 PM 24652]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [2/28/2007 4:00 PM 7168]
S3 GoogleDesktopManager-091507-085419;Google Desktop Manager 5.1.709.15267;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/28/2007 4:10 PM 1840128]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyServer = 94.23.10.204:8118
uInternet Settings,ProxyOverride = <local>
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: ameritrade.com
Trusted Zone: ameritrade.com\investment1s
Trusted Zone: ameritrade.com\wwws
Trusted Zone: tdameritrade.com
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\l1ulxqku.default\
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xwsg.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\SiteAdvisor\6261\FF\components\FFHook.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\l1ulxqku.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
.

 

[kritius]

attach it.

 

[Kiwi4]

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-06 11:18
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4396)
c:\program files\SiteAdvisor\6261\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\System32\audiodg.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\IObit\Advanced SystemCare 3\AWC.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\windows\System32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Toshiba\ConfigFree\CFSwMgr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-06 11:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-06 15:26

Pre-Run: 76,926,394,368 bytes free
Post-Run: 76,722,380,800 bytes free

235 --- E O F --- 2009-05-29 00:44

 

[Kiwi4]

Thanks, didn't realize I could attach the file to my post

 

[touch]

Thanks for helping kritius

Kiwi4 -> I think you can run the steps in this guide now:

8-step Viruses/Spyware/Malware Preliminary Removal Instructions

Post attached log´s from:

Malwarebyte
Superantispyware
Hijackthis

In your next reply