TechSpot

Google results redirected

By hijackvictim
Jan 14, 2011
  1. I am another victim of the google results redirect malware.
    I tried the recommended 8 steps.

    Here are the logs:

    Step 3: Malwarebytes Anti-Malware

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5521

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    1/14/2011 3:33:29 PM
    mbam-log-2011-01-14 (15-33-29).txt

    Scan type: Quick scan
    Objects scanned: 157780
    Time elapsed: 2 minute(s), 34 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\Software\qni8hj710fdl (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    Step 4: GMER

    Gmer.log file is empty


    Step 5: DDS

    dds.txt

    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by Mandar at 15:44:21.92 on Fri 01/14/2011
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.2275 [GMT -6:00]

    AV: AVG Anti-Virus *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\windows\system32\wininit.exe
    C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\windows\System32\svchost.exe -k HPZ12
    C:\windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\AVG\AVG9\avgam.exe
    C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\system32\ThpSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
    C:\windows\system32\svchost.exe -k HPService
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    C:\Windows\System32\igfxtray.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\TECO\Teco.exe
    C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe
    C:\Windows\System32\ThpSrv.exe
    C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Windows\System32\StikyNot.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    C:\windows\system32\taskeng.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
    C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\windows\system32\igfxext.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\windows\system32\wuauclt.exe
    C:\windows\system32\svchost.exe -k SDRSVC
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\NOTEPAD.EXE
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\Users\Mandar\Downloads\dds.scr
    C:\windows\system32\conhost.exe
    C:\windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:8074
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG

    \AVG9\Toolbar\IEToolbar.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG

    \AVG9\Toolbar\IEToolbar.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart

    Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe

    \Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement

    Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files

    \Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar

    \IEToolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar

    \GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google

    \GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:

    \PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin

    \jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live

    \Toolbar\wltcore.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart

    Web Printing\hpswp_BHO.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar

    \IEToolbar.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar

    \wltcore.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar

    \GoogleToolbar_32.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart

    Web Printing\hpswp_bho.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    uRun: [HandlerapiCtrl] rundll32.exe "C:\Users\Mandar\AppData\Local\CRLAuthenticationserv

    \HandlerapiCtrl.dll",isanetxx SysGLTask
    mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe"

    /hide:60
    mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation

    \TobuActivation.exe" UNATTENDED
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install

    /silent
    StartupFolder: C:\Users\Mandar\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program

    Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP

    \Digital Imaging\bin\hpqtra08.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component

    \GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files

    (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files

    (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files

    (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP

    \Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared

    \OFFICE14\MSOXMLMF.DLL
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar

    \IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:

    \PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:

    \PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google

    Toolbar\GoogleToolbar_64.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google

    \GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:

    \PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar

    \GoogleToolbar_64.dll
    TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [(Default)]
    mRun-x64: [IgfxTray] C:\windows\system32\igfxtray.exe
    mRun-x64: [HotKeysCmds] C:\windows\system32\hkcmd.exe
    mRun-x64: [Persistence] C:\windows\system32\igfxpers.exe
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
    mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
    mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    mRun-x64: [ThpSrv] C:\windows\system32\thpsrv /logon
    mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
    mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
    mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    AppInit_DLLs-X64: avgrssta.dll
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:

    \PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Mandar\AppData\Roaming\Mozilla\Firefox\Profiles\yluwv61u.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?

    d=4bef52a0&v=6.010.006.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
    FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
    FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Mandar\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    FF - plugin: C:\Users\Mandar\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: C:\Users\Mandar\AppData\Roaming\Mozilla\plugins\npicaN.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG9\Firefox
    FF - Ext: AVG Security Toolbar em:version=6.010.006.004 em:displayname=AVG Security Toolbar

    em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar

    em:homepageURL=http://www.avg.com >: avg@igeared - C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared

    ============= SERVICES / DRIVERS ===============

    R0 AvgRkx64;avgrkx64.sys;C:\Windows\System32\drivers\avgrkx64.sys [2010-5-15 56008]
    R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
    R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2010-3-12 482384]
    R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-5-15 269904]
    R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-5-15 35536]
    R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-5-15 317520]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 avg9emc;AVG E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-6-21 921952]
    R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-6-21 308136]
    R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27

    252784]
    R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage

    Technology\IAStorDataMgrSvc.exe [2010-3-12 13336]
    R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-16 14112]
    R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2010-3-12 60416]
    R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2010-3-12 81408]
    R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2010-3-12 55808]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-9-28

    251760]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows

    \System32\drivers\TVALZFL.sys [2009-6-19 14472]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R)

    Management Engine Components\UNS\UNS.exe [2010-3-12 2314240]
    R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2010-3-12 9216]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-3-12 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-26 151936]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2009-10-30 244736]
    R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2010-3-12 35008]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-12 236544]
    R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-3-12

    946688]
    R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-3-12 51512]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert

    \TosSmartSrv.exe [2010-2-5 137560]
    R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-5 824688]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework

    \v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET

    \Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-17 135664]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG9\Toolbar

    \ToolbarBroker.exe [2010-10-26 517448]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files

    (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared

    \OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-16 50176]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-18 1255736]

    =============== Created Last 30 ================

    2011-01-14 21:29:18 -------- d-----w- C:\Users\Mandar\AppData\Roaming\Malwarebytes
    2011-01-14 21:29:08 38224 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-01-14 21:29:07 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-01-14 21:29:04 24152 ----a-w- C:\windows\System32\drivers\mbam.sys
    2011-01-14 21:29:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2010-12-23 17:23:47 -------- d-----w- C:\Users\Mandar\AppData\Local\Yahoo!

    ==================== Find3M ====================

    2010-11-04 06:35:53 1194496 ----a-w- C:\windows\System32\wininet.dll
    2010-11-04 06:31:34 57856 ----a-w- C:\windows\System32\licmgr10.dll
    2010-11-04 05:52:17 978944 ----a-w- C:\windows\SysWow64\wininet.dll
    2010-11-04 05:48:36 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
    2010-11-04 05:16:14 482816 ----a-w- C:\windows\System32\html.iec
    2010-11-04 04:41:26 386048 ----a-w- C:\windows\SysWow64\html.iec
    2010-11-04 04:35:37 1638912 ----a-w- C:\windows\System32\mshtml.tlb
    2010-11-04 04:08:54 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2010-11-02 05:21:51 982912 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
    2010-11-02 05:18:59 662528 ----a-w- C:\windows\System32\XpsPrint.dll
    2010-11-02 05:18:59 229888 ----a-w- C:\windows\System32\XpsRasterService.dll
    2010-11-02 05:18:58 470016 ----a-w- C:\windows\System32\XpsGdiConverter.dll
    2010-11-02 05:18:17 524288 ----a-w- C:\windows\System32\wmicmiplugin.dll
    2010-11-02 05:17:38 473600 ----a-w- C:\windows\System32\taskcomp.dll
    2010-11-02 05:17:38 1169408 ----a-w- C:\windows\System32\taskschd.dll
    2010-11-02 05:16:53 1114624 ----a-w- C:\windows\System32\schedsvc.dll
    2010-11-02 05:12:53 1133568 ----a-w- C:\windows\System32\FntCache.dll
    2010-11-02 05:12:25 1540608 ----a-w- C:\windows\System32\DWrite.dll
    2010-11-02 05:12:08 1837568 ----a-w- C:\windows\System32\d3d10warp.dll
    2010-11-02 05:12:07 320512 ----a-w- C:\windows\System32\d3d10_1core.dll
    2010-11-02 05:12:06 902656 ----a-w- C:\windows\System32\d2d1.dll
    2010-11-02 05:12:06 197120 ----a-w- C:\windows\System32\d3d10_1.dll
    2010-11-02 05:10:47 464384 ----a-w- C:\windows\System32\taskeng.exe
    2010-11-02 05:10:32 285696 ----a-w- C:\windows\System32\schtasks.exe
    2010-11-02 04:59:08 144384 ----a-w- C:\windows\System32\cdd.dll
    2010-11-02 04:41:36 442880 ----a-w- C:\windows\SysWow64\XpsPrint.dll
    2010-11-02 04:41:36 283648 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
    2010-11-02 04:41:36 135168 ----a-w- C:\windows\SysWow64\XpsRasterService.dll
    2010-11-02 04:40:36 496128 ----a-w- C:\windows\SysWow64\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- C:\windows\SysWow64\taskcomp.dll
    2010-11-02 04:35:51 1074176 ----a-w- C:\windows\SysWow64\DWrite.dll
    2010-11-02 04:35:35 1170944 ----a-w- C:\windows\SysWow64\d3d10warp.dll
    2010-11-02 04:35:34 739840 ----a-w- C:\windows\SysWow64\d2d1.dll
    2010-11-02 04:35:34 218624 ----a-w- C:\windows\SysWow64\d3d10_1core.dll
    2010-11-02 04:35:34 161792 ----a-w- C:\windows\SysWow64\d3d10_1.dll
    2010-11-02 04:34:44 192000 ----a-w- C:\windows\SysWow64\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- C:\windows\SysWow64\schtasks.exe
    2010-11-02 02:50:58 258048 ----a-w- C:\windows\System32\drivers\dxgmms1.sys
    2010-10-27 05:06:22 2048 ----a-w- C:\windows\System32\tzres.dll
    2010-10-27 04:32:36 2048 ----a-w- C:\windows\SysWow64\tzres.dll
    2010-10-20 05:20:01 46080 ----a-w- C:\windows\System32\atmlib.dll
    2010-10-20 04:54:18 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
    2010-10-20 03:09:15 3124224 ----a-w- C:\windows\System32\win32k.sys
    2010-10-20 03:05:46 367104 ----a-w- C:\windows\System32\atmfd.dll
    2010-10-20 02:58:41 294400 ----a-w- C:\windows\SysWow64\atmfd.dll

    ============= FINISH: 15:45:04.83 ===============


    Attach.txt

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/17/2010 1:08:35 AM
    System Uptime: 1/14/2011 3:17:46 PM (0 hours ago)

    Motherboard: TOSHIBA | | Portable PC
    Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz | CPU | 2133/1066mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 454 GiB total, 396.814 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Officejet 6300 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Officejet 6300 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:

    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Officejet 6300 series
    Device ID: ROOT\IMAGE\0000
    Manufacturer: HP
    Name: Officejet 6300 series
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam

    ==== System Restore Points ===================

    RP65: 11/26/2010 4:03:58 PM - Scheduled Checkpoint
    RP66: 12/4/2010 2:13:37 AM - Scheduled Checkpoint
    RP67: 12/12/2010 10:09:26 PM - Scheduled Checkpoint
    RP68: 12/15/2010 12:53:22 PM - Windows Update
    RP69: 12/29/2010 1:20:18 PM - Windows Backup
    RP70: 1/5/2011 8:32:32 PM - Scheduled Checkpoint
    RP71: 1/6/2011 3:16:01 AM - Windows Update
    RP72: 1/13/2011 8:00:51 AM - Windows Update

    ==== Installed Programs ======================

    6300
    6300_Help
    6300Trb
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.1
    AIO_CDB_ProductContext
    AIO_CDB_Software
    AIO_Scan
    Amazon Links
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Software Update
    AVG 9.0
    Bejeweled 2 Deluxe
    Blackhawk Striker 2
    BufferChm
    Citrix XenApp Web Plugin
    Compatibility Pack for the 2007 Office system
    Copy
    Definition update for Microsoft Office 2010 (KB982726)
    Destinations
    DeviceDiscovery
    Direct DiscRecorder
    DocProc
    DVD MovieFactory for TOSHIBA
    Facebook Plug-In
    Faerie Solitaire
    FATE Undiscovered Realms
    Fax
    Google Earth Plug-in
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPBaseService2
    HP Update
    HPPhotoGadget
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPProductAssistant
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    InterVideo WinDVD BD for TOSHIBA
    Java(TM) 6 Update 14
    Junk Mail filter update
    Malwarebytes' Anti-Malware
    Microsoft Choice Guard
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2010
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Monopoly
    Mozilla Firefox (3.6.13)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NetZero Launcher
    Picasa 3
    Polar Bowler
    Quickbooks Financial Center
    Quicken 2011
    QuickTime
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek WLAN Driver
    RICOH R5U230 Media Driver ver.2.06.03.02
    Scan
    Scrabble Plus
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft Publisher 2010 (KB2409055)
    Security Update for Microsoft Word 2010 (KB2345000)
    Skype Launcher
    SmartWebPrinting
    SolutionCenter
    Status
    Toolbox
    Toshiba Application Installer
    TOSHIBA Assist
    TOSHIBA Bulletin Board
    TOSHIBA ConfigFree
    TOSHIBA DVD PLAYER
    TOSHIBA eco Utility
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    TOSHIBA Media Controller
    Toshiba Online Backup
    TOSHIBA Quality Application
    TOSHIBA ReelTime
    TOSHIBA Service Station
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA USB Sleep and Charge Utility
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    ToshibaRegistration
    TrayApp
    UnloadSupport
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2413186)
    Update for Microsoft OneNote 2010 (KB2433299)
    Update for Microsoft Outlook Social Connector (KB2289116)
    Virtual Families
    Virtual Villagers - The Secret City
    Visual C++ 8.0 Runtime Setup Package (x64)
    WebReg
    WildTangent Games
    WildTangent ORB Game Console
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Yahoo! BrowserPlus 2.9.8

    ==== Event Viewer Messages From Past Week ========

    1/14/2011 3:15:57 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated

    unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:

    Restart the service.

    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================================================

    Disable "word wrap" in Notepad, because your logs are hard to read.

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. hijackvictim

    hijackvictim TS Rookie Topic Starter

    More problems....:(

    Thanks so much for responding.

    I was trying the steps but having more issues now.
    MBRCheck ran okay but I downloaded combofix and then before running it I uninstalled AVG as instructed using the Appremover tool downloaded form the provided link.

    It asked to restart after removing AVG and as soon as I restarted I was bombarded with pop-ups about infected files.

    Tried running combofix and it does not start.

    The popups keep suggesting I enable antivirus but the window looks like malware so am afraid to. Tried to open task manager to kill the process creating these pop-ups ....task manager window shows for a second then closes and another popup says task manager is infected.

    Not sure what to do next. Any help is appreciated.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Did you read?
    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:
    .....and so on....
     
  5. hijackvictim

    hijackvictim TS Rookie Topic Starter

    Combofix worked

    I just panicked with all the pop-ups before.

    After opening in Safe mode, everything worked. Thanks:)

    Here are the log files:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: TOSHIBA
    BIOS Manufacturer: INSYDE
    System Manufacturer: TOSHIBA
    System Product Name: Satellite A505
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 205):
    0x03056000 \SystemRoot\system32\ntoskrnl.exe
    0x0300D000 \SystemRoot\system32\hal.dll
    0x00BBC000 \SystemRoot\system32\kdcom.dll
    0x00C0A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00C4E000 \SystemRoot\system32\PSHED.dll
    0x00C62000 \SystemRoot\system32\CLFS.SYS
    0x00CC0000 \SystemRoot\system32\CI.dll
    0x00ED5000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F79000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00F88000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00FDF000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00FE8000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
    0x00E55000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x00E5E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00E6A000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00D80000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00E7F000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00E99000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x00EA0000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x010EC000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x012F4000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x012FD000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x01327000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x01332000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x0133D000 \SystemRoot\system32\drivers\fltmgr.sys
    0x01389000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01414000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x0139D000 \SystemRoot\System32\Drivers\msrpc.sys
    0x015B7000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01000000 \SystemRoot\System32\Drivers\cng.sys
    0x015D1000 \SystemRoot\System32\drivers\pcw.sys
    0x015E2000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x016B8000 \SystemRoot\system32\drivers\ndis.sys
    0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01802000 \SystemRoot\System32\drivers\tcpip.sys
    0x017AA000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x017F4000 \SystemRoot\system32\DRIVERS\wd.sys
    0x01073000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x0168B000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
    0x01A63000 \SystemRoot\system32\DRIVERS\tos_sps64.sys
    0x01ADD000 \SystemRoot\system32\DRIVERS\Thpevm.SYS
    0x01ADF000 \SystemRoot\system32\DRIVERS\thpdrv.sys
    0x01AEB000 \SystemRoot\System32\Drivers\spldr.sys
    0x01AF3000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01B2D000 \SystemRoot\System32\Drivers\mup.sys
    0x01B3F000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01B48000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01B82000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01B98000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x01BC8000 \SystemRoot\System32\Drivers\avgrkx64.sys
    0x04486000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x044B0000 \SystemRoot\System32\Drivers\Null.SYS
    0x044B9000 \SystemRoot\System32\Drivers\Beep.SYS
    0x044C0000 \SystemRoot\System32\drivers\vga.sys
    0x044CE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x044F3000 \SystemRoot\System32\drivers\watchdog.sys
    0x04503000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x0450C000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x04515000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x0451E000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x04529000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x0453A000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x04558000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x04565000 \SystemRoot\System32\Drivers\avgtdia.sys
    0x045B6000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02ECF000 \SystemRoot\system32\drivers\afd.sys
    0x02F59000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x02F62000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x02F88000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x02F9E000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x02FAD000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x02FC8000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x02E00000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x02E51000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x02E5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x02E68000 \SystemRoot\System32\drivers\discache.sys
    0x02E77000 \SystemRoot\System32\Drivers\dfsc.sys
    0x02E95000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x02EA6000 \SystemRoot\System32\Drivers\avgmfx64.sys
    0x04200000 \SystemRoot\System32\Drivers\avgldx64.sys
    0x01A00000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x02EAE000 \SystemRoot\system32\DRIVERS\TVALZFL.sys
    0x02EB5000 \SystemRoot\system32\DRIVERS\FwLnk.sys
    0x04A7A000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
    0x0465C000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x04750000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x04796000 \SystemRoot\system32\DRIVERS\HECIx64.sys
    0x047A7000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x04600000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x047B8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x04A00000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x0526E000 \SystemRoot\system32\DRIVERS\rtl8192se.sys
    0x05376000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x05383000 \SystemRoot\system32\DRIVERS\risdpe64.sys
    0x0539C000 \SystemRoot\system32\DRIVERS\rimspe64.sys
    0x05200000 \SystemRoot\system32\DRIVERS\rixdpe64.sys
    0x05256000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x053B5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x053D3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x05419000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x0546A000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x0546C000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x0547B000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
    0x05485000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x05492000 \SystemRoot\system32\DRIVERS\Impcd.sys
    0x054B8000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x054CE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x054DE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x054F4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x05518000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x05524000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x05553000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x0556E000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x0558F000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x055A9000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x055AB000 \SystemRoot\system32\DRIVERS\ks.sys
    0x055EE000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x05AC2000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x05B1C000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x06203000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x05B31000 \SystemRoot\system32\drivers\portcls.sys
    0x05B6E000 \SystemRoot\system32\drivers\drmk.sys
    0x063F0000 \SystemRoot\system32\drivers\ksthunk.sys
    0x05B90000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
    0x05BD1000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x04247000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x000F0000 \SystemRoot\System32\win32k.sys
    0x05BDF000 \SystemRoot\System32\drivers\Dxapi.sys
    0x05BEB000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x05A00000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x05A1D000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x063F6000 \SystemRoot\system32\DRIVERS\pgeffect.sys
    0x05A4B000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x05A59000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x05A72000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x05A7B000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x05A89000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x05A96000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00460000 \SystemRoot\System32\TSDDD.dll
    0x00720000 \SystemRoot\System32\cdd.dll
    0x047DC000 \SystemRoot\system32\drivers\luafv.sys
    0x04A3E000 \SystemRoot\system32\drivers\WudfPf.sys
    0x05AA4000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x02A25000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x02A78000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x02A8B000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x02AA3000 \SystemRoot\system32\DRIVERS\vwifimp.sys
    0x02AAD000 \SystemRoot\system32\drivers\HTTP.sys
    0x02B75000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x02B93000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x02BAB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x03E5C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x03EAA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x03ECF000 \SystemRoot\system32\drivers\peauth.sys
    0x03F75000 \SystemRoot\system32\drivers\regi.sys
    0x03F7F000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x03F8A000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x03FB7000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x0889E000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x08905000 \SystemRoot\System32\DRIVERS\srv.sys
    0x08875000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x77300000 \Windows\System32\ntdll.dll
    0x48370000 \Windows\System32\smss.exe
    0xFF620000 \Windows\System32\apisetschema.dll
    0xFFE00000 \Windows\System32\autochk.exe
    0xFF5F0000 \Windows\System32\imagehlp.dll
    0xFF570000 \Windows\System32\shlwapi.dll
    0xFF490000 \Windows\System32\advapi32.dll
    0x774D0000 \Windows\System32\psapi.dll
    0xFF310000 \Windows\System32\urlmon.dll
    0xFF270000 \Windows\System32\clbcatq.dll
    0xFF090000 \Windows\System32\setupapi.dll
    0xFEE30000 \Windows\System32\iertutil.dll
    0xFEE20000 \Windows\System32\lpk.dll
    0xFEDD0000 \Windows\System32\ws2_32.dll
    0xFE040000 \Windows\System32\shell32.dll
    0xFE020000 \Windows\System32\sechost.dll
    0x77200000 \Windows\System32\user32.dll
    0xFE010000 \Windows\System32\nsi.dll
    0x774C0000 \Windows\System32\normaliz.dll
    0x770E0000 \Windows\System32\kernel32.dll
    0xFDEE0000 \Windows\System32\rpcrt4.dll
    0xFDE60000 \Windows\System32\difxapi.dll
    0xFDD30000 \Windows\System32\wininet.dll
    0xFDCE0000 \Windows\System32\Wldap32.dll
    0xFDAD0000 \Windows\System32\ole32.dll
    0xFDA30000 \Windows\System32\comdlg32.dll
    0xFD9C0000 \Windows\System32\gdi32.dll
    0xFD8F0000 \Windows\System32\usp10.dll
    0xFD810000 \Windows\System32\oleaut32.dll
    0xFD700000 \Windows\System32\msctf.dll
    0xFD660000 \Windows\System32\msvcrt.dll
    0xFD630000 \Windows\System32\imm32.dll
    0xFD5F0000 \Windows\System32\wintrust.dll
    0xFD580000 \Windows\System32\KernelBase.dll
    0xFD4E0000 \Windows\System32\comctl32.dll
    0xFD4A0000 \Windows\System32\cfgmgr32.dll
    0xFD480000 \Windows\System32\devobj.dll
    0xFD310000 \Windows\System32\crypt32.dll
    0xFD300000 \Windows\System32\msasn1.dll
    0x762E0000 \Windows\SysWOW64\normaliz.dll

    Processes (total 106):
    0 System Idle Process
    4 System
    336 C:\Windows\System32\smss.exe
    516 csrss.exe
    588 C:\Windows\System32\wininit.exe
    608 csrss.exe
    616 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    624 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    692 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    728 C:\Windows\System32\services.exe
    744 C:\Windows\System32\lsass.exe
    752 C:\Windows\System32\lsm.exe
    348 C:\Windows\System32\svchost.exe
    448 C:\Windows\System32\svchost.exe
    1036 C:\Windows\System32\svchost.exe
    1068 C:\Windows\System32\winlogon.exe
    1136 C:\Windows\System32\svchost.exe
    1164 C:\Windows\System32\svchost.exe
    1372 C:\Windows\System32\svchost.exe
    1508 C:\Windows\System32\svchost.exe
    1752 C:\Windows\System32\spoolsv.exe
    1780 C:\Windows\System32\svchost.exe
    1864 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1940 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    1980 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    2024 C:\Windows\System32\svchost.exe
    1176 C:\Windows\SysWOW64\svchost.exe
    1348 C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    1836 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    2088 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2228 C:\Program Files (x86)\AVG\AVG9\avgam.exe
    2340 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
    2496 C:\Windows\System32\svchost.exe
    2552 C:\Windows\System32\ThpSrv.exe
    2580 C:\Windows\System32\TODDSrv.exe
    2608 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    2692 C:\Program Files\TOSHIBA\TECO\TecoService.exe
    2740 C:\Windows\System32\SearchIndexer.exe
    2788 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    2808 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    2920 C:\Windows\System32\taskhost.exe
    2996 C:\Windows\System32\dwm.exe
    3020 C:\Windows\explorer.exe
    1628 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
    3552 C:\Windows\System32\svchost.exe
    2880 C:\Program Files\Windows Media Player\wmpnetwk.exe
    1436 C:\Windows\System32\svchost.exe
    3820 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    3068 C:\Windows\System32\igfxtray.exe
    4264 C:\Windows\System32\hkcmd.exe
    4384 C:\Windows\System32\igfxsrvc.exe
    4392 C:\Windows\System32\igfxpers.exe
    4480 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    4488 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    4496 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    4572 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    4588 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    4636 C:\Program Files\TOSHIBA\TECO\Teco.exe
    4684 C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe
    4692 C:\Windows\System32\ThpSrv.exe
    4736 C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    4752 C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    4816 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    4880 C:\Program Files\Windows Sidebar\sidebar.exe
    4996 C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
    5004 C:\Windows\System32\StikyNot.exe
    5012 C:\Windows\System32\rundll32.exe
    5036 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    5064 C:\Windows\SysWOW64\rundll32.exe
    4536 C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    5108 C:\Windows\System32\taskeng.exe
    3152 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    3304 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    2980 C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
    5156 C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
    5164 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    5180 C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
    5224 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    5300 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    5368 C:\Windows\System32\igfxext.exe
    5788 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    6068 C:\Program Files (x86)\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe
    2912 C:\Program Files\iPod\bin\iPodService.exe
    4544 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    4128 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    3892 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    3836 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
    5968 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    5548 C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    1684 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    3292 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    4720 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
    6148 C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    6172 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    6468 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    7160 C:\Windows\System32\wuauclt.exe
    3924 C:\Windows\System32\svchost.exe
    3940 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    6580 C:\Program Files (x86)\AVG\AVG9\avgui.exe
    2020 C:\Windows\System32\svchost.exe
    5640 WmiPrvSE.exe
    3300 C:\Windows\System32\audiodg.exe
    116 dllhost.exe
    6648 dllhost.exe
    1960 C:\Users\Mandar\Downloads\MBRCheck.exe
    6524 C:\Windows\System32\conhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
    \\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: TOSHIBAMK5055GSX, Rev: FG001M
    PhysicalDrive1 Model Number: ST3250820A, Rev: 3.AA

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
    SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61
    232 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!



    Combofix


    ComboFix 11-01-14.01 - Mandar 01/16/2011 10:47:48.1.4 - x64 MINIMAL
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.3357 [GMT -6:00]
    Running from: c:\users\Mandar\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Mandar\AppData\Local\CRLAuthenticationserv\HandlerapiCtrl.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-16 to 2011-01-16 )))))))))))))))))))))))))))))))
    .

    2011-01-16 16:51 . 2011-01-16 16:51 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-01-15 03:37 . 2010-11-16 18:01 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7BAA8B4-7D1A-4D3F-9E4E-D0A1FDEA0E0F}\mpengine.dll
    2011-01-14 21:29 . 2011-01-14 21:29 -------- d-----w- c:\users\Mandar\AppData\Roaming\Malwarebytes
    2011-01-14 21:29 . 2010-12-21 00:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-01-14 21:29 . 2011-01-14 21:29 -------- d-----w- c:\programdata\Malwarebytes
    2011-01-14 21:29 . 2011-01-14 21:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-01-14 21:29 . 2010-12-21 00:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-23 17:23 . 2010-12-23 17:23 -------- d-----w- c:\users\Mandar\AppData\Local\Yahoo!

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-04 06:35 . 2010-12-15 03:22 1194496 ----a-w- c:\windows\system32\wininet.dll
    2010-11-04 06:31 . 2010-12-15 03:22 57856 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-04 05:52 . 2010-12-15 03:22 978944 ----a-w- c:\windows\SysWow64\wininet.dll
    2010-11-04 05:48 . 2010-12-15 03:22 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2010-11-04 05:16 . 2010-12-15 03:22 482816 ----a-w- c:\windows\system32\html.iec
    2010-11-04 04:41 . 2010-12-15 03:22 386048 ----a-w- c:\windows\SysWow64\html.iec
    2010-11-04 04:35 . 2010-12-15 03:22 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-11-04 04:08 . 2010-12-15 03:22 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2010-11-02 05:18 . 2010-12-15 03:22 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-02 05:17 . 2010-12-15 03:22 1169408 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-02 05:17 . 2010-12-15 03:22 473600 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-02 05:16 . 2010-12-15 03:22 1114624 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-02 05:10 . 2010-12-15 03:22 464384 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 05:10 . 2010-12-15 03:22 285696 ----a-w- c:\windows\system32\schtasks.exe
    2010-11-02 04:40 . 2010-12-15 03:22 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
    2010-11-02 04:40 . 2010-12-15 03:22 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
    2010-11-02 04:34 . 2010-12-15 03:22 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
    2010-11-02 04:34 . 2010-12-15 03:22 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
    2010-10-27 05:06 . 2010-12-15 03:22 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-10-27 04:32 . 2010-12-15 03:22 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2010-10-20 05:20 . 2010-12-15 03:22 46080 ----a-w- c:\windows\system32\atmlib.dll
    2010-10-20 04:54 . 2010-12-15 03:22 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2010-10-20 03:09 . 2010-12-15 03:22 3124224 ----a-w- c:\windows\system32\win32k.sys
    2010-10-20 03:05 . 2010-12-15 03:22 367104 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-20 02:58 . 2010-12-15 03:22 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
    2010-10-19 16:41 . 2010-05-16 02:00 270720 ------w- c:\windows\system32\MpSigStub.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-12 39408]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
    "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
    "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
    "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-05 2446648]
    "NortonOnlineBackupReminder"="c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 529256]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-04-28 142120]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"="grpconv -o" [X]

    c:\users\Mandar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-28 252784]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-17 135664]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
    R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-30 244736]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-31 236544]
    R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 946688]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
    R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-05 824688]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-16 50176]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]
    S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
    S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 14784]
    S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
    S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]
    S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-29 81408]
    S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-05 55808]
    S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]


    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-17 06:34]

    2011-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-17 06:34]
    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ThpSrv"="c:\windows\system32\thpsrv" [X]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-14 166424]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-14 390168]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-14 408600]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-03 8312352]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:8075
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    FF - ProfilePath - c:\users\Mandar\AppData\Roaming\Mozilla\Firefox\Profiles\yluwv61u.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4bef52a0&v=6.010.006.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-HandlerapiCtrl - c:\users\Mandar\AppData\Local\CRLAuthenticationserv\HandlerapiCtrl.dll
    Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
    Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-(Default) - (no file)
    HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    HKLM-Run-Teco - %ProgramFiles%\TOSHIBA\TECO\Teco.exe
    HKLM-Run-TosWaitSrv - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
    HKLM-Run-SmartFaceVWatcher - %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    HKLM-Run-TosNC - %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
    HKLM-Run-TosReelTimeMonitor - %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker2"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-01-16 10:53:24
    ComboFix-quarantined-files.txt 2011-01-16 16:53

    Pre-Run: 424,708,734,976 bytes free
    Post-Run: 424,522,588,160 bytes free

    - - End Of File - - D2F8216CC63ECCA9DF508DCB5CF7B18B
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    DDS::
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:8075
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...