Inactive Google results redirected

Status
Not open for further replies.
H

hijackvictim

I am another victim of the google results redirect malware.
I tried the recommended 8 steps.

Here are the logs:

Step 3: Malwarebytes Anti-Malware

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5521

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/14/2011 3:33:29 PM
mbam-log-2011-01-14 (15-33-29).txt

Scan type: Quick scan
Objects scanned: 157780
Time elapsed: 2 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\qni8hj710fdl (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Step 4: GMER

Gmer.log file is empty


Step 5: DDS

dds.txt

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Mandar at 15:44:21.92 on Fri 01/14/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.2275 [GMT -6:00]

AV: AVG Anti-Virus *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\windows\system32\svchost.exe -k HPService
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\System32\igfxtray.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Windows\System32\StikyNot.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\Mandar\Downloads\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:8074
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG

\AVG9\Toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG

\AVG9\Toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart

Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe

\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement

Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files

\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar

\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google

\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:

\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin

\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live

\Toolbar\wltcore.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart

Web Printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar

\IEToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar

\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart

Web Printing\hpswp_bho.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [HandlerapiCtrl] rundll32.exe "C:\Users\Mandar\AppData\Local\CRLAuthenticationserv

\HandlerapiCtrl.dll",isanetxx SysGLTask
mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe"

/hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation

\TobuActivation.exe" UNATTENDED
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install

/silent
StartupFolder: C:\Users\Mandar\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program

Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP

\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component

\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files

(x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files

(x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files

(x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP

\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared

\OFFICE14\MSOXMLMF.DLL
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar

\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:

\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:

\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google

Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google

\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:

\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_64.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [(Default)]
mRun-x64: [IgfxTray] C:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\windows\system32\igfxpers.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun-x64: [ThpSrv] C:\windows\system32\thpsrv /logon
mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AppInit_DLLs-X64: avgrssta.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:

\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Mandar\AppData\Roaming\Mozilla\Firefox\Profiles\yluwv61u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?

d=4bef52a0&v=6.010.006.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Mandar\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Mandar\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Mandar\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG9\Firefox
FF - Ext: AVG Security Toolbar em:version=6.010.006.004 em:displayname=AVG Security Toolbar

em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar

em:homepageURL=http://www.avg.com >: avg@igeared - C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared

============= SERVICES / DRIVERS ===============

R0 AvgRkx64;avgrkx64.sys;C:\Windows\System32\drivers\avgrkx64.sys [2010-5-15 56008]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2010-3-12 482384]
R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-5-15 269904]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-5-15 35536]
R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-5-15 317520]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 avg9emc;AVG E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-6-21 921952]
R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-6-21 308136]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27

252784]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage

Technology\IAStorDataMgrSvc.exe [2010-3-12 13336]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-16 14112]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2010-3-12 60416]
R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2010-3-12 81408]
R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2010-3-12 55808]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-9-28

251760]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows

\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R)

Management Engine Components\UNS\UNS.exe [2010-3-12 2314240]
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2010-3-12 9216]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-3-12 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-26 151936]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2009-10-30 244736]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2010-3-12 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-12 236544]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-3-12

946688]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-3-12 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert

\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-5 824688]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework

\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET

\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-17 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG9\Toolbar

\ToolbarBroker.exe [2010-10-26 517448]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files

(x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared

\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-16 50176]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-18 1255736]

=============== Created Last 30 ================

2011-01-14 21:29:18 -------- d-----w- C:\Users\Mandar\AppData\Roaming\Malwarebytes
2011-01-14 21:29:08 38224 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-14 21:29:07 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-01-14 21:29:04 24152 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-01-14 21:29:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-12-23 17:23:47 -------- d-----w- C:\Users\Mandar\AppData\Local\Yahoo!

==================== Find3M ====================

2010-11-04 06:35:53 1194496 ----a-w- C:\windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2010-11-02 05:21:51 982912 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2010-11-02 05:18:59 662528 ----a-w- C:\windows\System32\XpsPrint.dll
2010-11-02 05:18:59 229888 ----a-w- C:\windows\System32\XpsRasterService.dll
2010-11-02 05:18:58 470016 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2010-11-02 05:18:17 524288 ----a-w- C:\windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\windows\System32\schedsvc.dll
2010-11-02 05:12:53 1133568 ----a-w- C:\windows\System32\FntCache.dll
2010-11-02 05:12:25 1540608 ----a-w- C:\windows\System32\DWrite.dll
2010-11-02 05:12:08 1837568 ----a-w- C:\windows\System32\d3d10warp.dll
2010-11-02 05:12:07 320512 ----a-w- C:\windows\System32\d3d10_1core.dll
2010-11-02 05:12:06 902656 ----a-w- C:\windows\System32\d2d1.dll
2010-11-02 05:12:06 197120 ----a-w- C:\windows\System32\d3d10_1.dll
2010-11-02 05:10:47 464384 ----a-w- C:\windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\windows\System32\schtasks.exe
2010-11-02 04:59:08 144384 ----a-w- C:\windows\System32\cdd.dll
2010-11-02 04:41:36 442880 ----a-w- C:\windows\SysWow64\XpsPrint.dll
2010-11-02 04:41:36 283648 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2010-11-02 04:41:36 135168 ----a-w- C:\windows\SysWow64\XpsRasterService.dll
2010-11-02 04:40:36 496128 ----a-w- C:\windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\windows\SysWow64\taskcomp.dll
2010-11-02 04:35:51 1074176 ----a-w- C:\windows\SysWow64\DWrite.dll
2010-11-02 04:35:35 1170944 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2010-11-02 04:35:34 739840 ----a-w- C:\windows\SysWow64\d2d1.dll
2010-11-02 04:35:34 218624 ----a-w- C:\windows\SysWow64\d3d10_1core.dll
2010-11-02 04:35:34 161792 ----a-w- C:\windows\SysWow64\d3d10_1.dll
2010-11-02 04:34:44 192000 ----a-w- C:\windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\windows\SysWow64\schtasks.exe
2010-11-02 02:50:58 258048 ----a-w- C:\windows\System32\drivers\dxgmms1.sys
2010-10-27 05:06:22 2048 ----a-w- C:\windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2010-10-20 05:20:01 46080 ----a-w- C:\windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\windows\SysWow64\atmfd.dll

============= FINISH: 15:45:04.83 ===============


Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/17/2010 1:08:35 AM
System Uptime: 1/14/2011 3:17:46 PM (0 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz | CPU | 2133/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 454 GiB total, 396.814 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 6300 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 6300 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Officejet 6300 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Officejet 6300 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam

==== System Restore Points ===================

RP65: 11/26/2010 4:03:58 PM - Scheduled Checkpoint
RP66: 12/4/2010 2:13:37 AM - Scheduled Checkpoint
RP67: 12/12/2010 10:09:26 PM - Scheduled Checkpoint
RP68: 12/15/2010 12:53:22 PM - Windows Update
RP69: 12/29/2010 1:20:18 PM - Windows Backup
RP70: 1/5/2011 8:32:32 PM - Scheduled Checkpoint
RP71: 1/6/2011 3:16:01 AM - Windows Update
RP72: 1/13/2011 8:00:51 AM - Windows Update

==== Installed Programs ======================

6300
6300_Help
6300Trb
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Amazon Links
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
AVG 9.0
Bejeweled 2 Deluxe
Blackhawk Striker 2
BufferChm
Citrix XenApp Web Plugin
Compatibility Pack for the 2007 Office system
Copy
Definition update for Microsoft Office 2010 (KB982726)
Destinations
DeviceDiscovery
Direct DiscRecorder
DocProc
DVD MovieFactory for TOSHIBA
Facebook Plug-In
Faerie Solitaire
FATE Undiscovered Realms
Fax
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
InterVideo WinDVD BD for TOSHIBA
Java(TM) 6 Update 14
Junk Mail filter update
Malwarebytes' Anti-Malware
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Monopoly
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetZero Launcher
Picasa 3
Polar Bowler
Quickbooks Financial Center
Quicken 2011
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek WLAN Driver
RICOH R5U230 Media Driver ver.2.06.03.02
Scan
Scrabble Plus
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Skype Launcher
SmartWebPrinting
SolutionCenter
Status
Toolbox
Toshiba Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
TrayApp
UnloadSupport
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft OneNote 2010 (KB2433299)
Update for Microsoft Outlook Social Connector (KB2289116)
Virtual Families
Virtual Villagers - The Secret City
Visual C++ 8.0 Runtime Setup Package (x64)
WebReg
WildTangent Games
WildTangent ORB Game Console
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Yahoo! BrowserPlus 2.9.8

==== Event Viewer Messages From Past Week ========

1/14/2011 3:15:57 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated

unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:

Restart the service.

==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================================================

Disable "word wrap" in Notepad, because your logs are hard to read.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
More problems....:(

Thanks so much for responding.

I was trying the steps but having more issues now.
MBRCheck ran okay but I downloaded combofix and then before running it I uninstalled AVG as instructed using the Appremover tool downloaded form the provided link.

It asked to restart after removing AVG and as soon as I restarted I was bombarded with pop-ups about infected files.

Tried running combofix and it does not start.

The popups keep suggesting I enable antivirus but the window looks like malware so am afraid to. Tried to open task manager to kill the process creating these pop-ups ....task manager window shows for a second then closes and another popup says task manager is infected.

Not sure what to do next. Any help is appreciated.
 
Did you read?
NOTE.
If, for some reason, Combofix refuses to run, try one of the following:
.....and so on....
 
Combofix worked

I just panicked with all the pop-ups before.

After opening in Safe mode, everything worked. Thanks:)

Here are the log files:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: INSYDE
System Manufacturer: TOSHIBA
System Product Name: Satellite A505
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 205):
0x03056000 \SystemRoot\system32\ntoskrnl.exe
0x0300D000 \SystemRoot\system32\hal.dll
0x00BBC000 \SystemRoot\system32\kdcom.dll
0x00C0A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C4E000 \SystemRoot\system32\PSHED.dll
0x00C62000 \SystemRoot\system32\CLFS.SYS
0x00CC0000 \SystemRoot\system32\CI.dll
0x00ED5000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F79000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F88000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FDF000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FE8000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E5E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E6A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D80000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E7F000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E99000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00EA0000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x010EC000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x012F4000 \SystemRoot\system32\DRIVERS\atapi.sys
0x012FD000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01327000 \SystemRoot\system32\DRIVERS\msahci.sys
0x01332000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0133D000 \SystemRoot\system32\drivers\fltmgr.sys
0x01389000 \SystemRoot\system32\drivers\fileinfo.sys
0x01414000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0139D000 \SystemRoot\System32\Drivers\msrpc.sys
0x015B7000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x015D1000 \SystemRoot\System32\drivers\pcw.sys
0x015E2000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016B8000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01802000 \SystemRoot\System32\drivers\tcpip.sys
0x017AA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x017F4000 \SystemRoot\system32\DRIVERS\wd.sys
0x01073000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0168B000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x01A63000 \SystemRoot\system32\DRIVERS\tos_sps64.sys
0x01ADD000 \SystemRoot\system32\DRIVERS\Thpevm.SYS
0x01ADF000 \SystemRoot\system32\DRIVERS\thpdrv.sys
0x01AEB000 \SystemRoot\System32\Drivers\spldr.sys
0x01AF3000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B2D000 \SystemRoot\System32\Drivers\mup.sys
0x01B3F000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B48000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01B82000 \SystemRoot\system32\DRIVERS\disk.sys
0x01B98000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01BC8000 \SystemRoot\System32\Drivers\avgrkx64.sys
0x04486000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x044B0000 \SystemRoot\System32\Drivers\Null.SYS
0x044B9000 \SystemRoot\System32\Drivers\Beep.SYS
0x044C0000 \SystemRoot\System32\drivers\vga.sys
0x044CE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x044F3000 \SystemRoot\System32\drivers\watchdog.sys
0x04503000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0450C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04515000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0451E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04529000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0453A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04558000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04565000 \SystemRoot\System32\Drivers\avgtdia.sys
0x045B6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02ECF000 \SystemRoot\system32\drivers\afd.sys
0x02F59000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02F62000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02F88000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02F9E000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02FAD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02FC8000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02E00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02E51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02E5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02E68000 \SystemRoot\System32\drivers\discache.sys
0x02E77000 \SystemRoot\System32\Drivers\dfsc.sys
0x02E95000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02EA6000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x04200000 \SystemRoot\System32\Drivers\avgldx64.sys
0x01A00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02EAE000 \SystemRoot\system32\DRIVERS\TVALZFL.sys
0x02EB5000 \SystemRoot\system32\DRIVERS\FwLnk.sys
0x04A7A000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x0465C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04750000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04796000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x047A7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04600000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x047B8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04A00000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x0526E000 \SystemRoot\system32\DRIVERS\rtl8192se.sys
0x05376000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05383000 \SystemRoot\system32\DRIVERS\risdpe64.sys
0x0539C000 \SystemRoot\system32\DRIVERS\rimspe64.sys
0x05200000 \SystemRoot\system32\DRIVERS\rixdpe64.sys
0x05256000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x053B5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x053D3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05419000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x0546A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0546C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0547B000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x05485000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x05492000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x054B8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x054CE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x054DE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x054F4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05518000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x05524000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x05553000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0556E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0558F000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x055A9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x055AB000 \SystemRoot\system32\DRIVERS\ks.sys
0x055EE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05AC2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05B1C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06203000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05B31000 \SystemRoot\system32\drivers\portcls.sys
0x05B6E000 \SystemRoot\system32\drivers\drmk.sys
0x063F0000 \SystemRoot\system32\drivers\ksthunk.sys
0x05B90000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x05BD1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04247000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x000F0000 \SystemRoot\System32\win32k.sys
0x05BDF000 \SystemRoot\System32\drivers\Dxapi.sys
0x05BEB000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05A00000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05A1D000 \SystemRoot\System32\Drivers\usbvideo.sys
0x063F6000 \SystemRoot\system32\DRIVERS\pgeffect.sys
0x05A4B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05A59000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05A72000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05A7B000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x05A89000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05A96000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00460000 \SystemRoot\System32\TSDDD.dll
0x00720000 \SystemRoot\System32\cdd.dll
0x047DC000 \SystemRoot\system32\drivers\luafv.sys
0x04A3E000 \SystemRoot\system32\drivers\WudfPf.sys
0x05AA4000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02A25000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02A78000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02A8B000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02AA3000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x02AAD000 \SystemRoot\system32\drivers\HTTP.sys
0x02B75000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02B93000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02BAB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03E5C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03EAA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03ECF000 \SystemRoot\system32\drivers\peauth.sys
0x03F75000 \SystemRoot\system32\drivers\regi.sys
0x03F7F000 \SystemRoot\System32\Drivers\secdrv.SYS
0x03F8A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x03FB7000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0889E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08905000 \SystemRoot\System32\DRIVERS\srv.sys
0x08875000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x77300000 \Windows\System32\ntdll.dll
0x48370000 \Windows\System32\smss.exe
0xFF620000 \Windows\System32\apisetschema.dll
0xFFE00000 \Windows\System32\autochk.exe
0xFF5F0000 \Windows\System32\imagehlp.dll
0xFF570000 \Windows\System32\shlwapi.dll
0xFF490000 \Windows\System32\advapi32.dll
0x774D0000 \Windows\System32\psapi.dll
0xFF310000 \Windows\System32\urlmon.dll
0xFF270000 \Windows\System32\clbcatq.dll
0xFF090000 \Windows\System32\setupapi.dll
0xFEE30000 \Windows\System32\iertutil.dll
0xFEE20000 \Windows\System32\lpk.dll
0xFEDD0000 \Windows\System32\ws2_32.dll
0xFE040000 \Windows\System32\shell32.dll
0xFE020000 \Windows\System32\sechost.dll
0x77200000 \Windows\System32\user32.dll
0xFE010000 \Windows\System32\nsi.dll
0x774C0000 \Windows\System32\normaliz.dll
0x770E0000 \Windows\System32\kernel32.dll
0xFDEE0000 \Windows\System32\rpcrt4.dll
0xFDE60000 \Windows\System32\difxapi.dll
0xFDD30000 \Windows\System32\wininet.dll
0xFDCE0000 \Windows\System32\Wldap32.dll
0xFDAD0000 \Windows\System32\ole32.dll
0xFDA30000 \Windows\System32\comdlg32.dll
0xFD9C0000 \Windows\System32\gdi32.dll
0xFD8F0000 \Windows\System32\usp10.dll
0xFD810000 \Windows\System32\oleaut32.dll
0xFD700000 \Windows\System32\msctf.dll
0xFD660000 \Windows\System32\msvcrt.dll
0xFD630000 \Windows\System32\imm32.dll
0xFD5F0000 \Windows\System32\wintrust.dll
0xFD580000 \Windows\System32\KernelBase.dll
0xFD4E0000 \Windows\System32\comctl32.dll
0xFD4A0000 \Windows\System32\cfgmgr32.dll
0xFD480000 \Windows\System32\devobj.dll
0xFD310000 \Windows\System32\crypt32.dll
0xFD300000 \Windows\System32\msasn1.dll
0x762E0000 \Windows\SysWOW64\normaliz.dll

Processes (total 106):
0 System Idle Process
4 System
336 C:\Windows\System32\smss.exe
516 csrss.exe
588 C:\Windows\System32\wininit.exe
608 csrss.exe
616 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
624 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
692 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
728 C:\Windows\System32\services.exe
744 C:\Windows\System32\lsass.exe
752 C:\Windows\System32\lsm.exe
348 C:\Windows\System32\svchost.exe
448 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\winlogon.exe
1136 C:\Windows\System32\svchost.exe
1164 C:\Windows\System32\svchost.exe
1372 C:\Windows\System32\svchost.exe
1508 C:\Windows\System32\svchost.exe
1752 C:\Windows\System32\spoolsv.exe
1780 C:\Windows\System32\svchost.exe
1864 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1940 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
1980 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2024 C:\Windows\System32\svchost.exe
1176 C:\Windows\SysWOW64\svchost.exe
1348 C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
1836 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
2088 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2228 C:\Program Files (x86)\AVG\AVG9\avgam.exe
2340 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
2496 C:\Windows\System32\svchost.exe
2552 C:\Windows\System32\ThpSrv.exe
2580 C:\Windows\System32\TODDSrv.exe
2608 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
2692 C:\Program Files\TOSHIBA\TECO\TecoService.exe
2740 C:\Windows\System32\SearchIndexer.exe
2788 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
2808 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
2920 C:\Windows\System32\taskhost.exe
2996 C:\Windows\System32\dwm.exe
3020 C:\Windows\explorer.exe
1628 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
3552 C:\Windows\System32\svchost.exe
2880 C:\Program Files\Windows Media Player\wmpnetwk.exe
1436 C:\Windows\System32\svchost.exe
3820 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
3068 C:\Windows\System32\igfxtray.exe
4264 C:\Windows\System32\hkcmd.exe
4384 C:\Windows\System32\igfxsrvc.exe
4392 C:\Windows\System32\igfxpers.exe
4480 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
4488 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4496 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
4572 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
4588 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
4636 C:\Program Files\TOSHIBA\TECO\Teco.exe
4684 C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe
4692 C:\Windows\System32\ThpSrv.exe
4736 C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
4752 C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
4816 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
4880 C:\Program Files\Windows Sidebar\sidebar.exe
4996 C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
5004 C:\Windows\System32\StikyNot.exe
5012 C:\Windows\System32\rundll32.exe
5036 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
5064 C:\Windows\SysWOW64\rundll32.exe
4536 C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
5108 C:\Windows\System32\taskeng.exe
3152 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
3304 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
2980 C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
5156 C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
5164 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
5180 C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
5224 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
5300 C:\Program Files (x86)\iTunes\iTunesHelper.exe
5368 C:\Windows\System32\igfxext.exe
5788 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
6068 C:\Program Files (x86)\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe
2912 C:\Program Files\iPod\bin\iPodService.exe
4544 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
4128 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
3892 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
3836 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
5968 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
5548 C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
1684 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
3292 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
4720 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
6148 C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
6172 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
6468 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
7160 C:\Windows\System32\wuauclt.exe
3924 C:\Windows\System32\svchost.exe
3940 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
6580 C:\Program Files (x86)\AVG\AVG9\avgui.exe
2020 C:\Windows\System32\svchost.exe
5640 WmiPrvSE.exe
3300 C:\Windows\System32\audiodg.exe
116 dllhost.exe
6648 dllhost.exe
1960 C:\Users\Mandar\Downloads\MBRCheck.exe
6524 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK5055GSX, Rev: FG001M
PhysicalDrive1 Model Number: ST3250820A, Rev: 3.AA

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61
232 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!



Combofix


ComboFix 11-01-14.01 - Mandar 01/16/2011 10:47:48.1.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.3357 [GMT -6:00]
Running from: c:\users\Mandar\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Mandar\AppData\Local\CRLAuthenticationserv\HandlerapiCtrl.dll

.
((((((((((((((((((((((((( Files Created from 2010-12-16 to 2011-01-16 )))))))))))))))))))))))))))))))
.

2011-01-16 16:51 . 2011-01-16 16:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-15 03:37 . 2010-11-16 18:01 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7BAA8B4-7D1A-4D3F-9E4E-D0A1FDEA0E0F}\mpengine.dll
2011-01-14 21:29 . 2011-01-14 21:29 -------- d-----w- c:\users\Mandar\AppData\Roaming\Malwarebytes
2011-01-14 21:29 . 2010-12-21 00:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-14 21:29 . 2011-01-14 21:29 -------- d-----w- c:\programdata\Malwarebytes
2011-01-14 21:29 . 2011-01-14 21:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-14 21:29 . 2010-12-21 00:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-23 17:23 . 2010-12-23 17:23 -------- d-----w- c:\users\Mandar\AppData\Local\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-04 06:35 . 2010-12-15 03:22 1194496 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 06:31 . 2010-12-15 03:22 57856 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 05:52 . 2010-12-15 03:22 978944 ----a-w- c:\windows\SysWow64\wininet.dll
2010-11-04 05:48 . 2010-12-15 03:22 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16 . 2010-12-15 03:22 482816 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:41 . 2010-12-15 03:22 386048 ----a-w- c:\windows\SysWow64\html.iec
2010-11-04 04:35 . 2010-12-15 03:22 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-04 04:08 . 2010-12-15 03:22 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-11-02 05:18 . 2010-12-15 03:22 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 05:17 . 2010-12-15 03:22 1169408 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 05:17 . 2010-12-15 03:22 473600 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 05:16 . 2010-12-15 03:22 1114624 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 05:10 . 2010-12-15 03:22 464384 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 05:10 . 2010-12-15 03:22 285696 ----a-w- c:\windows\system32\schtasks.exe
2010-11-02 04:40 . 2010-12-15 03:22 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-11-02 04:40 . 2010-12-15 03:22 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34 . 2010-12-15 03:22 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-11-02 04:34 . 2010-12-15 03:22 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2010-10-27 05:06 . 2010-12-15 03:22 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-27 04:32 . 2010-12-15 03:22 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2010-10-20 05:20 . 2010-12-15 03:22 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-10-20 04:54 . 2010-12-15 03:22 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-10-20 03:09 . 2010-12-15 03:22 3124224 ----a-w- c:\windows\system32\win32k.sys
2010-10-20 03:05 . 2010-12-15 03:22 367104 ----a-w- c:\windows\system32\atmfd.dll
2010-10-20 02:58 . 2010-12-15 03:22 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-10-19 16:41 . 2010-05-16 02:00 270720 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-12 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-05 2446648]
"NortonOnlineBackupReminder"="c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 529256]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\Mandar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-28 252784]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-17 135664]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-30 244736]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-31 236544]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 946688]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-05 824688]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-16 50176]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-29 81408]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-05 55808]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-17 06:34]

2011-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-17 06:34]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-14 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-14 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-14 408600]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-03 8312352]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:8075
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Mandar\AppData\Roaming\Mozilla\Firefox\Profiles\yluwv61u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4bef52a0&v=6.010.006.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-HandlerapiCtrl - c:\users\Mandar\AppData\Local\CRLAuthenticationserv\HandlerapiCtrl.dll
Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - %ProgramFiles%\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmartFaceVWatcher - %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-16 10:53:24
ComboFix-quarantined-files.txt 2011-01-16 16:53

Pre-Run: 424,708,734,976 bytes free
Post-Run: 424,522,588,160 bytes free

- - End Of File - - D2F8216CC63ECCA9DF508DCB5CF7B18B
 
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:8075


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back