Browser Hijack. Help!

[hopper]

Hi, Malwarebytes says 0 infections. Google always redirects. Computer seems slow as well.

DDS (Ver_10-10-10.03) - NTFSx86

Run by Matt at 17:29:11.68 on Sun 10/17/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1913.1075 [GMT -7:00]

============== Running Processes ===============

C:\windows\system32\wininit.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\windows\system32\lsm.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\Dwm.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\taskhost.exe

C:\windows\Explorer.EXE

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Windows\System32\igfxpers.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\windows\system32\taskeng.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe

C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe

C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\windows\system32\igfxext.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\taskeng.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\windows\system32\sppsvc.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\Users\Matt\Desktop\dds.scr

C:\windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

uSearch Bar = hxxp://www.google.com/ie

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO

uRun: [Google Update] "c:\users\matt\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [<NO NAME>]

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [sVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL

mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP

mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe

mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60

mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe

mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe

mRun: [seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

Trusted Zone: cinemanow.com

Trusted Zone: qflix.com

Trusted Zone: roxio.com

Trusted Zone: sonic.com\redirect

Trusted Zone: sonic.com\redirect2

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

TCP: {CBFEAFAE-6C4D-4894-8636-F1766E7D8E1C} = 206.13.30.12,206.13.29.12

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: avgrsstx.dll c:\progra~1\google\google~4\GO36F4~1.DLL

LSA: Authentication Packages = msv1_0 relog_ap

mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP

================= FIREFOX ===================

FF - ProfilePath - c:\users\matt\appdata\roaming\mozilla\firefox\profiles\2jens2ao.default\

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\matt\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-25 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-25 29584]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-25 243024]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]

R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]

R2 CinemaNow Service;CinemaNow Service;c:\program files\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2009-6-23 127352]

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]

R2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-2 135664]

R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2009-10-16 431456]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-10-19 167936]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-10-19 376320]

R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-10-19 51512]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-9-17 111960]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-6-25 30192]

S3 RoxMediaDB12;RoxMediaDB12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxMediaDB12.exe [2009-7-24 1116656]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-10-19 171008]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-11 1343400]

=============== Created Last 30 ================

2010-10-17 16:47:19 -------- d-----w- C:\avrescue

2010-10-17 16:21:37 -------- d-----w- c:\program files\Avira

2010-10-17 16:21:37 -------- d-----w- c:\progra~2\Avira

2010-10-17 14:05:37 -------- d-----w- c:\progra~2\Alwil Software

2010-10-17 02:31:58 -------- d-----w- c:\users\matt\appdata\roaming\Warutu

2010-10-17 02:31:58 -------- d-----w- c:\users\matt\appdata\roaming\Peacd

2010-10-17 02:31:46 179 ----a-w- c:\users\matt\appdata\roaming\38865.bat

2010-10-14 13:08:35 -------- d-----w- C:\25a1a4df75d067cb7189974fd9e8

2010-10-06 18:43:29 -------- d-----w- c:\users\matt\appdata\roaming\Malwarebytes

2010-10-06 18:43:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-06 18:43:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-06 18:43:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-06 18:43:22 -------- d-----w- c:\progra~2\Malwarebytes

2010-10-06 17:43:48 -------- d-----w- c:\progra~2\PC Tools

2010-09-29 12:20:02 190976 ----a-w- c:\windows\system32\drivers\ks.sys

2010-09-29 02:30:23 2048 ----a-w- c:\windows\system32\tzres.dll

2010-09-29 02:30:20 13312 ----a-w- c:\program files\internet explorer\iecompat.dll

2010-09-27 15:34:06 -------- d-----w- c:\program files\Lame for Audacity

2010-09-23 15:49:06 -------- d-----w- c:\program files\AnalogX

==================== Find3M ====================

2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll

2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec

2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2010-09-01 02:34:52 2327552 ----a-w- c:\windows\system32\win32k.sys

2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll

2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll

2010-08-29 02:42:00 121332 ----a-w- c:\windows\File Renamer - Basic Uninstaller.exe

2010-08-27 05:46:48 168448 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 04:39:58 109056 ----a-w- c:\windows\system32\t2embed.dll

2010-08-21 05:36:33 738816 ----a-w- c:\windows\system32\wmpmde.dll

2010-08-21 05:36:24 224256 ----a-w- c:\windows\system32\schannel.dll

2010-08-21 05:33:24 530432 ----a-w- c:\windows\system32\comctl32.dll

2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe

2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll

2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll

============= FINISH: 17:30:18.95 ===============

Malwarebytes log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4855

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

10/17/2010 11:11:31 AM

mbam-log-2010-10-17 (11-11-31).txt

Scan type: Quick scan

Objects scanned: 141771

Time elapsed: 8 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Thank you for your time.

Attach.txt

[RPMcMurphy]

Hello and welcome to Malwarebytes. Please follow these guidelines while we work on your PC:

[*]Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I

[hopper]

Hello and welcome to Malwarebytes. Please follow these guidelines while we work on your PC:

[*]Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I

[RPMcMurphy]

hopper:

I'm seeing bits and pieces of Avira, AVG and Norton Internet Security in your logs. Running more than one AV program, or incompletely uninstalling one before installing another, does not offer any more protection and often causes conflicts and slow downs with your computer. Please uninstall all but one of those apps via Control Panel > Add/Remove Programs. Run the removal tool (links below) for whichever app you uninstall also:

AVG Removal Tool

Avira Removal Tool

Norton Removal Tool

Download Combofix from either of the links below, and save it to your desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

• If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  
• When finished, it will produce a report for you.
  

.

Please include the following in your next post:

• ComboFix log
  

[hopper]

Within Control Panel> Add/Remove

I could only find AVG, which I could remove, and the AVG removal tool seemed to work. The other two don't show up in Control Panel > Add/Remove.

[RPMcMurphy]

Just run the removal tool for the others then. We can reinstall a single AV program after we get you cleaned up.

[hopper]

Just run the removal tool for the others then. We can reinstall a single AV program after we get you cleaned up.

The Avira link sends me staight to their front page.

[RPMcMurphy]

OK, we can look into that later; go ahead and run ComboFix now.

[hopper]

OK, we can look into that later; go ahead and run ComboFix now.

Thanks, by the way.

ComboFix 10-10-17.04 - Matt 10/18/2010 13:30:33.2.1 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1913.1166 [GMT -7:00]

Running from: c:\users\Matt\Desktop\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2010-09-18 to 2010-10-18 )))))))))))))))))))))))))))))))

.

2010-10-18 20:36 . 2010-10-18 20:36 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-10-17 16:47 . 2010-10-17 16:47 -------- d-----w- C:\avrescue

2010-10-17 16:21 . 2010-10-17 16:21 -------- d-----w- c:\programdata\Avira

2010-10-17 16:21 . 2010-10-17 16:21 -------- d-----w- c:\program files\Avira

2010-10-17 14:05 . 2010-10-17 14:05 -------- d-----w- c:\programdata\Alwil Software

2010-10-17 14:05 . 2010-10-17 14:05 -------- d-----w- c:\program files\Alwil Software

2010-10-17 02:31 . 2010-10-17 03:35 -------- d-----w- c:\users\Matt\AppData\Roaming\Peacd

2010-10-17 02:31 . 2010-10-17 02:32 -------- d-----w- c:\users\Matt\AppData\Roaming\Warutu

2010-10-17 02:31 . 2010-10-17 02:31 179 ----a-w- c:\users\Matt\AppData\Roaming\38865.bat

2010-10-14 13:08 . 2010-10-14 13:11 -------- d-----w- C:\25a1a4df75d067cb7189974fd9e8

2010-10-06 18:43 . 2010-10-06 18:43 -------- d-----w- c:\users\Matt\AppData\Roaming\Malwarebytes

2010-10-06 18:43 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-06 18:43 . 2010-10-17 17:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-06 18:43 . 2010-10-06 18:43 -------- d-----w- c:\programdata\Malwarebytes

2010-10-06 18:43 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-06 17:43 . 2010-10-06 18:24 -------- d-----w- c:\programdata\PC Tools

2010-09-29 12:20 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys

2010-09-29 02:30 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll

2010-09-29 02:30 . 2010-08-27 05:30 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2010-09-27 15:34 . 2010-09-27 15:34 -------- d-----w- c:\program files\Lame for Audacity

2010-09-23 15:49 . 2010-09-23 15:49 -------- d-----w- c:\program files\AnalogX

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-25 18:33 . 2010-06-25 18:33 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]

"Google Update"="c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-11-26 135664]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-03 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]

"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]

"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]

"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-10-17 1325936]

"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2009-10-17 904840]

"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-10-17 136544]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-25 30192]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 1983816]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]

"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-20 136544]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~4\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-02 135664]

R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-25 30192]

R3 Normandy;Normandy SR2; [x]

R3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-07-24 1116656]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 171008]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-11 1343400]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]

S2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2009-06-24 127352]

S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]

S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [2009-10-17 431456]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-08-13 376320]

S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]

2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe

.

Contents of the 'Scheduled Tasks' folder

2010-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-02 09:46]

2010-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-02 09:46]

2010-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-959857292-2359041806-1909101952-1000Core.job

- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-26 04:27]

2010-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-959857292-2359041806-1909101952-1000UA.job

- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-26 04:27]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

Trusted Zone: cinemanow.com

Trusted Zone: qflix.com

Trusted Zone: roxio.com

Trusted Zone: sonic.com\redirect

Trusted Zone: sonic.com\redirect2

TCP: {CBFEAFAE-6C4D-4894-8636-F1766E7D8E1C} = 206.13.30.12,206.13.29.12

FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\2jens2ao.default\

FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\users\Matt\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(712)

c:\windows\system32\relog_ap.DLL

.

Completion time: 2010-10-18 13:38:36

ComboFix-quarantined-files.txt 2010-10-18 20:38

ComboFix2.txt 2010-10-18 20:14

Pre-Run: 125,964,632,064 bytes free

Post-Run: 125,676,912,640 bytes free

- - End Of File - - 49E91735D402F3EFBA4C8837CDDF95E1

[RPMcMurphy]

hopper:

Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Folder::

Folder::
c:\programdata\Avira
c:\program files\Avira
c:\programdata\Alwil Software
c:\program files\Alwil Software
DirLook::
c:\users\Matt\AppData\Roaming\Peacd
c:\users\Matt\AppData\Roaming\Warutu
C:\25a1a4df75d067cb7189974fd9e8

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

• Click the Update tab
  
• Click Check for Updates
  
• If an update is found, it will download and install the latest version.
  
• The program will close to update and reopen.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:

• ComboFix log
  
• MBAM log
  

[hopper]

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4855

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

10/19/2010 7:57:10 AM

mbam-log-2010-10-19 (07-57-10).txt

Scan type: Quick scan

Objects scanned: 141799

Time elapsed: 6 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

hopper:

Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Folder::

Folder::
c:\programdata\Avira
c:\program files\Avira
c:\programdata\Alwil Software
c:\program files\Alwil Software
DirLook::
c:\users\Matt\AppData\Roaming\Peacd
c:\users\Matt\AppData\Roaming\Warutu
C:\25a1a4df75d067cb7189974fd9e8

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

• Click the Update tab
  
• Click Check for Updates
  
• If an update is found, it will download and install the latest version.
  
• The program will close to update and reopen.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:

• ComboFix log
  
• MBAM log
  

ComboFix 10-10-17.04 - Matt 10/19/2010 7:37.3.1 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1913.885 [GMT -7:00]

Running from: c:\users\Matt\Desktop\ComboFix.exe

Command switches used :: c:\users\Matt\Desktop\CFScript.txt

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Alwil Software

c:\program files\Alwil Software\Avast5\1033\aswClnTg.htm

c:\program files\Alwil Software\Avast5\1033\aswClnTg.txt

c:\program files\Alwil Software\Avast5\1033\aswInfTg.htm

c:\program files\Alwil Software\Avast5\1033\aswInfTg.txt

c:\program files\Alwil Software\Avast5\1033\Avast5_1033.chm

c:\program files\Alwil Software\Avast5\aswRegSvr.exe

c:\program files\Alwil Software\Avast5\aswRunDll.exe

c:\program files\Alwil Software\Avast5\defs\10101700\acshort.map

c:\program files\Alwil Software\Avast5\defs\10101700\certs.map

c:\program files\Alwil Software\Avast5\defs\10101700\db_el.dat

c:\program files\Alwil Software\Avast5\defs\10101700\db_java.dat

c:\program files\Alwil Software\Avast5\defs\10101700\db_java.map

c:\program files\Alwil Software\Avast5\defs\10101700\db_js.dat

c:\program files\Alwil Software\Avast5\defs\10101700\db_js.map

c:\program files\Alwil Software\Avast5\defs\10101700\db_mx4.dat

c:\program files\Alwil Software\Avast5\defs\10101700\db_mx4.map

c:\program files\Alwil Software\Avast5\defs\10101700\db_mx95.dat

c:\program files\Alwil Software\Avast5\defs\10101700\db_mx95.map

c:\program files\Alwil Software\Avast5\defs\10101700\db_o7.dat

c:\program files\Alwil Software\Avast5\defs\10101700\db_o7.map

c:\program files\Alwil Software\Avast5\defs\10101700\db_ob.dat

c:\program files\Alwil Software\Avast5\defs\10101700\db_pe2.dat

c:\program files\Alwil Software\Avast5\defs\10101700\db_swf.dat

c:\program files\Alwil Software\Avast5\defs\10101700\db_swf.map

c:\program files\Alwil Software\Avast5\defs\10101700\db_tx.dat

c:\program files\Alwil Software\Avast5\defs\10101700\db_u.dat

c:\program files\Alwil Software\Avast5\defs\10101700\db_w6.dat

c:\program files\Alwil Software\Avast5\defs\10101700\db_w6.map

c:\program files\Alwil Software\Avast5\defs\10101700\db_wh.dat

c:\program files\Alwil Software\Avast5\defs\10101700\db_xtn.map

c:\program files\Alwil Software\Avast5\defs\10101700\dllcc.dat

c:\program files\Alwil Software\Avast5\defs\10101700\l_idx.map

c:\program files\Alwil Software\Avast5\defs\10101700\l_nmp.map

c:\program files\Alwil Software\Avast5\defs\10101700\list_d.txt

c:\program files\Alwil Software\Avast5\defs\10101700\list_i.txt

c:\program files\Alwil Software\Avast5\defs\10101700\lshe3.map

c:\program files\Alwil Software\Avast5\defs\10101700\s_idx.map

c:\program files\Alwil Software\Avast5\defs\10101700\s_nmp.map

c:\program files\Alwil Software\Avast5\defs\10101700\Sf.bin

c:\program files\Alwil Software\Avast5\defs\10101700\sl_idx.map

c:\program files\Alwil Software\Avast5\defs\10101700\sl_nmp.map

c:\program files\Alwil Software\Avast5\defs\10101700\whitelist.db

c:\program files\Alwil Software\Avast5\flash\amcharts_key.txt

c:\program files\Alwil Software\Avast5\flash\amline.swf

c:\program files\Alwil Software\Avast5\flash\ammap\ammap.swf

c:\program files\Alwil Software\Avast5\flash\ammap\ammap_key.txt

c:\program files\Alwil Software\Avast5\flash\ammap\ammap_settings_summary.xml

c:\program files\Alwil Software\Avast5\flash\ammap\ammap_settings_tracert.xml

c:\program files\Alwil Software\Avast5\flash\ammap\empty_map.xml

c:\program files\Alwil Software\Avast5\flash\ammap\icons\arrow.swf

c:\program files\Alwil Software\Avast5\flash\ammap\icons\bubble.swf

c:\program files\Alwil Software\Avast5\flash\ammap\icons\cross.swf

c:\program files\Alwil Software\Avast5\flash\ammap\icons\flag.swf

c:\program files\Alwil Software\Avast5\flash\ammap\icons\pin.swf

c:\program files\Alwil Software\Avast5\flash\ammap\icons\zoom_out.swf

c:\program files\Alwil Software\Avast5\flash\ammap\maps\world.swf

c:\program files\Alwil Software\Avast5\Setup\servers.def

c:\program files\Alwil Software\Avast5\Setup\servers.def.lkg

c:\program files\Alwil Software\Avast5\Setup\setiface.ovr

c:\program files\Alwil Software\Avast5\Setup\setup.log

c:\program files\Alwil Software\Avast5\Setup\setup.ovr

c:\program files\Alwil Software\Avast5\Setup\summary.txt

c:\program files\Avira

c:\program files\Avira\AntiVir Desktop\about.htm

c:\program files\Avira\AntiVir Desktop\aelidb.dat

c:\program files\Avira\AntiVir Desktop\aeset.dat

c:\program files\Avira\AntiVir Desktop\aevdf.dat

c:\program files\Avira\AntiVir Desktop\alldiscs.avp

c:\program files\Avira\AntiVir Desktop\alldrives.avp

c:\program files\Avira\AntiVir Desktop\antivir.oem

c:\program files\Avira\AntiVir Desktop\antivir0.rdf

c:\program files\Avira\AntiVir Desktop\avconfig.xml

c:\program files\Avira\AntiVir Desktop\avscan.dat

c:\program files\Avira\AntiVir Desktop\avwin.chm

c:\program files\Avira\AntiVir Desktop\build.dat

c:\program files\Avira\AntiVir Desktop\ccplg.xml

c:\program files\Avira\AntiVir Desktop\default.wav

c:\program files\Avira\AntiVir Desktop\eula.txt

c:\program files\Avira\AntiVir Desktop\FAILSAFE\aelidb.dat

c:\program files\Avira\AntiVir Desktop\FAILSAFE\aeset.dat

c:\program files\Avira\AntiVir Desktop\FAILSAFE\aevdf.dat

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase000.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase001.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase002.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase003.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase004.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase005.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase006.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase007.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase008.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase009.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase010.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase011.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase012.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase013.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase014.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase015.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase016.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase017.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase018.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase019.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase020.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase021.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase022.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase023.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase024.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase025.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase026.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase027.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase028.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase029.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase030.vdf

c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase031.vdf

c:\program files\Avira\AntiVir Desktop\gavid.xsl

c:\program files\Avira\AntiVir Desktop\hbedv.key

c:\program files\Avira\AntiVir Desktop\mydocs.avp

c:\program files\Avira\AntiVir Desktop\prefix_msg.avr

c:\program files\Avira\AntiVir Desktop\process.avp

c:\program files\Avira\AntiVir Desktop\prodinfo.dat

c:\program files\Avira\AntiVir Desktop\quicksysscan.avp

c:\program files\Avira\AntiVir Desktop\readme.txt

c:\program files\Avira\AntiVir Desktop\rmdiscs.avp

c:\program files\Avira\AntiVir Desktop\setupprf.dat

c:\program files\Avira\AntiVir Desktop\sweb.zip

c:\program files\Avira\AntiVir Desktop\sysdir.avp

c:\program files\Avira\AntiVir Desktop\sysscan.avp

c:\program files\Avira\AntiVir Desktop\vbase000.vdf

c:\program files\Avira\AntiVir Desktop\vbase001.vdf

c:\program files\Avira\AntiVir Desktop\vbase002.vdf

c:\program files\Avira\AntiVir Desktop\vbase003.vdf

c:\program files\Avira\AntiVir Desktop\vbase004.vdf

c:\program files\Avira\AntiVir Desktop\vbase005.vdf

c:\program files\Avira\AntiVir Desktop\vbase006.vdf

c:\program files\Avira\AntiVir Desktop\vbase007.vdf

c:\program files\Avira\AntiVir Desktop\vbase008.vdf

c:\program files\Avira\AntiVir Desktop\vbase009.vdf

c:\program files\Avira\AntiVir Desktop\vbase010.vdf

c:\program files\Avira\AntiVir Desktop\vbase011.vdf

c:\program files\Avira\AntiVir Desktop\vbase012.vdf

c:\program files\Avira\AntiVir Desktop\vbase013.vdf

c:\program files\Avira\AntiVir Desktop\vbase014.vdf

c:\program files\Avira\AntiVir Desktop\vbase015.vdf

c:\program files\Avira\AntiVir Desktop\vbase016.vdf

c:\program files\Avira\AntiVir Desktop\vbase017.vdf

c:\program files\Avira\AntiVir Desktop\vbase018.vdf

c:\program files\Avira\AntiVir Desktop\vbase019.vdf

c:\program files\Avira\AntiVir Desktop\vbase020.vdf

c:\program files\Avira\AntiVir Desktop\vbase021.vdf

c:\program files\Avira\AntiVir Desktop\vbase022.vdf

c:\program files\Avira\AntiVir Desktop\vbase023.vdf

c:\program files\Avira\AntiVir Desktop\vbase024.vdf

c:\program files\Avira\AntiVir Desktop\vbase025.vdf

c:\program files\Avira\AntiVir Desktop\vbase026.vdf

c:\program files\Avira\AntiVir Desktop\vbase027.vdf

c:\program files\Avira\AntiVir Desktop\vbase028.vdf

c:\program files\Avira\AntiVir Desktop\vbase029.vdf

c:\program files\Avira\AntiVir Desktop\vbase030.vdf

c:\program files\Avira\AntiVir Desktop\vbase031.vdf

c:\program files\Avira\AntiVir Desktop\weblink.url

c:\programdata\Alwil Software

c:\programdata\Alwil Software\Avast5\aswResp.dat

c:\programdata\Alwil Software\Avast5\chest\00000001

c:\programdata\Alwil Software\Avast5\chest\00000002

c:\programdata\Alwil Software\Avast5\chest\00000003

c:\programdata\Alwil Software\Avast5\chest\00000004

c:\programdata\Alwil Software\Avast5\chest\00000005

c:\programdata\Alwil Software\Avast5\chest\index.xml

c:\programdata\Alwil Software\Avast5\db1ca50c2f3773157-d089dac5.dat

c:\programdata\Alwil Software\Avast5\HtmlData\Blocked.htm

c:\programdata\Alwil Software\Avast5\HtmlData\image001.png

c:\programdata\Alwil Software\Avast5\Log.db

c:\programdata\Alwil Software\Avast5\log\AshWebSv.ws

c:\programdata\Alwil Software\Avast5\log\AshWebSv.ws.ori

c:\programdata\Alwil Software\Avast5\log\aswAr.log

c:\programdata\Alwil Software\Avast5\log\aswAr1.log

c:\programdata\Alwil Software\Avast5\log\Chest.log

c:\programdata\Alwil Software\Avast5\log\Mail.log

c:\programdata\Alwil Software\Avast5\log\nshield.log

c:\programdata\Alwil Software\Avast5\log\selfdef.log

c:\programdata\Alwil Software\Avast5\log\Setup.log

c:\programdata\Alwil Software\Avast5\log\usntr.log

c:\programdata\Alwil Software\Avast5\report\BehaviorShield.txt

c:\programdata\Alwil Software\Avast5\report\EmailShield.txt

c:\programdata\Alwil Software\Avast5\report\FileSystemShield.txt

c:\programdata\Alwil Software\Avast5\report\IMShield.txt

c:\programdata\Alwil Software\Avast5\report\NetworkShield.txt

c:\programdata\Alwil Software\Avast5\report\P2PShield.txt

c:\programdata\Alwil Software\Avast5\report\WebShield.txt

c:\programdata\Alwil Software\Avast5\sounds\1033\pup_detected.wav

c:\programdata\Alwil Software\Avast5\sounds\1033\scan_completed.wav

c:\programdata\Alwil Software\Avast5\sounds\1033\suspicious_detected.wav

c:\programdata\Alwil Software\Avast5\sounds\1033\threat_detected.wav

c:\programdata\Alwil Software\Avast5\sounds\1033\virus_db_updated.wav

c:\programdata\Alwil Software\Avast5\sounds\1033\welcome.wav

c:\programdata\Alwil Software\Avast5\sounds\fw_question.wav

c:\programdata\Alwil Software\Avast5\sounds\scan_completed.wav

c:\programdata\Alwil Software\Avast5\sounds\threat_detected.wav

c:\programdata\Alwil Software\Avast5\sounds\virus_db_updated.wav

c:\programdata\Avira

c:\programdata\Avira\AntiVir Desktop\addr_file.html

c:\programdata\Avira\AntiVir Desktop\EVENTDB\avevtdb.dbe

c:\programdata\Avira\AntiVir Desktop\IDX\master.idx

c:\programdata\Avira\AntiVir Desktop\INFECTED\48038c52.qua

c:\programdata\Avira\AntiVir Desktop\INFECTED\491c89a9.qua

c:\programdata\Avira\AntiVir Desktop\INFECTED\4959804b.qua

c:\programdata\Avira\AntiVir Desktop\INFECTED\495f8953.qua

c:\programdata\Avira\AntiVir Desktop\INFECTED\49958985.qua

c:\programdata\Avira\AntiVir Desktop\INFECTED\4ecc8578.qua

c:\programdata\Avira\AntiVir Desktop\INFECTED\5094a999.qua

c:\programdata\Avira\AntiVir Desktop\INFECTED\5102ac4e.qua

c:\programdata\Avira\AntiVir Desktop\INFECTED\518bac62.qua

c:\programdata\Avira\AntiVir Desktop\INFECTED\51c8ac98.qua

c:\programdata\Avira\AntiVir Desktop\INFECTED\565ba0b3.qua

c:\programdata\Avira\AntiVir Desktop\JOBS\AVSCAN-20101017-094719-FE1403FD.avj

c:\programdata\Avira\AntiVir Desktop\JOBS\produpd.avj

c:\programdata\Avira\AntiVir Desktop\JOBS\scanjob.avj

c:\programdata\Avira\AntiVir Desktop\JOBS\startupd.avj

c:\programdata\Avira\AntiVir Desktop\JOBS\updjob.avj

c:\programdata\Avira\AntiVir Desktop\LOGFILES\avguard.log

c:\programdata\Avira\AntiVir Desktop\LOGFILES\AVSCAN-20101017-092509-54262FFE.LOG

c:\programdata\Avira\AntiVir Desktop\LOGFILES\AVSCAN-20101017-092640-5FBBE205.LOG

c:\programdata\Avira\AntiVir Desktop\LOGFILES\AVSCAN-20101017-094427-E8171F59.LOG

c:\programdata\Avira\AntiVir Desktop\LOGFILES\AVSCAN-20101017-094510-ED82639F.LOG

c:\programdata\Avira\AntiVir Desktop\LOGFILES\AVSCAN-20101017-094555-F358A22F.LOG

c:\programdata\Avira\AntiVir Desktop\LOGFILES\AVSCAN-20101017-094635-F867725C.LOG

c:\programdata\Avira\AntiVir Desktop\LOGFILES\sched.log

c:\programdata\Avira\AntiVir Desktop\LOGFILES\setup.log

c:\programdata\Avira\AntiVir Desktop\LOGFILES\Upd-2010-10-17-09-22-20.log

c:\programdata\Avira\AntiVir Desktop\PROFILES\folder.avp

c:\programdata\Avira\AntiVir Desktop\PROFILES\rootkit.avp

c:\programdata\Avira\AntiVir Desktop\REPORTS\60768c87.avl

c:\programdata\Avira\AntiVir Desktop\REPORTS\67cbe18b.avl

c:\programdata\Avira\AntiVir Desktop\REPORTS\6ce6cb58.avl

c:\programdata\Avira\AntiVir Desktop\REPORTS\819293c4.avl

c:\programdata\Avira\AntiVir Desktop\REPORTS\8c80c4b7.avl

c:\programdata\Avira\AntiVir Desktop\REPORTS\8d2e6c76.avl

c:\programdata\Avira\AntiVir Desktop\REPORTS\8ee856da.avl

.

((((((((((((((((((((((((( Files Created from 2010-09-19 to 2010-10-19 )))))))))))))))))))))))))))))))

.

2010-10-19 14:43 . 2010-10-19 14:43 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-10-19 14:35 . 2010-10-19 14:35 -------- d-----w- C:\32788R22FWJFW

2010-10-19 11:10 . 2010-10-18 16:41 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{05F1EC93-71F9-43C8-AB89-3382D3AA0E7A}\mpengine.dll

2010-10-17 16:47 . 2010-10-17 16:47 -------- d-----w- C:\avrescue

2010-10-17 02:31 . 2010-10-17 03:35 -------- d-----w- c:\users\Matt\AppData\Roaming\Peacd

2010-10-17 02:31 . 2010-10-17 02:32 -------- d-----w- c:\users\Matt\AppData\Roaming\Warutu

2010-10-17 02:31 . 2010-10-17 02:31 179 ----a-w- c:\users\Matt\AppData\Roaming\38865.bat

2010-10-14 13:08 . 2010-10-14 13:11 -------- d-----w- C:\25a1a4df75d067cb7189974fd9e8

2010-10-06 18:43 . 2010-10-06 18:43 -------- d-----w- c:\users\Matt\AppData\Roaming\Malwarebytes

2010-10-06 18:43 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-06 18:43 . 2010-10-17 17:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-06 18:43 . 2010-10-06 18:43 -------- d-----w- c:\programdata\Malwarebytes

2010-10-06 18:43 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-06 17:43 . 2010-10-06 18:24 -------- d-----w- c:\programdata\PC Tools

2010-09-29 12:20 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys

2010-09-29 02:30 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll

2010-09-29 02:30 . 2010-08-27 05:30 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2010-09-27 15:34 . 2010-09-27 15:34 -------- d-----w- c:\program files\Lame for Audacity

2010-09-23 15:49 . 2010-09-23 15:49 -------- d-----w- c:\program files\AnalogX

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-25 18:33 . 2010-06-25 18:33 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of C:\25a1a4df75d067cb7189974fd9e8 ----

2010-10-14 13:08 . 2010-10-14 13:08 35385288 ----a-w- c:\25a1a4df75d067cb7189974fd9e8\MRT.exe

---- Directory of c:\users\Matt\AppData\Roaming\Peacd ----

---- Directory of c:\users\Matt\AppData\Roaming\Warutu ----

2010-08-09 16:44 . 2010-10-17 02:32 15294 ----a-w- c:\users\Matt\AppData\Roaming\Warutu\zeab.tmp

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]

"Google Update"="c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-11-26 135664]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-03 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]

"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]

"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]

"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-10-17 1325936]

"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2009-10-17 904840]

"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-10-17 136544]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-25 30192]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 1983816]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]

"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-20 136544]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~4\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-02 135664]

R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-25 30192]

R3 Normandy;Normandy SR2; [x]

R3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-07-24 1116656]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 171008]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-11 1343400]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]

S2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2009-06-24 127352]

S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]

S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [2009-10-17 431456]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-08-13 376320]

S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]

2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe

.

Contents of the 'Scheduled Tasks' folder

2010-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-02 09:46]

2010-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-02 09:46]

2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-959857292-2359041806-1909101952-1000Core.job

- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-26 04:27]

2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-959857292-2359041806-1909101952-1000UA.job

- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-26 04:27]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

Trusted Zone: cinemanow.com

Trusted Zone: qflix.com

Trusted Zone: roxio.com

Trusted Zone: sonic.com\redirect

Trusted Zone: sonic.com\redirect2

TCP: {CBFEAFAE-6C4D-4894-8636-F1766E7D8E1C} = 206.13.30.12,206.13.29.12

FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\2jens2ao.default\

FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\users\Matt\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(712)

c:\windows\system32\relog_ap.DLL

.

Completion time: 2010-10-19 07:45:35

ComboFix-quarantined-files.txt 2010-10-19 14:45

ComboFix2.txt 2010-10-18 20:38

ComboFix3.txt 2010-10-18 20:14

Pre-Run: 126,949,601,280 bytes free

Post-Run: 126,768,566,272 bytes free

- - End Of File - - 02D6ED68B2DB2D3500B5B492E5BC3120

[RPMcMurphy]

hopper:

Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

File::
c:\users\Matt\AppData\Roaming\38865.bat
Folder::
C:\avrescue
c:\users\Matt\AppData\Roaming\Peacd
c:\users\Matt\AppData\Roaming\Warutu

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Java 6 Update 14 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts. If it does not, let me know.

Once the install is complete...

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

• On the General tab, under Temporary Internet Files, click the Settings button.
  
• Next, click on the Delete Files button
  
• There are two options in the window to clear the cache - Leave BOTH Checked
  
  • Applications and Applets
    
  • Trace and Log Files
    

  [*]Click OK on Delete Temporary Files Window

Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

• Click OK to leave the Temporary Files Window
  
• Click OK to leave the Java Control Panel.
  

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
  

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

• Once the update is complete, click on Settings.
  
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • 
    
  • Spyware, adware, dialers, and other riskware
    
  • Archives
    
  • E-mail databases
    

  [*]Click on My Computer under the green Scan bar to the left to start the scan.

  [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

  [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

  [*]Click View report... at the bottom.

  [*] Click the Save report... button.

  [*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Please include the following in your next post:

• ComboFix log
  
• Kaspersky log
  

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!