PDA

View Full Version : Google keeps redirecting me.



PConnolly346
2010-12-17, 15:17
Hey, I'm very new and didn't really know where to turn so I hope I'm doing this right. Google keeps redirecting me to random sites that are not the link I click.

Here is the DDS log:

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Pat at 8:12:45.79 on Fri 12/17/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3964.2454 [GMT -8:00]

AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

============== Running Processes ===============

C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\windows\system32\conhost.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\Pat\Downloads\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com?o=14196&l=dis
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:50370
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.6.22.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
uRun: [MyTOSHIBA] "C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.6.22.dll/206
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll
AppInit_DLLs: C:\windows\system32\Display32.dll,C:\windows\system32\d3d10core32.dll,C:\windows\system32\dhcpcore32.dll,C:\windows\system32\dimsjob32.dll,w5icz1232.dll,C:\windows\system32\cryptxml32.dll,w5icz1232.dllgfg00kx19uv3uz32.dll,C:\windows\system32\Display32.dll9pf5i4phk32.dll,w5icz1232.dllgfg00kx19uv3uz32.dlliq085b32.dll,C:\windows\system32\Display32.dll9pf5i4phk32.dllgkuyuzmv64eyc32.dll,w5icz1232.dllgfg00kx19uv3uz32.dlliq085b32.dllb3p86vm32.dll,C:\windows\system32\Display32.dll9pf5i4phk32.dllgkuyuzmv64eyc32.dll60it814b32.dll,C:\windows\system32\Display32.dll9pf5i4phk32.dllgkuyuzmv64eyc32.dll60it814b32.dllxr7i3ud32.dll,C:\windows\system32\dfscli32.dll,C:\windows\system32\cryptbase32.dll,C:\windows\system32\dhcpcsvc632.dll,C:\windows\system32\d2d132.dll,C:\windows\system32\d2d132.dll7kqotnku32.dll,C:\windows\system32\d2d132.dll7kqotnku32.dll8qicogbhexl0cme32.dll,C:\windows\system32\d2d132.dll7kqotnku32.dll8qicogbhexl0cme32.dllfazx5u12j32.dll,C:\windows\system32\d2d132.dll7kqotnku32.dll8qicogbhexl0cme32.dllfazx5u12j32.dllayi5s23iqy1p32.dll
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe /SETUP
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [(Default)]
mRun-x64: [IgfxTray] C:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\windows\system32\igfxpers.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [ThpSrv] C:\windows\system32\thpsrv /logon
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\3rthz914.default\
FF - prefs.js: network.proxy.type - 4
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\3rthz914.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: XUL Cache: {d848ed34-0405-4006-8642-42c4af85661b} - %profile%\extensions\{d848ed34-0405-4006-8642-42c4af85661b}
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG10\Firefox

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1008000.029\SymEFA64.sys [2010-7-30 402992]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2010-7-20 482384]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-9-7 305232]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-9 382032]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1008000.029\cchpx64.sys [2010-7-30 583296]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100820.001\IDSviA64.sys [2010-8-20 463408]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-11-10 6127184]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2010-7-30 117640]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2010-7-20 60416]
R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2010-7-20 81408]
R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2010-7-20 55808]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 252272]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2010-7-20 9216]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-7-10 139264]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2010-7-20 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-7-20 236544]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-7-20 942080]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-7-20 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\System32\drivers\NISx64\1008000.029\BHDrvx64.sys [2010-7-30 334384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-15 136176]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-23 1255736]

=============== Created Last 30 ================

2010-12-16 00:44:36 -------- d-----w- C:\output media
2010-12-16 00:43:44 -------- d-----w- C:\Program Files (x86)\Free Convert to DIVX AVI WMV MP4 MPEG Converter
2010-12-16 00:43:25 164352 ----a-w- C:\windows\SysWow64\unrar.dll
2010-12-16 00:43:24 860160 ----a-w- C:\windows\SysWow64\lameACM.acm
2010-12-16 00:43:24 755027 ----a-w- C:\windows\SysWow64\xvidcore.dll
2010-12-16 00:43:24 217088 ----a-w- C:\windows\SysWow64\yv12vfw.dll
2010-12-16 00:43:24 118784 ----a-w- C:\windows\SysWow64\ac3acm.acm
2010-12-16 00:43:23 7680 ----a-w- C:\windows\SysWow64\ff_vfw.dll
2010-12-16 00:43:23 159839 ----a-w- C:\windows\SysWow64\xvidvfw.dll
2010-12-16 00:43:22 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2010-12-16 00:43:22 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2010-12-15 18:36:44 19528 ----a-w- C:\windows\System32\drivers\hitmanpro35.sys
2010-12-15 18:36:27 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2010-12-15 18:36:03 -------- d-----w- C:\PROGRA~3\Hitman Pro
2010-12-14 23:50:09 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2010-12-14 23:50:09 2048 ----a-w- C:\windows\System32\tzres.dll
2010-12-14 23:50:02 464384 ----a-w- C:\windows\System32\taskeng.exe
2010-12-14 23:50:02 1169408 ----a-w- C:\windows\System32\taskschd.dll
2010-12-14 23:50:02 1114624 ----a-w- C:\windows\System32\schedsvc.dll
2010-12-14 23:50:01 524288 ----a-w- C:\windows\System32\wmicmiplugin.dll
2010-12-14 23:50:01 496128 ----a-w- C:\windows\SysWow64\taskschd.dll
2010-12-14 23:50:01 473600 ----a-w- C:\windows\System32\taskcomp.dll
2010-12-14 23:50:01 305152 ----a-w- C:\windows\SysWow64\taskcomp.dll
2010-12-14 23:50:01 285696 ----a-w- C:\windows\System32\schtasks.exe
2010-12-14 23:50:01 192000 ----a-w- C:\windows\SysWow64\taskeng.exe
2010-12-14 23:50:01 179712 ----a-w- C:\windows\SysWow64\schtasks.exe
2010-12-10 22:06:20 -------- d-----w- C:\Program Files\PeerBlock
2010-12-02 08:56:40 -------- d-----w- C:\Program Files (x86)\Pazera Toolbar
2010-12-02 08:56:38 -------- d-----w- C:\Program Files (x86)\Free WAV To MP3 Converter
2010-12-02 08:56:31 -------- d-----w- C:\Users\Pat\AppData\Local\TempImages
2010-11-23 22:58:34 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-23 22:58:34 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

==================== Find3M ====================

2010-11-10 06:20:56 382032 ----a-w- C:\windows\System32\drivers\avgtdia.sys
2010-11-04 06:35:53 1194496 ----a-w- C:\windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2010-10-20 05:20:01 46080 ----a-w- C:\windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\windows\SysWow64\atmfd.dll
2010-10-16 05:23:13 112000 ----a-w- C:\windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\windows\SysWow64\webio.dll
2010-10-03 22:12:44 165 ----a-w- C:\Users\Pat\AppData\Roaming\srsf.bat
2010-09-30 00:03:00 161 ----a-w- C:\Users\Pat\AppData\Roaming\jsdfgs.bat

============= FINISH: 8:13:27.59 ===============

Blade81
2010-12-21, 17:58
Hi,

Please post fresh dds logs contents - both dds.txt & attach.txt.

PConnolly346
2010-12-23, 13:20
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Pat at 3:15:34.25 on Thu 12/23/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3964.2323 [GMT -8:00]

AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

============== Running Processes ===============

C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\windows\system32\conhost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\Pat\Downloads\dds(2).scr
C:\windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com?o=14196&l=dis
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:8074
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.6.22.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
uRun: [MyTOSHIBA] "C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
uRun: [yviqqohq] C:\Users\Pat\AppData\Local\Temp\okplvllau\kibytxtlajb.exe
mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.6.22.dll/206
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll
AppInit_DLLs: C:\windows\system32\Display32.dll, C:\windows\system32\d3d10core32.dll, C:\windows\system32\dhcpcore32.dll, C:\windows\system32\dimsjob32.dll, w5icz1232.dll, C:\windows\system32\cryptxml32.dll, w5icz1232.dllgfg00kx19uv3uz32.dll, C:\windows\system32\Display32.dll9pf5i4phk32.dll, w5icz1232.dllgfg00kx19uv3uz32.dlliq085b32.dll, C:\windows\system32\Display32.dll9pf5i4phk32.dllgkuyuzmv64eyc32.dll, w5icz1232.dllgfg00kx19uv3uz32.dlliq085b32.dllb3p86vm32.dll, C:\windows\system32\Display32.dll9pf5i4phk32.dllgkuyuzmv64eyc32.dll60it814b32.dll, C:\windows\system32\Display32.dll9pf5i4phk32.dllgkuyuzmv64eyc32.dll60it814b32.dllxr7i3ud32.dll, C:\windows\system32\dfscli32.dll, C:\windows\system32\cryptbase32.dll, C:\windows\system32\dhcpcsvc632.dll, C:\windows\system32\d2d132.dll, C:\windows\system32\d2d132.dll7kqotnku32.dll, C:\windows\system32\d2d132.dll7kqotnku32.dll8qicogbhexl0cme32.dll, C:\windows\system32\d2d132.dll7kqotnku32.dll8qicogbhexl0cme32.dllfazx5u12j32.dll, C:\windows\system32\d2d132.dll7kqotnku32.dll8qicogbhexl0cme32.dllfazx5u12j32.dllayi5s23iqy1p32.dll
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe /SETUP
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [(Default)]
mRun-x64: [IgfxTray] C:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\windows\system32\igfxpers.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [ThpSrv] C:\windows\system32\thpsrv /logon
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\3rthz914.default\
FF - prefs.js: network.proxy.type - 4
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\3rthz914.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: XUL Cache: {d848ed34-0405-4006-8642-42c4af85661b} - %profile%\extensions\{d848ed34-0405-4006-8642-42c4af85661b}
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG10\Firefox

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1008000.029\SymEFA64.sys [2010-7-30 402992]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2010-7-20 482384]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-9-7 305232]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-9 382032]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1008000.029\cchpx64.sys [2010-7-30 583296]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100820.001\IDSviA64.sys [2010-8-20 463408]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-11-10 6127184]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2010-7-30 117640]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2010-7-20 60416]
R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2010-7-20 81408]
R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2010-7-20 55808]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 252272]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2010-7-20 9216]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-7-10 139264]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-12-10 24176]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2010-7-20 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-7-20 236544]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-7-20 942080]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-7-20 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\System32\drivers\NISx64\1008000.029\BHDrvx64.sys [2010-7-30 334384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-15 136176]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-23 1255736]

=============== Created Last 30 ================

2010-12-16 00:44:36 -------- d-----w- C:\output media
2010-12-16 00:43:44 -------- d-----w- C:\Program Files (x86)\Free Convert to DIVX AVI WMV MP4 MPEG Converter
2010-12-16 00:43:25 164352 ----a-w- C:\windows\SysWow64\unrar.dll
2010-12-16 00:43:24 860160 ----a-w- C:\windows\SysWow64\lameACM.acm
2010-12-16 00:43:24 755027 ----a-w- C:\windows\SysWow64\xvidcore.dll
2010-12-16 00:43:24 217088 ----a-w- C:\windows\SysWow64\yv12vfw.dll
2010-12-16 00:43:24 118784 ----a-w- C:\windows\SysWow64\ac3acm.acm
2010-12-16 00:43:23 7680 ----a-w- C:\windows\SysWow64\ff_vfw.dll
2010-12-16 00:43:23 159839 ----a-w- C:\windows\SysWow64\xvidvfw.dll
2010-12-16 00:43:22 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2010-12-16 00:43:22 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2010-12-15 18:36:44 19528 ----a-w- C:\windows\System32\drivers\hitmanpro35.sys
2010-12-15 18:36:27 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2010-12-15 18:36:03 -------- d-----w- C:\PROGRA~3\Hitman Pro
2010-12-14 23:50:09 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2010-12-14 23:50:09 2048 ----a-w- C:\windows\System32\tzres.dll
2010-12-14 23:50:02 464384 ----a-w- C:\windows\System32\taskeng.exe
2010-12-14 23:50:02 1169408 ----a-w- C:\windows\System32\taskschd.dll
2010-12-14 23:50:02 1114624 ----a-w- C:\windows\System32\schedsvc.dll
2010-12-14 23:50:01 524288 ----a-w- C:\windows\System32\wmicmiplugin.dll
2010-12-14 23:50:01 496128 ----a-w- C:\windows\SysWow64\taskschd.dll
2010-12-14 23:50:01 473600 ----a-w- C:\windows\System32\taskcomp.dll
2010-12-14 23:50:01 305152 ----a-w- C:\windows\SysWow64\taskcomp.dll
2010-12-14 23:50:01 285696 ----a-w- C:\windows\System32\schtasks.exe
2010-12-14 23:50:01 192000 ----a-w- C:\windows\SysWow64\taskeng.exe
2010-12-14 23:50:01 179712 ----a-w- C:\windows\SysWow64\schtasks.exe
2010-12-10 22:06:20 -------- d-----w- C:\Program Files\PeerBlock
2010-12-02 08:56:40 -------- d-----w- C:\Program Files (x86)\Pazera Toolbar
2010-12-02 08:56:38 -------- d-----w- C:\Program Files (x86)\Free WAV To MP3 Converter
2010-12-02 08:56:31 -------- d-----w- C:\Users\Pat\AppData\Local\TempImages
2010-11-23 22:58:34 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-23 22:58:34 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

==================== Find3M ====================

2010-11-30 01:42:06 24152 ----a-w- C:\windows\System32\drivers\mbam.sys
2010-11-10 06:20:56 382032 ----a-w- C:\windows\System32\drivers\avgtdia.sys
2010-11-04 06:35:53 1194496 ----a-w- C:\windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2010-10-20 05:20:01 46080 ----a-w- C:\windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\windows\SysWow64\atmfd.dll
2010-10-16 05:23:13 112000 ----a-w- C:\windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\windows\SysWow64\webio.dll

============= FINISH: 3:17:17.91 ===============



And here is the attach.txt:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/22/2010 7:26:17 PM
System Uptime: 12/22/2010 9:42:10 AM (18 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz | CPU | 1188/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 443 GiB total, 332.455 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP46: 11/17/2010 2:20:36 PM - Scheduled Checkpoint
RP47: 11/20/2010 3:00:11 AM - Windows Update
RP48: 11/28/2010 9:08:51 AM - Scheduled Checkpoint
RP49: 11/29/2010 9:17:39 AM - Removed COMODO Internet Security
RP50: 12/4/2010 3:00:11 AM - Windows Update
RP51: 12/13/2010 3:21:52 AM - Scheduled Checkpoint
RP52: 12/16/2010 3:00:17 AM - Windows Update

==== Installed Programs ======================

7-Zip 4.65
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Apple Application Support
Apple Software Update
Audacity 1.2.6
BitComet 1.22
Comcast Desktop Software (v1.2.0.9)
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 4.0.10.324
Direct DiscRecorder
DivX Setup
DVD MovieFactory for TOSHIBA
ERUNT 1.1j
Free Convert to DIVX AVI WMV MP4 MPEG Converter 5.8
Free WAV To MP3 Converter 2.1
FrostWire 4.20.9
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
Java(TM) 6 Update 14
Junk Mail filter update
K-Lite Codec Pack 4.0.0 (Full)
Malwarebytes' Anti-Malware
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6.13)
MSVCRT
MyToshiba
NetZero Launcher
Norton Internet Security
Quickbooks Financial Center
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek WLAN Driver
RICOH R5U230 Media Driver ver.2.06.03.02
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Skype Launcher
Skype Toolbars
Skype™ 4.2
Toshiba Application Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Online Backup
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
VC80CRTRedist - 8.0.50727.4053
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.2
WildTangent Games
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver

==== Event Viewer Messages From Past Week ========

12/21/2010 7:15:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 SYMTDI

==== End Of File ===========================



Thank You

Blade81
2010-12-23, 15:07
Hi,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitComet
FrostWire


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please uninstall the programs listed above (in red).


You seem to have both Norton and AVG installed there. Decide which one to keep (and which license you have valid).


Please download MBRCheck (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log in your reply.

PConnolly346
2010-12-24, 10:33
Done,


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: INSYDE
System Manufacturer: TOSHIBA
System Product Name: Satellite A505
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 163):
0x02C11000 \SystemRoot\system32\ntoskrnl.exe
0x031ED000 \SystemRoot\system32\hal.dll
0x00B9A000 \SystemRoot\system32\kdcom.dll
0x00C22000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C66000 \SystemRoot\system32\PSHED.dll
0x00C7A000 \SystemRoot\system32\CLFS.SYS
0x00CD8000 \SystemRoot\system32\CI.dll
0x00EBC000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F60000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F6F000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FC6000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FCF000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E5E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E6A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D98000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E7F000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E99000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00EA0000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x01072000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x0118E000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01197000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x011C1000 \SystemRoot\system32\DRIVERS\msahci.sys
0x011CC000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01214000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01446000 \SystemRoot\System32\Drivers\msrpc.sys
0x014A4000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014BE000 \SystemRoot\System32\Drivers\cng.sys
0x01531000 \SystemRoot\System32\drivers\pcw.sys
0x01542000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016DC000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01801000 \SystemRoot\System32\drivers\tcpip.sys
0x0168B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0154C000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x016D5000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x01AD7000 \SystemRoot\system32\DRIVERS\tos_sps64.sys
0x01B51000 \SystemRoot\system32\DRIVERS\Thpevm.SYS
0x01B53000 \SystemRoot\system32\DRIVERS\thpdrv.sys
0x01B5F000 \SystemRoot\System32\Drivers\spldr.sys
0x01B67000 \SystemRoot\System32\drivers\rdyboost.sys
0x01BA1000 \SystemRoot\System32\Drivers\mup.sys
0x01BB3000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01BBC000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01A00000 \SystemRoot\system32\DRIVERS\disk.sys
0x01A16000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01A46000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
0x01A50000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x02E00000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02E2A000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
0x02E39000 \SystemRoot\System32\Drivers\Null.SYS
0x02E42000 \SystemRoot\System32\Drivers\Beep.SYS
0x02E49000 \SystemRoot\System32\drivers\vga.sys
0x02E57000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02E7C000 \SystemRoot\System32\drivers\watchdog.sys
0x02E8C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02E95000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02E9E000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02EA7000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02FEF000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01A68000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02EB2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01598000 \SystemRoot\system32\DRIVERS\avgtdia.sys
0x01A86000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03C29000 \SystemRoot\system32\drivers\afd.sys
0x03CB3000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03CBC000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03CE2000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03CF8000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03D07000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03D22000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03D36000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03D87000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03D93000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03D9E000 \SystemRoot\System32\drivers\discache.sys
0x03DAD000 \SystemRoot\System32\Drivers\dfsc.sys
0x03DCB000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03ECF000 \SystemRoot\system32\DRIVERS\avgldx64.sys
0x03F1E000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03F44000 \SystemRoot\system32\DRIVERS\TVALZFL.sys
0x03F4B000 \SystemRoot\system32\DRIVERS\FwLnk.sys
0x03F53000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03F69000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0405B000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x04A31000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04B25000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04B6B000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04B78000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04BCE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04A00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04763000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04C74000 \SystemRoot\system32\DRIVERS\rtl8192se.sys
0x04D7B000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04D88000 \SystemRoot\system32\DRIVERS\risdpe64.sys
0x04DA1000 \SystemRoot\system32\DRIVERS\rimspe64.sys
0x04C00000 \SystemRoot\system32\DRIVERS\rixdpe64.sys
0x04C56000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04DBA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x047A1000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x04DC9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04DCB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04DDA000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x04DE4000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04BDF000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x047EA000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04000000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04DF1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04024000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03F6E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03F89000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03FAA000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03FC4000 \SystemRoot\System32\Drivers\pcouffin.sys
0x04DFD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03E00000 \SystemRoot\system32\DRIVERS\ks.sys
0x03E43000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03E55000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03EAF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05E0B000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x01400000 \SystemRoot\system32\drivers\portcls.sys
0x03FD9000 \SystemRoot\system32\drivers\drmk.sys
0x05FEA000 \SystemRoot\system32\drivers\ksthunk.sys
0x03C00000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x03DDC000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x017CE000 \SystemRoot\System32\Drivers\usbvideo.sys
0x05FF0000 \SystemRoot\system32\DRIVERS\pgeffect.sys
0x04BEF000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02EBF000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x02FDB000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000C0000 \SystemRoot\System32\win32k.sys
0x04A24000 \SystemRoot\System32\drivers\Dxapi.sys
0x01A5A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00480000 \SystemRoot\System32\TSDDD.dll
0x00780000 \SystemRoot\System32\cdd.dll
0x013B7000 \SystemRoot\system32\drivers\luafv.sys
0x013DA000 \SystemRoot\system32\drivers\WudfPf.sys
0x011D7000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0268E000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x026E1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x026F4000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0270C000 \SystemRoot\system32\drivers\HTTP.sys
0x027D4000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02600000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02618000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02ABA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02B08000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x02B2B000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0x02B37000 \SystemRoot\system32\drivers\peauth.sys
0x02BDD000 \SystemRoot\System32\Drivers\secdrv.SYS
0x02A00000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x02A2D000 \SystemRoot\System32\drivers\tcpipreg.sys
0x02A3F000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x07C3A000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07CA1000 \SystemRoot\System32\DRIVERS\srv.sys
0x07DA8000 \??\C:\Program Files\PeerBlock\pbfilter.sys
0x77940000 \Windows\System32\ntdll.dll
0x481F0000 \Windows\System32\smss.exe
0xFFC60000 \Windows\System32\apisetschema.dll

Processes (total 88):
0 System Idle Process
4 System
316 C:\Windows\System32\smss.exe
456 C:\PROGRA~2\AVG\AVG10\avgchsva.exe
672 csrss.exe
736 csrss.exe
744 C:\Windows\System32\wininit.exe
788 C:\Windows\System32\services.exe
808 C:\Windows\System32\lsass.exe
820 C:\Windows\System32\lsm.exe
936 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\winlogon.exe
436 C:\Windows\System32\svchost.exe
700 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1236 C:\Windows\System32\svchost.exe
1476 C:\Windows\System32\dwm.exe
1484 C:\Windows\System32\spoolsv.exe
1512 C:\Windows\System32\svchost.exe
1540 C:\Windows\explorer.exe
1612 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1656 C:\Windows\System32\taskhost.exe
1740 C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
1808 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1840 C:\Windows\System32\svchost.exe
1904 C:\Windows\System32\svchost.exe
1940 C:\Windows\System32\ThpSrv.exe
1980 C:\Windows\System32\TODDSrv.exe
2012 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
1132 C:\Program Files\TOSHIBA\TECO\TecoService.exe
2084 C:\Windows\System32\SearchIndexer.exe
2316 C:\Windows\System32\igfxtray.exe
2332 C:\Windows\System32\hkcmd.exe
2380 C:\Windows\System32\igfxpers.exe
2420 C:\Windows\System32\igfxsrvc.exe
2480 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2492 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2500 C:\Windows\System32\ThpSrv.exe
2672 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
2916 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
2924 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
2944 C:\Program Files\TOSHIBA\TECO\Teco.exe
3032 C:\Program Files\Windows Sidebar\sidebar.exe
1068 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
2780 C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
3108 C:\Program Files (x86)\AVG\AVG10\avgemca.exe
3128 C:\Windows\System32\conhost.exe
3404 C:\Windows\System32\igfxext.exe
3492 C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
3516 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
3544 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
3560 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3676 C:\Program Files (x86)\AVG\AVG10\avgtray.exe
3864 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
3896 C:\Windows\System32\conhost.exe
4024 C:\Program Files\iPod\bin\iPodService.exe
4040 C:\Windows\System32\taskeng.exe
4004 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4084 C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
4180 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
4728 C:\Program Files\Windows Media Player\wmpnetwk.exe
5004 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4860 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
4220 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
1988 C:\Program Files (x86)\BitComet\BitComet.exe
4708 C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
4832 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
3892 C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
4684 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
4996 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
4984 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
880 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
5352 C:\Windows\System32\svchost.exe
5868 C:\PROGRA~2\AVG\AVG10\avgrsa.exe
4400 C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
3588 C:\Program Files\PeerBlock\peerblock.exe
3840 C:\Windows\servicing\TrustedInstaller.exe
5988 C:\Windows\System32\wuauclt.exe
4324 C:\Windows\System32\audiodg.exe
3428 C:\Windows\System32\SearchProtocolHost.exe
3472 C:\Windows\System32\SearchFilterHost.exe
5496 C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
5812 dllhost.exe
1648 dllhost.exe
4216 C:\Users\Pat\Downloads\MBRCheck(2).exe
5836 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK5055GSX, Rev: FG001M

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61


Done!

Blade81
2010-12-24, 18:58
Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

PConnolly346
2010-12-24, 21:45
ComboFix 10-12-24.01 - Pat 12/24/2010 14:27:38.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3964.2945 [GMT -8:00]
Running from: c:\users\Pat\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Pat\AppData\Local\{BF7D16F3-4026-4BC6-AAC7-E9D0B2047D01}
c:\users\Pat\AppData\Local\{BF7D16F3-4026-4BC6-AAC7-E9D0B2047D01}\chrome\content\overlay.xul
c:\users\Pat\AppData\Local\{BF7D16F3-4026-4BC6-AAC7-E9D0B2047D01}\install.rdf
c:\users\Pat\AppData\Roaming\inst.exe
c:\users\Pat\AppData\Roaming\jsdfgs.bat
c:\users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\3rthz914.default\extensions\{d848ed34-0405-4006-8642-42c4af85661b}
c:\users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\3rthz914.default\extensions\{d848ed34-0405-4006-8642-42c4af85661b}\chrome.manifest
c:\users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\3rthz914.default\extensions\{d848ed34-0405-4006-8642-42c4af85661b}\chrome\xulcache.jar
c:\users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\3rthz914.default\extensions\{d848ed34-0405-4006-8642-42c4af85661b}\defaults\preferences\xulcache.js
c:\users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\3rthz914.default\extensions\{d848ed34-0405-4006-8642-42c4af85661b}\install.rdf
c:\users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\p40izzk4.default\extensions\{d848ed34-0405-4006-8642-42c4af85661b}
c:\users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\p40izzk4.default\extensions\{d848ed34-0405-4006-8642-42c4af85661b}\chrome.manifest
c:\users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\p40izzk4.default\extensions\{d848ed34-0405-4006-8642-42c4af85661b}\chrome\xulcache.jar
c:\users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\p40izzk4.default\extensions\{d848ed34-0405-4006-8642-42c4af85661b}\defaults\preferences\xulcache.js
c:\users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\p40izzk4.default\extensions\{d848ed34-0405-4006-8642-42c4af85661b}\install.rdf
c:\users\Pat\AppData\Roaming\srsf.bat

.
((((((((((((((((((((((((( Files Created from 2010-11-24 to 2010-12-24 )))))))))))))))))))))))))))))))
.

2010-12-24 22:31 . 2010-12-24 22:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-24 09:28 . 2010-11-02 04:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-12-23 16:59 . 2010-12-23 16:59 -------- d-----w- c:\users\Pat\AppData\Local\ElevatedDiagnostics
2010-12-16 07:22 . 2010-12-16 07:22 -------- d-----w- c:\users\Pat\AppData\Roaming\Media Player Classic
2010-12-16 00:44 . 2010-12-16 00:45 -------- d-----w- C:\output media
2010-12-16 00:43 . 2007-09-04 16:56 164352 ----a-w- c:\windows\SysWow64\unrar.dll
2010-12-16 00:43 . 2008-07-04 06:34 860160 ----a-w- c:\windows\SysWow64\lameACM.acm
2010-12-16 00:43 . 2008-01-10 12:15 755027 ----a-w- c:\windows\SysWow64\xvidcore.dll
2010-12-16 00:43 . 2007-09-21 00:52 118784 ----a-w- c:\windows\SysWow64\ac3acm.acm
2010-12-16 00:43 . 2004-01-25 16:18 217088 ----a-w- c:\windows\SysWow64\yv12vfw.dll
2010-12-16 00:43 . 2008-06-12 18:36 7680 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2010-12-16 00:43 . 2008-01-10 12:16 159839 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2010-12-16 00:43 . 2004-01-11 22:00 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2010-12-16 00:39 . 2010-12-16 00:39 -------- d-----w- c:\users\Pat\AppData\Roaming\Ulead Systems
2010-12-15 18:36 . 2010-12-15 18:36 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-12-15 18:36 . 2010-12-15 18:36 -------- d-----w- c:\programdata\Hitman Pro
2010-12-10 22:06 . 2010-12-24 21:45 -------- d-----w- c:\program files\PeerBlock
2010-12-02 08:56 . 2010-12-02 08:56 -------- d-----w- c:\users\Pat\AppData\Local\TempImages

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
"Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-07-21 1293624]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-07-21 141608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-15 136176]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-11 252272]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 139264]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-07-21 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-23 1255736]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-29 81408]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-05 55808]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-31 236544]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-27 942080]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-15 16:05]

2010-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-15 16:05]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 709976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com?o=14196&l=dis
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:8074
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\3rthz914.default\
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - %ProgramFiles%\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmartFaceVWatcher - %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-12-24 14:36:06
ComboFix-quarantined-files.txt 2010-12-24 22:36

Pre-Run: 354,237,452,288 bytes free
Post-Run: 353,935,622,144 bytes free

- - End Of File - - BD36A173FBCFC5CDDA6CC177C60C43A1




DDS FILE:

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Pat at 14:43:21.38 on Fri 12/24/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3964.2827 [GMT -8:00]

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Windows\System32\igfxtray.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\system32\sppsvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\SearchFilterHost.exe
\\?\C:\windows\system32\wbem\WMIADAP.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\Pat\Downloads\dds.scr
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
C:\windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com?o=14196&l=dis
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:8074
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [MyTOSHIBA] "C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO
uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe /SETUP
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
mRun-x64: [IgfxTray] C:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\windows\system32\igfxpers.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [ThpSrv] C:\windows\system32\thpsrv /logon
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\3rthz914.default\
FF - prefs.js: network.proxy.type - 4
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2010-7-20 482384]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2010-7-20 60416]
R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2010-7-20 81408]
R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2010-7-20 55808]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 252272]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2010-7-20 9216]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-7-10 139264]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2010-7-20 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-7-20 236544]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-7-20 942080]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-7-20 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-15 136176]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-23 1255736]

=============== Created Last 30 ================

2010-12-24 22:39:09 -------- d-sh--w- C:\$RECYCLE.BIN
2010-12-24 22:26:39 98816 ----a-w- C:\windows\sed.exe
2010-12-24 22:26:39 89088 ----a-w- C:\windows\MBR.exe
2010-12-24 22:26:39 256512 ----a-w- C:\windows\PEV.exe
2010-12-24 22:26:39 161792 ----a-w- C:\windows\SWREG.exe
2010-12-23 16:59:37 -------- d-----w- C:\Users\Pat\AppData\Local\ElevatedDiagnostics
2010-12-16 00:44:36 -------- d-----w- C:\output media
2010-12-16 00:43:44 -------- d-----w- C:\Program Files (x86)\Free Convert to DIVX AVI WMV MP4 MPEG Converter
2010-12-16 00:43:25 164352 ----a-w- C:\windows\SysWow64\unrar.dll
2010-12-16 00:43:24 860160 ----a-w- C:\windows\SysWow64\lameACM.acm
2010-12-16 00:43:24 755027 ----a-w- C:\windows\SysWow64\xvidcore.dll
2010-12-16 00:43:24 217088 ----a-w- C:\windows\SysWow64\yv12vfw.dll
2010-12-16 00:43:24 118784 ----a-w- C:\windows\SysWow64\ac3acm.acm
2010-12-16 00:43:23 7680 ----a-w- C:\windows\SysWow64\ff_vfw.dll
2010-12-16 00:43:23 159839 ----a-w- C:\windows\SysWow64\xvidvfw.dll
2010-12-16 00:43:22 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2010-12-16 00:43:22 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2010-12-15 18:36:44 19528 ----a-w- C:\windows\System32\drivers\hitmanpro35.sys
2010-12-15 18:36:27 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2010-12-15 18:36:03 -------- d-----w- C:\PROGRA~3\Hitman Pro
2010-12-10 22:06:20 -------- d-----w- C:\Program Files\PeerBlock
2010-12-02 08:56:40 -------- d-----w- C:\Program Files (x86)\Pazera Toolbar
2010-12-02 08:56:38 -------- d-----w- C:\Program Files (x86)\Free WAV To MP3 Converter
2010-12-02 08:56:31 -------- d-----w- C:\Users\Pat\AppData\Local\TempImages

==================== Find3M ====================

2010-11-04 06:35:53 1194496 ----a-w- C:\windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2010-11-02 05:18:17 524288 ----a-w- C:\windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\windows\System32\schtasks.exe
2010-11-02 04:40:36 496128 ----a-w- C:\windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\windows\SysWow64\schtasks.exe
2010-10-27 05:06:22 2048 ----a-w- C:\windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2010-10-20 05:20:01 46080 ----a-w- C:\windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\windows\SysWow64\atmfd.dll
2010-10-16 05:23:13 112000 ----a-w- C:\windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\windows\SysWow64\webio.dll

============= FINISH: 14:44:13.71 ===============

Blade81
2010-12-25, 11:11
Hi again,


Open notepad and copy/paste the text in the quotebox below into it:



DDS::
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:8074
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (9.4 + 9.4.1 update or Adobe Reader X if offered) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 23 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u23-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is not checked.
Click Scan
Wait for the scan to finish.



Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log. Does redirecting still happen?

Blade81
2010-12-30, 09:30
Still there?

Blade81
2011-01-05, 08:05
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.