[Closed] Google redirect to 7search.com and other malicious sites

Status
Not open for further replies.

mitdrissia

Posts: 27   +0
Hi,

I have a problem.
I scanned my computer with malwarebyte,Spybot,Superantispyware and iobit 360 for malware/spyware.Nothing found.I scanned with mcafee for viruses also nothing found. I did an online scan with eset nod 32 and it found 3 threats in sun java.I deleted it and later on I restored it because I dont think those are malware.

Most of the time when I search on google I get a redirect to mostly 7search.com and other related sites. I even get a popup that says that I have viruses and malware and I should click on ok to scan my computer.It start automatically.I never clicked on Start. this is malware right?
How can I remove this.I attached the eset log file

Ps I also get black backgrounds when I click on many software.I just clicked on windows live messenger and when I do that I get black background and then it start.This is almost with any program I start.
 

Attachments

  • esetvirusscan812.txt
    450 bytes · Views: 2
Welcome to TechSpot.

If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
 
ok i will follow all 8 steps and then send reply.No attachment just copy paste.Thats fine.i will let you know asap
thanks
 
-McAfee: no virusses or malware found. Could not find log, only print out details but i dont have printer.

-Downloaded TFC.

-Malwarebytes' Anti-Malware: Could not find any malware. No logs found even not on the 2 places were it downloads log.

-Gmer was empty. Log file is empty so nothing to copy paste.

-DDS:


DDS (Ver_10-12-05.01) - NTFS_AMD64
Run by mitdrissia at 19:50:12,22 on wo 08-12-2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.2997.1619 [GMT 1:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\IObit\IObit Security 360\is360.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Users\mitdrissia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NMF6LSRJ\dds[1].scr
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101105203510.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: af0.Adblock.BHO: {90eff544-3981-4d46-85c9-c0361d0931d6} - mscoree.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: SQplus: {ccf078ee-b071-4c40-9e57-f7b5962e8c95} - C:\Program Files (x86)\SeoQuake\SQplus.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: SeoQuake: {9c590067-8a6a-4db6-b052-069283790b04} - C:\Program Files (x86)\SeoQuake\SeoQuake.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: SeoQuake: {9c590067-8a6a-4db6-b052-069283790b04} - C:\Program Files (x86)\SeoQuake\SeoQuake.dll
uRun: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [IObit Security 360] "C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe" /autostart
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
StartupFolder: C:\Users\MITDRI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/nl-nl/wlscctrl2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
{27B4851A-3207-45A2-B947-BE8AFE6163AB}
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
mRun-x64: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\MITDRI~1\AppData\Roaming\Mozilla\Firefox\Profiles\b6vwscsz.default\
FF - prefs.js: browser.search.selectedEngine - Secure-zoeken
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: C:\Users\mitdrissia\AppData\Roaming\Mozilla\Firefox\Profiles\b6vwscsz.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\mitdrissia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor
FF - Extension: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - C:\Users\MITDRI~1\AppData\Roaming\Mozilla\Firefox\Profiles\b6vwscsz.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Extension: Firebug: firebug@software.joehewitt.com - C:\Users\MITDRI~1\AppData\Roaming\Mozilla\Firefox\Profiles\b6vwscsz.default\extensions\firebug@software.joehewitt.com
FF - Extension: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - C:\Users\MITDRI~1\AppData\Roaming\Mozilla\Firefox\Profiles\b6vwscsz.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;C:\WINDOWS\System32\drivers\mfehidk.sys [2010-1-6 529128]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\WINDOWS\System32\drivers\mfewfpk.sys [2010-1-6 283360]
R0 PxHlpa64;PxHlpa64;C:\WINDOWS\System32\drivers\PxHlpa64.sys [2010-6-3 55856]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\WINDOWS\System32\drivers\stdflt.sys [2010-6-3 18792]
R1 mfenlfk;McAfee NDIS Light Filter;C:\WINDOWS\System32\drivers\mfenlfk.sys [2010-1-6 75032]
R1 vwififlt;Virtual WiFi Filter Driver;C:\WINDOWS\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AESTFilters;Andrea ST Filters Service;C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-5-4 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2010-5-4 202752]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-6-3 60928]
R2 IS360service;IS360service;C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe [2010-11-5 312152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-11-4 355440]
R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-11-4 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-11-4 355440]
R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-11-4 355440]
R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-6-3 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-6-3 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-6-3 149032]
R2 rimspci;rimspci;C:\WINDOWS\System32\drivers\rimspe64.sys [2010-5-4 60416]
R2 risdpcie;risdpcie;C:\WINDOWS\System32\drivers\risdpe64.sys [2010-5-4 80896]
R2 rixdpcie;rixdpcie;C:\WINDOWS\System32\drivers\rixdpe64.sys [2010-5-4 55808]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-30 1153368]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-6-3 689472]
R3 Acceler;Accelerometer Service;C:\WINDOWS\System32\drivers\Acceler.sys [2010-5-4 23912]
R3 cfwids;McAfee Inc. cfwids;C:\WINDOWS\System32\drivers\cfwids.sys [2010-1-6 62800]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\WINDOWS\System32\drivers\CtClsFlt.sys [2010-6-3 172704]
R3 HECIx64;Intel(R) Management Engine Interface;C:\WINDOWS\System32\drivers\HECIx64.sys [2010-5-4 56344]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\WINDOWS\System32\drivers\mfeavfk.sys [2010-1-6 190136]
R3 mfefirek;McAfee Inc. mfefirek;C:\WINDOWS\System32\drivers\mfefirek.sys [2010-1-6 441328]
R3 RTL8167;Realtek 8167 NT Driver;C:\WINDOWS\System32\drivers\Rt64win7.sys [2010-5-4 239616]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2009-10-12 9968]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2009-10-12 74480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 mferkdet;McAfee Inc. mferkdet;C:\WINDOWS\System32\drivers\mferkdet.sys [2010-1-6 94864]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-10-12 7408]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\WINDOWS\System32\Wat\WatAdminSvc.exe [2010-11-5 1255736]
S4 McOobeSv;McAfee OOBE Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-11-4 355440]

=============== Created Last 30 ================

2010-12-08 11:22:05 -------- d-----w- C:\Program Files (x86)\ESET
2010-12-07 15:48:32 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{9E195CD9-2B42-4068-9E1E-1AC4161E5971}\mpengine.dll
2010-12-02 19:15:05 -------- d-----w- C:\Users\MITDRI~1\AppData\Roaming\Windows Live Writer
2010-12-02 19:15:05 -------- d-----w- C:\Users\MITDRI~1\AppData\Local\Windows Live Writer
2010-12-01 22:52:45 -------- d-----w- C:\Users\MITDRI~1\AppData\Local\Apple
2010-12-01 22:20:56 -------- d-----w- C:\Users\MITDRI~1\AppData\Roaming\Unity
2010-12-01 22:17:31 -------- d-----w- C:\Users\MITDRI~1\AppData\Roaming\PACE Anti-Piracy
2010-12-01 22:17:31 -------- d-----w- C:\Users\MITDRI~1\AppData\Local\PACE Anti-Piracy
2010-12-01 22:17:31 -------- d-----w- C:\PROGRA~3\PACE Anti-Piracy
2010-12-01 22:11:16 -------- d-----w- C:\Users\MITDRI~1\AppData\Local\Unity
2010-12-01 22:09:41 -------- d-----w- C:\Program Files (x86)\The Game Creators
2010-12-01 22:07:38 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2010-12-01 22:07:38 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2010-12-01 22:07:38 176128 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2010-12-01 22:07:37 77824 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2010-12-01 22:07:33 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2010-12-01 22:05:47 -------- d-----w- C:\Program Files (x86)\Unity
2010-11-30 21:39:48 -------- d-----w- C:\b908b950d45b6e9aa514
2010-11-30 12:56:15 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-11-30 12:56:15 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-11-24 10:31:21 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-24 10:31:21 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-22 18:55:17 -------- d-----w- C:\Windows\SysWow64\Adobe
2010-11-21 20:19:09 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2010-11-21 18:09:01 -------- d-----w- C:\Windows\nl
2010-11-21 18:04:18 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2010-11-21 18:04:18 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2010-11-21 18:04:18 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2010-11-21 18:04:18 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2010-11-21 18:02:54 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4f0bed0f1cb89a62d\InstallManager_WLE_WLE.exe
2010-11-21 18:02:13 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\38381acf1cb89a622\MeshBetaRemover.exe
2010-11-21 18:01:48 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2a21d6101cb89a61a\DSETUP.dll
2010-11-21 18:01:48 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2a21d6101cb89a61a\DXSETUP.exe
2010-11-21 18:01:48 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2a21d6101cb89a61a\dsetup32.dll
2010-11-21 18:01:45 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\27a3e5461cb89a619\DSETUP.dll
2010-11-21 18:01:45 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\27a3e5461cb89a619\DXSETUP.exe
2010-11-21 18:01:45 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\27a3e5461cb89a619\dsetup32.dll
2010-11-21 18:00:14 -------- d-----w- C:\Users\MITDRI~1\AppData\Local\Windows Live
2010-11-21 17:59:11 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-11-21 17:59:11 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-11-21 17:59:10 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-11-21 17:59:09 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-11-21 17:59:09 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-11-21 17:59:09 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-11-21 17:59:08 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2010-11-19 09:04:35 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-11-18 13:35:31 -------- d-----w- C:\Users\MITDRI~1\AppData\Roaming\PSpad
2010-11-18 13:35:24 -------- d-----w- C:\Program Files (x86)\PSPad editor
2010-11-18 11:02:55 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-17 22:23:52 -------- d-----w- C:\Program Files (x86)\AdblockIE
2010-11-17 19:35:52 -------- d-----w- C:\Users\MITDRI~1\AppData\Roaming\Affilorama
2010-11-17 19:35:51 -------- d-----w- C:\Program Files (x86)\Traffic Travis v3
2010-11-17 19:25:37 -------- d-----w- C:\Windows\pss
2010-11-17 10:47:47 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-11-15 12:23:46 -------- d-----w- C:\Users\MITDRI~1\AppData\Local\Web CEO
2010-11-13 16:39:56 -------- d-----w- C:\Program Files (x86)\unzipped files
2010-11-13 16:38:22 -------- d-----w- C:\Program Files (x86)\ExtractNow
2010-11-10 11:49:36 135568 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2010-11-10 11:49:36 135568 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2010-11-09 17:51:26 15256 ----a-w- C:\Users\MITDRI~1\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll

==================== Find3M ====================

2010-11-05 12:18:50 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-11-05 12:18:50 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-11-05 12:18:10 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-05 12:18:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-05 12:18:10 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-05 12:18:10 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-05 12:18:10 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-05 12:18:10 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-05 12:18:10 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-05 12:18:10 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-11-05 11:42:17 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-11-05 11:41:59 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-11-05 11:41:59 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-11-05 11:41:40 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2010-11-05 11:41:40 3955080 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2010-11-05 11:41:40 3899784 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2010-11-05 11:04:54 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-11-05 11:04:54 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-11-05 11:04:41 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-11-05 11:04:41 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-11-05 11:04:26 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-11-05 11:04:26 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-11-05 11:04:09 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-11-05 11:04:09 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-11-05 11:03:53 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
2010-11-05 11:03:53 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
2010-11-05 11:03:39 2085376 ----a-w- C:\Windows\System32\ole32.dll
2010-11-05 11:03:39 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
2010-11-05 11:03:12 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-11-05 11:02:32 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2010-11-05 11:02:14 1877504 ----a-w- C:\Windows\System32\msxml3.dll
2010-11-05 11:02:14 1233920 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-11-05 11:02:00 52224 ----a-w- C:\Windows\System32\rtutils.dll
2010-11-05 11:02:00 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll
2010-11-05 11:01:49 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2010-11-05 11:01:26 144384 ----a-w- C:\Windows\System32\cdd.dll
2010-11-05 11:01:06 84992 ----a-w- C:\Windows\System32\asycfilt.dll
2010-11-05 11:01:06 67584 ----a-w- C:\Windows\SysWow64\asycfilt.dll
2010-11-05 11:01:00 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-11-05 11:01:00 366080 ----a-w- C:\Windows\System32\atmfd.dll
2010-11-05 11:01:00 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-11-05 11:01:00 293888 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-11-05 11:00:52 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2010-11-05 11:00:52 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2010-11-05 11:00:43 612352 ----a-w- C:\Windows\System32\vbscript.dll
2010-11-05 11:00:43 427520 ----a-w- C:\Windows\SysWow64\vbscript.dll
2010-11-05 11:00:29 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2010-11-05 11:00:29 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2010-11-05 11:00:29 125952 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2010-10-13 21:28:54 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2010-10-13 21:28:54 94864 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2010-10-13 21:28:54 75032 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2010-10-13 21:28:54 62800 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2010-10-13 21:28:54 529128 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2010-10-13 21:28:54 441328 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2010-10-13 21:28:54 283360 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2010-10-13 21:28:54 190136 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2010-10-13 21:28:54 121248 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2010-09-22 23:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-22 23:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-09-21 13:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 13:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2010-09-15 03:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

============= FINISH: 19:52:08,51 ===============



-ATTACH:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-05.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4-11-2010 15:51:46
System Uptime: 8-12-2010 18:35:18 (1 hours ago)

Motherboard: Dell Inc. | | 0874P6
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz | U2E1 | 1983/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 283 GiB total, 247,857 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP27: 24-11-2010 18:48:08 - Windows Update
RP28: 26-11-2010 14:19:08 - Windows Update
RP29: 30-11-2010 13:44:25 - Windows Update
RP30: 30-11-2010 22:39:30 - Windows Update
RP31: 1-12-2010 23:07:54 - Installed FPS Creator Free
RP32: 1-12-2010 23:53:03 - Installed QuickTime
RP33: 2-12-2010 11:53:00 - Windows Update
RP34: 3-12-2010 17:23:50 - Windows Update
RP35: 3-12-2010 17:27:56 - Windows Update
RP36: 6-12-2010 13:08:09 - Windows Update
RP37: 6-12-2010 13:51:11 - Installed Adobe Reader X.
RP38: 7-12-2010 16:47:50 - Windows Update

==== Installed Programs ======================

Accelerometer
AdblockIE
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X
Adobe Shockwave Player 11.5
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
ATI Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibiliteitspakket voor het 2007 Microsoft Office system
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Webcam Central
DivX Setup
ESET Online Scanner v3
ExtractNow
FileZilla Client 3.3.5.1
FPS Creator Free
IObit Security 360
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
Live! Cam Avatar Creator
Malwarebytes' Anti-Malware
McAfee Security Center
Microsoft Office PowerPoint Viewer 2007 (Dutch)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6.12)
MSVCRT
MSVCRT_amd64
OpenOffice.org 3.2
PaRaMeter 1.3
PowerDVD DX
PSPad editor
QuickTime
Roxio Burn
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
SEO PowerSuite
SeoQuake
Skins
Skype Toolbars
Skype™ 4.2
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
System Requirements Lab CYRI
Traffic Travis 3.3.6
Unity
Unity Web Player
VC80CRTRedist - 8.0.50727.4053
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources

==== End Of File ===========================
 
i found this line in one of the logs.
FF - ProfilePath - C:\Users\MITDRI~1\AppData\Roaming\Mozilla\Firefox\Profiles\b6vwscsz.default \


malwarebyte found this as a malware 2 days ago.It s in quarantine because i dont know if it s malware or not.Shall i delete this one?
 
I don't need a McAfee scan. But both Malwarebytes and GMER generate a log whether they find any malware or not. I need those logs. It looks like you have a 64it OS, is that correct?

You have both McAfee and IOBIT Security> that's multiple antivirus programs. Please remove one of them, reboot the computer when done.

I'd like you to empty the Java cache, then rescan with the the Eset online scanner again, leaving the complete log:
Control Panel> Java> temporary internet files section> Click on Settings> Delete.
Exit Java.

This is your Firefox profile, perfectly normal:
FF - ProfilePath - C:\Users\MITDRI~1\AppData\Roaming\Mozilla\Firefox\Profiles\b6vwscsz.default \

Don't run any more scan or delete anything unless I instruct you to.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
 
yes i have a windows 7 64 bit laptop.

I tried malwarebytes 2 times and no logs.Before i got log automatically when scan finishes.Maybe another way.I will download ger again and try it again.
Iobit isn't a virus scanner, its a spyware/malware scanner.
Its a good software, i will remove it but later on i can install it again right?.

I will do all the above and let you know.
thanks
 
I removed iobit 360 and rebooted.After that i wanted to delete java cache but the instruction you gave me does not work on windows 7.
Shall i go on with the ohter steps?
 
i got blue screen when eset almost finished.This happens some times eventhough laptop is new.
I will scan again.I hope it will not take that much time.
 
Every time you make a new reply, I get email feedback. I got 4 emails for your sentences above. Please use the Edit function instead of making a new reply like this.

You also need to give me time to review the logs. This thread was started yesterday. I am still working on some started way before.
 
Eset: no threats found, no log..

Gmer:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-09 14:19:34
Windows 6.1.7600
Running: download[1].exe


---- Files - GMER 1.0.15 ----

File C:\Users\mitdrissia\AppData\Local\Temp\NOD8C32.tmp 0 bytes

---- EOF - GMER 1.0.15 ----

Malware bytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5281

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9-12-2010 18:15:32
mbam-log-2010-12-09 (18-15-32).txt

Scan type: Quick scan
Objects scanned: 142741
Time elapsed: 6 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
MalwareByte:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5281

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9-12-2010 18:15:32
mbam-log-2010-12-09 (18-15-32).txt

Scan type: Quick scan
Objects scanned: 142741
Time elapsed: 6 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

____________________________________________________________

Gmer:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-09 14:19:34
Windows 6.1.7600
Running: download[1].exe


---- Files - GMER 1.0.15 ----

File C:\Users\mitdrissia\AppData\Local\Temp\NOD8C32.tmp 0 bytes

---- EOF - GMER 1.0.15 ----


ESET online virusscan:

No threats, i could not get log.


Yes off course i understand.Next time i will edit post instead of multiple small posts.Sorry for that.
 
well i put reply post 2 times now and its in review.The other posts were not in review.How come?
If i click on post reply the post is in review but if i clikc quick reply you see the post immediatly.
 
Hi any luck removing the google redirect. Or is it allready removed?
I need this removed fast because its annoying.

ps i also can't use google chrome anymore.i like Chrome.Has it something to do with this malware?
 
I need this removed fast because its annoying.

Yes, malware usually is annoying! And everyone wants to be fixed fast

Eset: no threats found, no log..
Post log please.

Download Combofix to your desktop from one of these locations:
Link 1
Link 2
  • Double click combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Query- Recovery Console image
    RcAuto1.gif

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes it will open a text window. Please paste that log in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
If i click on post reply the post is in review but if i clikc quick reply you see the post immediatly.
Click on the Refresh button on the toolbar at the top and you will see all.

I will be closing this thread in one more day if there is no more reply.
 
Should I turn off mcafee virus scanner because it removes the software before it downloads.sorry for the late reply.I was not at home and was a little bit busy.

I really appreciate that you help me out
thanks
 
Here is the combofix logfile.I just disabled the anti-virus.

ComboFix 10-12-18.02 - mitdrissia 19-12-2010 17:38:43.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.2997.1697 [GMT 1:00]
Gestart vanuit: c:\users\mitdrissia\Downloads\ComboFix.exe
AV: McAfee Antivirus en antispyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Antivirus en antispyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe

.
(((((((((((((((((((( Bestanden Gemaakt van 2010-11-19 to 2010-12-19 ))))))))))))))))))))))))))))))
.

2010-12-19 16:45 . 2010-12-19 16:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-19 16:12 . 2010-12-19 16:12 -------- d-----w- c:\program files (x86)\Common Files\Skype
2010-12-17 09:03 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7EF3FE1E-99F7-4C19-96D1-66666DD14264}\mpengine.dll
2010-12-16 12:25 . 2010-12-16 12:26 -------- d--h--w- c:\windows\AxInstSV
2010-12-16 10:00 . 2010-10-27 05:06 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-16 10:00 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2010-12-16 09:58 . 2010-10-20 03:09 3124224 ----a-w- c:\windows\system32\win32k.sys
2010-12-16 09:57 . 2010-10-16 05:19 395776 ----a-w- c:\windows\system32\webio.dll
2010-12-16 09:57 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll
2010-12-16 09:53 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-16 09:53 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-16 09:53 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2010-12-16 09:53 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
2010-12-14 12:40 . 2010-12-14 12:40 -------- d-----w- c:\program files (x86)\DriveKey
2010-12-14 12:39 . 2001-09-05 03:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2010-12-14 12:39 . 2001-09-05 03:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2010-12-14 12:39 . 2001-09-05 03:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2010-12-14 12:39 . 2001-09-05 03:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2010-12-14 12:39 . 2001-09-05 02:24 610436 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2010-12-08 11:22 . 2010-12-08 11:22 -------- d-----w- c:\program files (x86)\ESET
2010-12-06 12:52 . 2010-12-06 12:52 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2010-12-06 12:17 . 2010-12-06 12:28 -------- d-----w- c:\program files (x86)\Windows Live Safety Center
2010-12-02 19:15 . 2010-12-02 19:15 -------- d-----w- c:\users\mitdrissia\AppData\Local\Windows Live Writer
2010-12-02 19:15 . 2010-12-02 19:15 -------- d-----w- c:\users\mitdrissia\AppData\Roaming\Windows Live Writer
2010-12-02 10:54 . 2010-12-02 10:54 -------- d-----w- c:\program files (x86)\Microsoft.NET
2010-12-01 22:53 . 2010-12-01 22:53 -------- d-----w- c:\programdata\Apple Computer
2010-12-01 22:52 . 2010-12-01 22:52 -------- d-----w- c:\program files (x86)\Common Files\Apple
2010-12-01 22:52 . 2010-12-01 22:52 -------- d-----w- c:\users\mitdrissia\AppData\Local\Apple
2010-12-01 22:52 . 2010-12-01 22:52 -------- d-----w- c:\programdata\Apple
2010-12-01 22:52 . 2010-12-01 22:52 -------- d-----w- c:\program files (x86)\Apple Software Update
2010-12-01 22:26 . 2010-12-01 22:54 -------- d-----w- c:\program files (x86)\QuickTime
2010-12-01 22:20 . 2010-12-11 18:18 -------- d-----w- c:\users\mitdrissia\AppData\Roaming\Unity
2010-12-01 22:17 . 2010-12-01 22:20 -------- d-----w- c:\users\mitdrissia\AppData\Roaming\PACE Anti-Piracy
2010-12-01 22:17 . 2010-12-01 22:20 -------- d-----w- c:\programdata\PACE Anti-Piracy
2010-12-01 22:17 . 2010-12-01 22:17 -------- d-----w- c:\users\mitdrissia\AppData\Local\PACE Anti-Piracy
2010-12-01 22:11 . 2010-12-01 22:20 -------- d-----w- c:\users\mitdrissia\AppData\Local\Unity
2010-12-01 22:05 . 2010-12-01 22:11 -------- d-----w- c:\program files (x86)\Unity
2010-11-30 21:39 . 2010-11-30 21:39 -------- d-----w- C:\b908b950d45b6e9aa514
2010-11-30 12:56 . 2010-12-08 10:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-11-30 12:56 . 2010-11-30 13:01 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-11-24 10:31 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-24 10:31 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2010-11-22 18:55 . 2010-11-22 18:55 -------- d-----w- c:\windows\SysWow64\Adobe
2010-11-22 11:03 . 2010-11-22 11:03 -------- d-----w- c:\users\mitdrissia\AppData\Roaming\Template
2010-11-21 20:19 . 2010-11-21 20:19 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2010-11-21 20:19 . 2010-11-21 20:19 -------- d-----w- c:\users\mitdrissia\AppData\Roaming\SystemRequirementsLab
2010-11-21 18:09 . 2010-11-21 18:09 -------- d-----w- c:\windows\nl
2010-11-21 18:06 . 2010-11-21 18:06 -------- d-----w- c:\program files\Windows Live
2010-11-21 18:04 . 2009-09-04 16:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2010-11-21 18:04 . 2009-09-04 16:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2010-11-21 18:04 . 2009-09-04 16:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2010-11-21 18:04 . 2009-09-04 16:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-11-21 18:02 . 2010-11-21 18:02 469256 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4f0bed0f1cb89a62d\InstallManager_WLE_WLE.exe
2010-11-21 18:02 . 2010-11-21 18:02 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\38381acf1cb89a622\MeshBetaRemover.exe
2010-11-21 18:01 . 2010-11-21 18:01 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2a21d6101cb89a61a\DSETUP.dll
2010-11-21 18:01 . 2010-11-21 18:01 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2a21d6101cb89a61a\DXSETUP.exe
2010-11-21 18:01 . 2010-11-21 18:01 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2a21d6101cb89a61a\dsetup32.dll
2010-11-21 18:01 . 2010-11-21 18:01 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\27a3e5461cb89a619\DSETUP.dll
2010-11-21 18:01 . 2010-11-21 18:01 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\27a3e5461cb89a619\DXSETUP.exe
2010-11-21 18:01 . 2010-11-21 18:01 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\27a3e5461cb89a619\dsetup32.dll
2010-11-21 18:00 . 2010-12-19 15:22 -------- d-----w- c:\users\mitdrissia\AppData\Local\Windows Live
2010-11-21 17:59 . 2010-05-23 08:35 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-11-21 17:59 . 2010-05-23 08:35 206848 ----a-w- c:\windows\system32\mfps.dll
2010-11-21 17:59 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2010-11-21 17:59 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2010-11-21 17:59 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-11-21 17:59 . 2010-05-23 08:35 4068864 ----a-w- c:\windows\system32\mf.dll
2010-11-21 17:59 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-05 12:18 . 2010-11-05 12:18 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2010-11-05 12:18 . 2010-11-05 12:18 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2010-11-05 11:41 . 2010-11-05 11:41 633856 ----a-w- c:\windows\system32\comctl32.dll
2010-11-05 11:41 . 2010-11-05 11:41 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2010-11-05 11:41 . 2010-11-05 11:41 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-11-05 11:41 . 2010-11-05 11:41 3955080 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2010-11-05 11:41 . 2010-11-05 11:41 3899784 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2010-11-05 11:04 . 2010-11-05 11:04 148992 ----a-w- c:\windows\system32\t2embed.dll
2010-11-05 11:04 . 2010-11-05 11:04 109056 ----a-w- c:\windows\SysWow64\t2embed.dll
2010-11-05 11:04 . 2010-11-05 11:04 738816 ----a-w- c:\windows\SysWow64\wmpmde.dll
2010-11-05 11:04 . 2010-11-05 11:04 1024512 ----a-w- c:\windows\system32\wmpmde.dll
2010-11-05 11:04 . 2010-11-05 11:04 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
2010-11-05 11:04 . 2010-11-05 11:04 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll
2010-11-05 11:04 . 2010-11-05 11:04 340992 ----a-w- c:\windows\system32\schannel.dll
2010-11-05 11:04 . 2010-11-05 11:04 224256 ----a-w- c:\windows\SysWow64\schannel.dll
2010-11-05 11:03 . 2010-11-05 11:03 483840 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-11-05 11:03 . 2010-11-05 11:03 363520 ----a-w- c:\windows\SysWow64\StructuredQuery.dll
2010-11-05 11:03 . 2010-11-05 11:03 2085376 ----a-w- c:\windows\system32\ole32.dll
2010-11-05 11:03 . 2010-11-05 11:03 1413632 ----a-w- c:\windows\SysWow64\ole32.dll
2010-11-05 11:03 . 2010-11-05 11:03 558592 ----a-w- c:\windows\system32\spoolsv.exe
2010-11-05 11:02 . 2010-11-05 11:02 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-11-05 11:02 . 2010-11-05 11:02 1877504 ----a-w- c:\windows\system32\msxml3.dll
2010-11-05 11:02 . 2010-11-05 11:02 1233920 ----a-w- c:\windows\SysWow64\msxml3.dll
2010-11-05 11:02 . 2010-11-05 11:02 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-11-05 11:02 . 2010-11-05 11:02 37376 ----a-w- c:\windows\SysWow64\rtutils.dll
2010-11-05 11:01 . 2010-11-05 11:01 82944 ----a-w- c:\windows\SysWow64\iccvid.dll
2010-11-05 11:01 . 2010-11-05 11:01 144384 ----a-w- c:\windows\system32\cdd.dll
2010-11-05 11:01 . 2010-11-05 11:01 84992 ----a-w- c:\windows\system32\asycfilt.dll
2010-11-05 11:01 . 2010-11-05 11:01 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll
2010-11-05 11:00 . 2010-11-05 11:00 976896 ----a-w- c:\windows\system32\inetcomm.dll
2010-11-05 11:00 . 2010-11-05 11:00 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2010-11-05 11:00 . 2010-11-05 11:00 612352 ----a-w- c:\windows\system32\vbscript.dll
2010-11-05 11:00 . 2010-11-05 11:00 427520 ----a-w- c:\windows\SysWow64\vbscript.dll
2010-11-05 11:00 . 2010-11-05 11:00 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-11-05 11:00 . 2010-11-05 11:00 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-11-05 11:00 . 2010-11-05 11:00 125952 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-10-19 09:41 . 2010-11-17 10:47 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-10-13 21:28 . 2010-06-03 14:43 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-10-13 21:28 . 2010-01-05 23:04 94864 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-10-13 21:28 . 2010-01-05 23:04 75032 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-10-13 21:28 . 2010-01-05 23:04 62800 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-10-13 21:28 . 2010-01-05 23:04 529128 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-10-13 21:28 . 2010-01-05 23:04 441328 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-10-13 21:28 . 2010-01-05 23:04 283360 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-10-13 21:28 . 2010-01-05 23:04 190136 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-10-13 21:28 . 2010-01-05 23:04 121248 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-09-22 23:47 . 2010-09-22 23:47 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2010-09-22 23:32 . 2010-09-22 23:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-21 13:49 . 2010-09-21 13:49 252800 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-21 13:03 . 2010-09-21 13:03 208768 ----a-w- c:\windows\SysWow64\LIVESSP.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-12 2000112]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1484856]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-12-01 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2010-07-21 165184]
"DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2010-07-21 18240]

c:\users\mitdrissia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2009-10-12 74480]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-13 94864]
R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-10-12 7408]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-05 1255736]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-13 283360]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2009-07-23 18792]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-13 75032]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-18 202752]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-10-13 149032]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-01 80896]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-04 55808]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-07-24 23912]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-13 62800]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-13 441328]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]


--- Andere Services/Drivers In Geheugen ---

*Deregistered* - mfeavfk01
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-10-01 3189016]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
FF - ProfilePath - c:\users\mitdrissia\AppData\Roaming\Mozilla\Firefox\Profiles\b6vwscsz.default\
FF - prefs.js: browser.search.selectedEngine - Secure-zoeken
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files (x86)\McAfee\SiteAdvisor
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - %profile%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
.
- - - - ORPHANS VERWIJDERD - - - -

Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-FileZilla Client - c:\program files (x86)\FileZilla FTP Client\uninstall.exe


.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-2140755399-1910707010-2326017034-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"

[HKEY_USERS\S-1-5-21-2140755399-1910707010-2326017034-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2010-12-19 17:49:13
ComboFix-quarantined-files.txt 2010-12-19 16:49

Pre-Run: 261.046.079.488 bytes beschikbaar
Post-Run: 261.820.289.024 bytes beschikbaar

- - End Of File - - 8AE8F4FDB9BDC72CFB53DE56D29C0036
 
Were you able to delete the temporary internet files for Java?
Please bring me up to date on what the current problem is. Are you still being redirected when you search? Which browser?
 
yes i deleted the java cache.This was before i scanned with combofix.
I am still being redirected on internet explorer. This was also a problem on mozilla but i did not check if problem still exists on this browser.

I also can't watch youtube or any flash movies.Its no problem if i download flash player again?.It got removed after scanning with combofix.
 
Unless you give me some logs to work with, I can't direct you.

For Malwarebytes:
Please download randmbam.exe

It will try to create random names and shortcuts for Malwarebytes Anti Malware(MBAM) if you have it installed already.

Once done, try running a scan again There will be a log.
====================================================.
I will need one of these online virus scans. They will generate a log. Run only one:

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Re-enable your Antivirus software.
  10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
========================================
Run Kaspersky Online Scanner in Internet Explorer

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click Accept and the web scanner will begin to load
  • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
  • You will be prompted to install an ActiveX component from Kaspersky, click Install
  • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT and then Scan Settings
  • In the scan settings make that the following are selected:
    [o] Scan using the following Anti-Virus database> Extended (if available otherwise Standard)
    [o] Scan Options: Scan Archives> Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    [o] Select My Computer
  • The program will start to scan your system.
  • Once the scan is complete, click on the Save as Text button and save the file to your desktop
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.
 
Eset:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

malwarebytes:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5281

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23-12-2010 12:45:18
mbam-log-2010-12-23 (12-45-18).txt

Scan type: Full scan (C:\|)
Objects scanned: 281463
Time elapsed: 56 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I now also get popups , they come up out of nothing. This is only after i used combofix.
 
Status
Not open for further replies.
Back