TechSpot

I've got the redirect virus

By marco75
Apr 20, 2011
  1. Hi,

    I've got the google redirect virus and I can't quite get to the root of the problem. I have been able to clean up a bunch of stuff, but tdsskiller won't run. I really appreciate any help I can get with this. Thank you very much!
     
  2. marco75

    marco75 TS Rookie Topic Starter

    hijack this log

    Here are the log files.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6390

    Windows 6.1.7600
    Internet Explorer 9.0.8112.16421

    4/20/2011 10:20:13 AM
    mbam-log-2011-04-20 (10-20-13).txt

    Scan type: Quick scan
    Objects scanned: 153831
    Time elapsed: 5 minute(s), 3 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit quick scan 2011-04-20 10:25:09
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.12.0
    Running: h8zs3g92.exe; Driver: C:\Users\Marc\AppData\Local\Temp\kxtdypob.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:296] 86CF2E84
    Thread System [4:300] 86CF5084

    ---- EOF - GMER 1.0.15 ----



    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Marc at 10:31:15.56 on Wed 04/20/2011
    Internet Explorer: 9.0.8112.16421
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2940.1862 [GMT -4:00]
    .
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k NetworkService
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Kenabee\Viewer4Skype\mon4skype.exe
    C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Kenabee\Viewer4Skype\svc4skype.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\System32\alg.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\system32\taskhost.exe
    C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\Program Files\TOSHIBA\TECO\TEco.exe
    C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\windows\system32\igfxext.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\Program Files\Internet Explorer\IELowutil.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\Users\Marc\Desktop\dds.scr
    C:\windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.5.0.125\ips\IPSBHO.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    mRun: [<NO NAME>]
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
    mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
    mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
    mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [TaskTray]
    StartupFolder: c:\users\marc\appdata\roaming\micros~1\windows\startm~1\programs\startup\mi cros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
    StartupFolder: c:\users\marc\appdata\roaming\micros~1\windows\startm~1\programs\startup\of fice~1.lnk - c:\program files\microsoft office\office\OSA.EXE
    StartupFolder: c:\users\marc\appdata\roaming\micros~1\windows\startm~1\programs\startup\on enot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1205000.07d\SymDS.sys [2011-4-12 340016]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1205000.07d\SymEFA.sys [2011-4-12 652336]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20110419.001\BHDrvx86.sys [2011-4-19 802936]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20110419.002\IDSvix86.sys [2011-4-20 353912]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1205000.07d\Ironx86.sys [2011-4-12 136312]
    R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1205000.07d\symnets.sys [2011-4-12 295032]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
    R2 mon4skype;Viewer4Skype Monitor;c:\program files\kenabee\viewer4skype\mon4skype.exe [2009-12-4 110592]
    R2 NIS;Norton Internet Security.;c:\program files\norton internet security\engine\18.5.0.125\ccSvcHst.exe [2011-4-12 130000]
    R2 svc4skype;Viewer4Skype Intercom;c:\program files\kenabee\viewer4skype\svc4skype.exe [2009-12-4 110592]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-11 185712]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-4-18 102448]
    R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-11-19 7680]
    R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2009-11-19 24064]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-11-19 187392]
    R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2009-11-19 862208]
    R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-11-19 54136]
    R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-6 685424]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-11-19 171520]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-27 1343400]
    .
    =============== Created Last 30 ================
    .
    2011-04-20 01:39:55 -------- d-----w- c:\progra~2\MFAData
    2011-04-20 00:48:31 388096 ----a-r- c:\users\marc\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-04-20 00:02:15 -------- d-----w- c:\program files\CCleaner
    2011-04-19 23:46:31 -------- d-----w- c:\program files\Search Toolbar
    2011-04-19 23:46:00 -------- d-----w- c:\program files\Driver-Soft
    2011-04-19 13:41:47 -------- d-----w- c:\windows\en
    2011-04-19 13:39:09 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2011-04-19 13:39:09 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2011-04-19 13:39:09 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2011-04-19 13:38:59 525656 ----a-w- c:\program files\common files\windows live\.cache\228677581cbfe9711\DXSETUP.exe
    2011-04-19 13:38:58 94040 ----a-w- c:\program files\common files\windows live\.cache\228677581cbfe9711\DSETUP.dll
    2011-04-19 13:38:58 1691480 ----a-w- c:\program files\common files\windows live\.cache\228677581cbfe9711\dsetup32.dll
    2011-04-19 13:38:57 94040 ----a-w- c:\program files\common files\windows live\.cache\210228eb1cbfe9710\DSETUP.dll
    2011-04-19 13:38:57 525656 ----a-w- c:\program files\common files\windows live\.cache\210228eb1cbfe9710\DXSETUP.exe
    2011-04-19 13:38:57 1691480 ----a-w- c:\program files\common files\windows live\.cache\210228eb1cbfe9710\dsetup32.dll
    2011-04-19 13:38:23 -------- d-----w- c:\users\marc\appdata\local\Windows Live
    2011-04-18 14:43:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-18 14:27:27 -------- d-----w- c:\program files\iPod
    2011-04-18 14:23:58 -------- d-----w- c:\program files\Bonjour
    2011-04-18 14:21:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2011-04-18 14:21:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2011-04-18 14:21:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2011-04-18 14:21:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2011-04-18 14:21:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2011-04-18 14:21:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2011-04-18 14:21:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2011-04-18 14:15:14 311296 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-04-18 14:15:14 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-04-18 14:15:14 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-04-18 14:15:09 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-04-18 14:15:09 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-04-18 14:15:07 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-04-18 14:15:07 294912 ----a-w- c:\windows\system32\atmfd.dll
    2011-04-18 14:14:46 2331136 ----a-w- c:\windows\system32\win32k.sys
    2011-04-18 14:14:44 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-04-18 14:13:37 740864 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-18 14:13:35 1164288 ----a-w- c:\windows\system32\mfc42u.dll
    2011-04-18 14:13:35 1137664 ----a-w- c:\windows\system32\mfc42.dll
    2011-04-18 14:13:29 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-04-18 14:13:29 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-04-18 14:13:28 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
    2011-04-18 14:13:28 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-15 11:07:28 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
    2011-04-14 23:55:17 -------- d-----w- c:\users\marc\appdata\roaming\Malwarebytes
    2011-04-14 23:55:12 -------- d-----w- c:\progra~2\Malwarebytes
    2011-04-14 23:55:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-12 23:21:33 652336 ----a-r- c:\windows\system32\drivers\nis\1205000.07d\SymEFA.sys
    2011-04-12 23:21:33 509560 ----a-r- c:\windows\system32\drivers\nis\1205000.07d\srtsp.sys
    2011-04-12 23:21:33 50168 ----a-r- c:\windows\system32\drivers\nis\1205000.07d\srtspx.sys
    2011-04-12 23:21:33 340016 ----a-r- c:\windows\system32\drivers\nis\1205000.07d\SymDS.sys
    2011-04-12 23:21:33 295032 ----a-r- c:\windows\system32\drivers\nis\1205000.07d\symnets.sys
    2011-04-12 23:21:33 136312 ----a-r- c:\windows\system32\drivers\nis\1205000.07d\Ironx86.sys
    2011-04-12 23:21:24 -------- d-----w- c:\windows\system32\drivers\nis\1205000.07D
    2011-04-12 23:10:34 -------- d-----r- c:\program files\Norton Support
    2011-04-12 21:34:40 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{52669bb5-9ebe-4c20-a3e2-080390ade61f}\mpengine.dll
    2011-04-10 16:26:09 850432 ----a-w- c:\windows\system32\sbe.dll
    2011-04-10 16:26:09 642048 ----a-w- c:\windows\system32\CPFilters.dll
    2011-04-10 16:26:09 534528 ----a-w- c:\windows\system32\EncDec.dll
    2011-04-10 16:26:09 199680 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-04-10 16:26:07 2690560 ----a-w- c:\windows\system32\mstscax.dll
    2011-04-10 16:26:07 1034240 ----a-w- c:\windows\system32\mstsc.exe
    2011-04-08 02:12:11 -------- d--h--w- c:\progra~2\oHk06511aGpMj06511
    2011-04-01 03:17:17 -------- d--h--r- c:\users\marc\Program Files
    2011-03-28 02:23:00 -------- d--h--w- c:\progra~2\jEcIbKpEnAi06504
    .
    ==================== Find3M ====================
    .
    2011-02-02 22:11:20 222080 ----a-w- c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 10:31:57.00 ===============






    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/30/2009 11:23:37 PM
    System Uptime: 4/20/2011 10:10:42 AM (0 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | CPU | 1197/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 289 GiB total, 251.386 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP217: 4/15/2011 7:07:25 AM - Windows Update
    RP218: 4/16/2011 11:25:35 AM - Windows Update
    RP220: 4/16/2011 12:24:41 PM - Installed TOSHIBA Service Station
    RP221: 4/18/2011 7:18:08 AM - Windows Update
    RP222: 4/18/2011 9:57:23 AM - Restore Operation
    RP223: 4/18/2011 11:00:35 AM - Windows Modules Installer
    RP224: 4/19/2011 7:51:15 AM - Windows Update
    RP225: 4/19/2011 9:36:39 AM - Windows Update
    RP226: 4/19/2011 8:48:04 PM - Installed HiJackThis
    RP227: 4/19/2011 9:30:15 PM - Removed Java(TM) 6 Update 14
    RP228: 4/20/2011 8:18:09 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.4.3
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    CCleaner
    Compatibility Pack for the 2007 Office system
    D3DX10
    Driver Performer
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    HiJackThis
    Intel(R) Graphics Media Accelerator Driver
    Intel® Matrix Storage Manager
    iTunes
    Java(TM) 6 Update 14
    Junk Mail filter update
    Label@Once 1.0
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 97, Professional Edition
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    MobileMe Control Panel
    MSVCRT
    MyToshiba
    NetZero Launcher
    Norton Internet Security
    OGA Notifier 2.0.0048.0
    PlayReady PC Runtime x86
    ProMash
    Quickbooks Financial Center
    QuickTime
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Realtek WLAN Driver
    Safari
    Search Toolbar
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skype Launcher
    Skype web features
    Skype™ 4.1
    Synaptics Pointing Device Driver
    Toshiba Application and Driver Installer
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Disc Creator
    TOSHIBA DVD PLAYER
    TOSHIBA eco Utility
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    Toshiba Online Backup
    TOSHIBA PC Health Monitor
    Toshiba Quality Application
    TOSHIBA Recovery Media Creator
    TOSHIBA Service Station
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    ToshibaRegistration
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Viewer4Skype
    WildTangent Games
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Mobile Device Center Driver Update
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/20/2011 8:12:31 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    4/20/2011 10:08:25 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    4/19/2011 9:50:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    4/19/2011 9:50:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    4/19/2011 9:50:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    4/19/2011 9:50:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    4/19/2011 9:50:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    4/19/2011 9:50:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    4/19/2011 9:50:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 DfsC discache eeCtrl IDSVix86 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
    4/19/2011 9:50:07 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    4/19/2011 9:50:07 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    4/19/2011 9:50:07 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    4/19/2011 9:50:07 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    4/19/2011 9:50:07 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    4/19/2011 9:50:07 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    4/19/2011 9:50:07 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    4/19/2011 9:50:07 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    4/19/2011 9:50:07 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    4/19/2011 9:50:07 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    4/19/2011 9:50:07 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    4/19/2011 9:36:40 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 (KB2511455).
    4/19/2011 9:36:06 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 (KB2511250).
    4/19/2011 9:36:06 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 (KB2509553).
    4/19/2011 9:36:06 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 (KB2508429).
    4/19/2011 9:36:06 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 (KB2507618).
    4/19/2011 9:36:06 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 (KB2506223).
    4/19/2011 9:36:06 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 (KB2506212).
    4/19/2011 9:36:06 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 (KB2503658).
    4/19/2011 9:36:06 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 (KB2491683).
    4/19/2011 9:36:06 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for .NET Framework 3.5.1 on Windows 7 x86 (KB2446709).
    4/19/2011 9:36:06 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Cumulative Security Update for ActiveX Killbits for Windows 7 (KB2508272).
    4/19/2011 9:34:02 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
    4/19/2011 9:21:51 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
    4/19/2011 9:19:57 PM, Error: Service Control Manager [7034] - The Viewer4Skype Monitor service terminated unexpectedly. It has done this 1 time(s).
    4/19/2011 7:08:53 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    4/19/2011 6:33:04 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    4/19/2011 6:30:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 discache eeCtrl IDSVix86 spldr SRTSPX SymIRON SymNetS Wanarpv6
    4/18/2011 9:58:25 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TOSHIBA eco Utility Service service.
    4/18/2011 11:04:16 AM, Error: Service Control Manager [7034] - The Viewer4Skype Intercom service terminated unexpectedly. It has done this 1 time(s).
    4/18/2011 10:25:41 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
    4/18/2011 10:24:41 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    4/18/2011 10:06:37 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86
    4/18/2011 10:06:15 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
    4/16/2011 11:32:02 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office Excel 2007 (KB2464583).
    4/16/2011 11:28:16 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 System (KB2464635).
    4/16/2011 11:28:16 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2446708).
    4/16/2011 11:27:10 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 System (KB2509488).
    4/15/2011 7:00:57 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0x8a9e482b, 0x00000008, 0x8a9e482b, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 041511-25006-01.
    4/14/2011 9:09:32 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer EINSTEIN that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8A753A4D-2AF6-4976-B55D-F6661CBE9. The master browser is stopping or an election is being forced.
    4/13/2011 6:44:00 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Marc-PC\Marc SID (S-1-5-21-4033661001-3110837302-3746804699-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    .
    ==== End Of File ===========================
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Logs posted on a second thread must be posted here.

    The second thread has been closed.
     
  4. marco75

    marco75 TS Rookie Topic Starter

    sorry about that

    I have edited my original post to include all the logs. Thank you!
     
  5. marco75

    marco75 TS Rookie Topic Starter

    redirect virus - logs posted - please help, thank you!

    I have pasted the logs in my first post at the top of this thread. Thank you for your help!
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please go ahead and run the following 2 scans: Be patient- I may not get back to you until tomorrow AM.

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ====================================
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
     
  7. marco75

    marco75 TS Rookie Topic Starter

    Here is Eset and ComboFix

    Thank you very much for your help with this. Here are the 2 log files.

    Eset

    C:\Program Files\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application



    ComboFix


    ComboFix 11-04-21.02 - Marc 04/21/2011 23:51:10.1.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2940.1429 [GMT -4:00]
    Running from: c:\users\Marc\Desktop\ComboFix.exe
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Search Toolbar
    c:\program files\Search Toolbar\icon.ico
    c:\program files\Search Toolbar\SearchToolbar.dll
    c:\program files\Search Toolbar\SearchToolbarUninstall.exe
    c:\program files\Search Toolbar\SearchToolbarUpdater.exe
    c:\program files\WinPCap
    c:\users\Marc\AppData\Local\{AD936323-99E7-4EA6-9E09-2D90C5362620}
    c:\users\Marc\AppData\Local\{AD936323-99E7-4EA6-9E09-2D90C5362620}\chrome\content\overlay.xul
    c:\users\Marc\AppData\Local\{AD936323-99E7-4EA6-9E09-2D90C5362620}\install.rdf
    c:\users\Marc\AppData\Roaming\Adobe\plugs
    c:\users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
    c:\users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Repair
    c:\windows\system32\Thumbs.db
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-22 to 2011-04-22 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-22 04:03 . 2011-04-22 04:04 -------- d-----w- c:\users\Marc\AppData\Local\temp
    2011-04-22 04:03 . 2011-04-22 04:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-04-22 02:51 . 2011-04-22 02:51 -------- d-----w- c:\program files\ESET
    2011-04-20 01:39 . 2011-04-20 01:40 -------- d-----w- c:\programdata\MFAData
    2011-04-20 00:48 . 2011-04-20 00:48 388096 ----a-r- c:\users\Marc\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-04-20 00:02 . 2011-04-20 00:02 -------- d-----w- c:\program files\CCleaner
    2011-04-19 23:46 . 2011-04-19 23:46 -------- d-----w- c:\program files\Driver-Soft
    2011-04-19 13:41 . 2011-04-19 13:41 -------- d-----w- c:\windows\en
    2011-04-19 13:39 . 2009-09-04 21:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2011-04-19 13:39 . 2009-09-04 21:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2011-04-19 13:39 . 2009-09-04 21:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2011-04-19 13:38 . 2011-04-19 13:38 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\228677581cbfe9711\DXSETUP.exe
    2011-04-19 13:38 . 2011-04-19 13:38 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\228677581cbfe9711\DSETUP.dll
    2011-04-19 13:38 . 2011-04-19 13:38 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\228677581cbfe9711\dsetup32.dll
    2011-04-19 13:38 . 2011-04-19 13:38 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\210228eb1cbfe9710\DSETUP.dll
    2011-04-19 13:38 . 2011-04-19 13:38 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\210228eb1cbfe9710\DXSETUP.exe
    2011-04-19 13:38 . 2011-04-19 13:38 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\210228eb1cbfe9710\dsetup32.dll
    2011-04-19 13:38 . 2011-04-19 13:38 -------- d-----w- c:\users\Marc\AppData\Local\Windows Live
    2011-04-19 11:50 . 2011-04-19 11:50 -------- d-----w- c:\program files\Common Files\Adobe
    2011-04-18 14:43 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-18 14:27 . 2011-04-18 14:27 -------- d-----w- c:\program files\iPod
    2011-04-18 14:23 . 2011-04-18 14:23 -------- d-----w- c:\program files\Bonjour
    2011-04-18 14:21 . 2011-04-18 14:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
    2011-04-18 14:21 . 2011-04-18 14:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
    2011-04-18 14:21 . 2011-04-18 14:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
    2011-04-18 14:21 . 2011-04-18 14:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
    2011-04-18 14:21 . 2011-04-18 14:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
    2011-04-18 14:21 . 2011-04-18 14:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
    2011-04-18 14:21 . 2011-04-18 14:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
    2011-04-18 14:21 . 2011-04-18 14:21 -------- d-----w- c:\program files\QuickTime
    2011-04-18 14:15 . 2011-02-23 05:06 311296 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-04-18 14:15 . 2011-02-23 05:05 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-04-18 14:15 . 2011-02-23 05:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-04-18 14:15 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-04-18 14:15 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-04-18 14:15 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-04-18 14:15 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll
    2011-04-18 14:14 . 2011-03-03 03:31 2331136 ----a-w- c:\windows\system32\win32k.sys
    2011-04-18 14:14 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-04-18 14:13 . 2011-03-08 05:38 740864 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-18 14:13 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
    2011-04-18 14:13 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
    2011-04-18 14:13 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-04-18 14:13 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-04-18 14:13 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-18 14:13 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
    2011-04-16 16:24 . 2011-04-16 16:24 -------- d-----w- c:\users\Marc\AppData\Roaming\InstallShield
    2011-04-15 11:07 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
    2011-04-14 23:55 . 2011-04-14 23:55 -------- d-----w- c:\users\Marc\AppData\Roaming\Malwarebytes
    2011-04-14 23:55 . 2011-04-14 23:55 -------- d-----w- c:\programdata\Malwarebytes
    2011-04-14 23:55 . 2011-04-18 14:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-12 23:21 . 2011-04-18 14:04 -------- d-----w- c:\windows\system32\drivers\NIS\1205000.07D
    2011-04-12 23:10 . 2011-04-18 14:04 -------- d-----r- c:\program files\Norton Support
    2011-04-12 21:34 . 2011-03-23 14:11 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52669BB5-9EBE-4C20-A3E2-080390ADE61F}\mpengine.dll
    2011-04-10 16:26 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll
    2011-04-10 16:26 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll
    2011-04-10 16:26 . 2010-12-23 05:28 534528 ----a-w- c:\windows\system32\EncDec.dll
    2011-04-10 16:26 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-04-10 16:26 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\system32\mstscax.dll
    2011-04-10 16:26 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\system32\mstsc.exe
    2011-04-08 02:12 . 2011-04-08 02:28 -------- d--h--w- c:\programdata\oHk06511aGpMj06511
    2011-04-01 03:17 . 2011-04-08 02:56 -------- d--h--r- c:\users\Marc\Program Files
    2011-03-28 02:23 . 2011-03-28 02:44 -------- d--h--w- c:\programdata\jEcIbKpEnAi06504
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-19 13:40 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-04-12 23:21 . 2010-01-05 02:32 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-02-13 23:56 . 2011-02-13 23:56 45056 ----a-r- c:\users\Marc\AppData\Roaming\Microsoft\Installer\{491EAC1A-8ECB-45D5-97D1-0583D5676914}\ProMash.exe1_491EAC1A8ECB45D597D10583D5676914.exe
    2011-02-13 23:56 . 2011-02-13 23:56 45056 ----a-r- c:\users\Marc\AppData\Roaming\Microsoft\Installer\{491EAC1A-8ECB-45D5-97D1-0583D5676914}\ProMash.exe_491EAC1A8ECB45D597D10583D5676914.exe
    2011-02-03 05:45 . 2011-02-12 02:52 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2011-02-02 22:11 . 2009-12-31 21:43 222080 ----a-w- c:\windows\system32\MpSigStub.exe
    2011-01-29 00:39 . 2011-01-29 00:39 0 ---ha-w- c:\users\Marc\AppData\Local\Blegozab.bin
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-04 39408]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TWebCamera"="%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun" [X]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
    "ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
    "NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
    .
    c:\users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376]
    Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984]
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-06 171520]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-27 1343400]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS [2010-10-21 340016]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS [2010-11-18 652336]
    S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110419.001\BHDrvx86.sys [2011-04-15 802936]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110421.001\IDSvix86.sys [2011-03-30 353912]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS [2010-11-16 136312]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NIS\1205000.07D\SYMNETS.SYS [2010-12-01 295032]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
    S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
    S2 mon4skype;Viewer4Skype Monitor;c:\program files\Kenabee\Viewer4Skype\mon4skype.exe [2009-12-04 110592]
    S2 NIS;Norton Internet Security.;c:\program files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]
    S2 svc4skype;Viewer4Skype Intercom;c:\program files\Kenabee\Viewer4Skype\svc4skype.exe [2009-12-04 110592]
    S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-12 185712]
    S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-04-18 102448]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392]
    S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 862208]
    S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
    S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - KXTDYPOB
    *Deregistered* - kxtdypob
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
    2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 02:17]
    .
    2011-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 02:17]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/ig
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    HKLM-Run-TosWaitSrv - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
    HKLM-Run-Teco - %ProgramFiles%\TOSHIBA\TECO\Teco.exe
    HKLM-Run-SmartFaceVWatcher - %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    HKLM-Run-TaskTray - (no file)
    AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-04-22 00:21:20
    ComboFix-quarantined-files.txt 2011-04-22 04:21
    .
    Pre-Run: 269,538,209,792 bytes free
    Post-Run: 269,689,712,640 bytes free
    .
    - - End Of File - - 0F72306334733DC3E9FC37EFFEFD594A
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Hi Marco- sorry- didn't get notice of reply. Do you still need help with this problem?
     
  9. marco75

    marco75 TS Rookie Topic Starter

    yes, I still need help

    I posted the logs from combofix and Eset above. Thank you.
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, checking Combofix now. I think the reason I didn't get notice was because you edited a post to enter the logs. Feedback isn't sent for an Edit. So while you should use that feature for comments, questions and such that are short, you don't want to use Edit for logs.

    Will be back shortly. I take it the rediret problem is still happening. Has there be any change or anything new?
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\program files\Common Files\Windows Live\.cache\228677581cbfe9711\DXSETUP.exe
    c:\program files\Common Files\Windows Live\.cache\228677581cbfe9711\DSETUP.dll
    c:\program files\Common Files\Windows Live\.cache\228677581cbfe9711\dsetup32.dll
    c:\program files\Common Files\Windows Live\.cache\210228eb1cbfe9710\DSETUP.dll
    c:\program files\Common Files\Windows Live\.cache\210228eb1cbfe9710\DXSETUP.exe
    c:\program files\Common Files\Windows Live\.cache\210228eb1cbfe9710\dsetup32.dll
    c:\users\Marc\AppData\Local\Blegozab.bin
    DirLook::
    c:\programdata\oHk06511aGpMj06511
    c:\users\Marc\Program Files
    c:\programdata\jEcIbKpEnAi06504
    Folder::
    c:\program files\Driver-Soft
    DDS::
    BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
    mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
    mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ===================
    Follow with Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Closed due to inactivity
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...