Google Hijack/Redirect Help

[Jeff63]

Hi MrC,  Thank you.  The combofix log is below

ComboFix 12-03-22.01 - Diane 03/23/2012  21:06:59.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1014.354 [GMT -4:00]
Running from: c:\documents and settings\Diane\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Toolbar4
c:\documents and settings\All Users\Application Data\xp
c:\program files\Retrogamer_2zEI
c:\program files\Search Toolbar
c:\program files\Search Toolbar\basis.xml
c:\program files\Search Toolbar\bg.bmp
c:\program files\Search Toolbar\bing_logo.png
c:\program files\Search Toolbar\celebrity.png
c:\program files\Search Toolbar\drop_images.png
c:\program files\Search Toolbar\drop_maps.png
c:\program files\Search Toolbar\drop_news.png
c:\program files\Search Toolbar\drop_videos.png
c:\program files\Search Toolbar\drop_web.png
c:\program files\Search Toolbar\facebook.png
c:\program files\Search Toolbar\favicon.png
c:\program files\Search Toolbar\games.png
c:\program files\Search Toolbar\hotmail.png
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\images.png
c:\program files\Search Toolbar\include.xml
c:\program files\Search Toolbar\info.txt
c:\program files\Search Toolbar\lifestyle.png
c:\program files\Search Toolbar\maps.png
c:\program files\Search Toolbar\messenger.png
c:\program files\Search Toolbar\msn.png
c:\program files\Search Toolbar\news.png
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\tbcore3.dll
c:\program files\Search Toolbar\tbhelper.dll
c:\program files\Search Toolbar\twitter.png
c:\program files\Search Toolbar\uninstall.exe
c:\program files\Search Toolbar\update.exe
c:\program files\Search Toolbar\version.txt
c:\program files\Search Toolbar\video.png
c:\program files\Search Toolbar\videos.png
c:\program files\Search Toolbar\weather.png
c:\program files\Search Toolbar\web.png
c:\windows\system32\SET273.tmp
c:\windows\system32\SET275.tmp
c:\windows\system32\SET284.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2012-02-24 to 2012-03-24  )))))))))))))))))))))))))))))))
.
.
2012-03-22 03:45 . 2012-03-22 03:45   --------   d-----w-   C:\TDSSKiller_Quarantine
2012-03-20 13:37 . 2012-03-20 13:37   --------   d-----w-   c:\documents and settings\Diane\Application Data\AVG Secure Search
2012-03-20 13:37 . 2012-03-20 13:37   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-03-20 13:37 . 2012-03-20 13:37   --------   d-----w-   c:\program files\Common Files\AVG Secure Search
2012-03-20 13:37 . 2012-03-20 13:37   --------   d-----w-   c:\program files\AVG Secure Search
2012-03-20 13:37 . 2012-03-20 13:37   --------   d--h--w-   c:\documents and settings\All Users\Application Data\Common Files
2012-03-19 04:09 . 2012-03-19 04:09   388096   ----a-r-   c:\documents and settings\Diane\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-19 04:09 . 2012-03-19 04:09   --------   d-----w-   c:\program files\Trend Micro
2012-03-19 03:56 . 2012-03-19 03:56   --------   d-----w-   c:\documents and settings\Diane\Application Data\Sammsoft
2012-03-19 03:55 . 2012-03-20 02:59   --------   d-----w-   c:\program files\ARO 2012
2012-03-18 16:07 . 2012-03-18 16:08   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-03-18 16:07 . 2011-12-10 19:24   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-03-17 17:51 . 2012-03-17 17:51   76208   ----a-w-   c:\windows\system32\FwsVpn.dll
2012-03-17 17:51 . 2012-03-17 17:51   32208   ----a-w-   c:\windows\system32\drivers\WGX.SYS
2012-03-17 17:51 . 2012-03-17 17:51   241584   ----a-w-   c:\windows\system32\SymVPN.dll
2012-03-17 17:50 . 2012-03-17 17:50   --------   d-----w-   c:\documents and settings\All Users\Application Data\regid.1992_12.com.symantec
2012-03-17 17:50 . 2012-03-17 17:50   --------   d-----w-   c:\windows\system32\drivers\SEP
2012-03-17 03:44 . 2012-03-17 03:44   --------   d-----w-   c:\windows\system32\wbem\Repository
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-17 17:52 . 2009-09-18 02:07   60872   ----a-w-   c:\windows\system32\S32EVNT1.DLL
2012-03-17 17:52 . 2009-09-18 02:07   127096   ----a-w-   c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-24 14:04 . 2011-06-17 23:18   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2009-04-06 19:48   1860096   ----a-w-   c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-16 16:35   3072   ------w-   c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2009-04-06 18:08   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-03-13 04:39 . 2012-03-18 15:50   97208   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B291E6C-9A74-4034-971B-A4B007A0B315}]
2010-01-11 19:18   451808   ----a-w-   c:\program files\RadioBar\toolbar.ni.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-20 13:37   1869152   ----a-w-   c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5B291E6C-9A74-4034-971B-A4B007A0B315}"= "c:\program files\RadioBar\toolbar.ni.dll" [2010-01-11 451808]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-20 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{5b291e6c-9a74-4034-971b-a4b007a0b315}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{810FCC0F-2CA3-414a-B8C8-550910C8B664}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5B291E6C-9A74-4034-971B-A4B007A0B315}"= "c:\program files\RadioBar\toolbar.ni.dll" [2010-01-11 451808]
.
[HKEY_CLASSES_ROOT\clsid\{5b291e6c-9a74-4034-971b-a4b007a0b315}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{810FCC0F-2CA3-414a-B8C8-550910C8B664}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-06 39408]
"AROReminder"="c:\program files\ARO 2012\aro.exe" [2012-01-06 2552688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"ACU"="c:\program files\Atheros\ACU.exe" [2009-03-06 479320]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2009-03-26 417792]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-20 83336]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2009-04-03 73728]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-17 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-17 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-17 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-13 17531392]
"NDSTray.exe"="NDSTray.exe" [BU]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2009-03-18 827392]
"TDispVol"="TDispVol.exe" [2009-04-02 210232]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"ZoomingHook"="ZoomingHook.exe" [2005-06-06 24576]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-10 159744]
"TAccessibility"="c:\program files\TOSHIBA\Accessibility\TAccessibility.exe" [2009-02-25 110592]
"TPSMain"="TPSMain.exe" [2009-03-17 283960]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-14 311296]
"TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-03-16 252288]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2007-01-26 136816]
"Clearwire Connection Manager"="c:\program files\Clearwire\Connection Manager\ClearwireCM.exe" [2009-02-03 54536]
"Retrogamer_2z Browser Plugin Loader"="c:\progra~1\RETROG~2\bar\1.bin\2zbrmon.exe" [2011-06-23 26568]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2008-04-14 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-20 982880]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-1-6 2360648]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\NDSTray.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\12.1.1000.157.105\\Bin\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\12.1.1000.157.105\\Bin\\snac.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymDS.sys [10/30/2011 7:23 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymEFA.sys [10/30/2011 7:23 PM 758904]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [8/21/2008 1:35 PM 28536]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [9/4/2007 1:14 PM 6528]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20120317.011\BHDrvx86.sys [3/20/2012 12:58 AM 820856]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\Ironx86.sys [10/30/2011 7:23 PM 137336]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 6:33 PM 249648]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/18/2012 12:07 PM 652360]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [10/30/2011 7:23 PM 137224]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [3/26/2007 3:22 PM 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2/19/2007 3:15 PM 134016]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [3/20/2012 9:37 AM 918880]
R3 cecnuvc;Chicony USB 2.0 Camera VD;c:\windows\system32\drivers\cec_uvc.sys [8/31/2009 11:21 PM 48176]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/17/2012 1:55 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20120321.001\IDSXpx86.sys [3/21/2012 2:32 AM 356280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/18/2012 12:07 PM 20464]
S1 MpKsl0db0aaf8;MpKsl0db0aaf8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9381E37E-18F0-48DA-98D3-CCE3B7660F1D}\MpKsl0db0aaf8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9381E37E-18F0-48DA-98D3-CCE3B7660F1D}\MpKsl0db0aaf8.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/11/2010 11:12 PM 135664]
S2 Retrogamer_2zService;Retrogamer Service;c:\progra~1\RETROG~2\bar\1.bin\2zbarsvc.exe [6/23/2011 3:41 AM 34856]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/6/2009 3:08 PM 1684736]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 8:31 PM 195336]
S3 bcm;Beceem Communications Inc. Tarang3;c:\windows\system32\drivers\drxvi314.sys [12/23/2009 2:51 AM 233472]
S3 bcmbusctr;Beceem Devices' Enumerator Driver;c:\windows\system32\drivers\BcmBusCtr.sys [12/23/2009 2:51 AM 54784]
S3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\Clearwire\Connection Manager\RcAppSvc.exe [1/27/2009 5:40 PM 111880]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/11/2010 11:12 PM 135664]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [4/6/2009 3:09 PM 164864]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 5:06 PM 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/6/2009 3:48 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM   REG_MULTI_SZ      WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 03:12]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 03:12]
.
2012-03-24 c:\windows\Tasks\User_Feed_Synchronization-{CF0FFDB1-1CAD-4533-81A3-6DC92CC421B0}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.avg.com/?cid={410AAF74-0D14-456E-9D19-DF9B33EE0EAE}&mid=18b66f04a49047d0b958d16f64d56ead-a63148c4ca5a0448d0762f9294ed160d9c9b3a36&lang=en&ds=ft011&pr=sa&d=2012-03-20 09:37&v=10.2.0.3&sap=hp
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
TCP: DhcpNameServer = 172.18.2.254 172.18.1.50 8.8.8.8
Handler: toolbarchrome - {718733BC-AD64-4e5f-AC18-A85FBD75D54D} - c:\program files\RadioBar\toolbar.ni.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
FF - ProfilePath - c:\documents and settings\Diane\Application Data\Mozilla\Firefox\Profiles\2uru2b7w.default\
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7B850e2b3b-dc0f-441e-ae8c-d8549056f318%7D&mid=18b66f04a49047d0b958d16f64d56ead-a63148c4ca5a0448d0762f9294ed160d9c9b3a36&ds=ft011&v=10.2.0.3&lang=en&pr=sa&d=2012-03-20%2009%3A37%3A39
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B850e2b3b-dc0f-441e-ae8c-d8549056f318%7D&mid=18b66f04a49047d0b958d16f64d56ead-a63148c4ca5a0448d0762f9294ed160d9c9b3a36&ds=ft011&v=10.2.0.3&lang=en&pr=sa&d=2012-03-20%2009%3A37%3A39&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-Desktop Software - c:\program files\Common Files\SupportSoft\bin\bcont.exe
Notify-SEP - c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-23 21:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SepMasterService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SmcService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2012-03-23  21:22:09
ComboFix-quarantined-files.txt  2012-03-24 01:22
.
Pre-Run: 131,452,678,144 bytes free
Post-Run: 131,737,681,920 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 221700C87E2675F470A03C6EA126C1A3

[MrCharlie]

Please Update and run a Quick Scan with MBAM, post the report.

Please let me know how it is,  MrC

[Jeff63]

Hi MrC, Thank you.  Below are the scan results.  I guess it did not detect anything.

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.24.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Diane :: GEOFF3 [administrator]

Protection: Enabled

3/24/2012 2:52:20 PM
mbam-log-2012-03-24 (14-52-20).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255586
Time elapsed: 1 hour(s), 56 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[MrCharlie]

OK, How is it??  MrC

[Jeff63]

Hi MrC,
I opened both browsers and did a few searches and i am not getting redirected!  Thank you!!

[MrCharlie]

Great, a little cleanup to do.

Please Uninstall ComboFix:

Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /



Then hit enter.
This will uninstall Combofix, delete its related folders and files,  hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

Please download OTL from one of the links below:
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-----------------------------

You have out date Java on the system, older versions are vulnerable to malware.

Please go to your control panels add/remove programs and uninstall these:

Java(TM) 6 Update 11


Then download and install the latest version Java™ 6 Update 31.

http://www.java.com/en/download/manual.jsp <---latest version

http://www.java.com/en/download/installed.jsp <---verify your Java

--------------------------------

Any questions...please post back.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum,  MrC

[Jeff63]

Hi MrC, Thank you.  It says it can't find combofix.  I think maybe because when i turned back on Symantec, Symantec deleted the files?  Did i mess up?

Thank you

[MrCharlie]

No, if you ran OTL, that will clean up the ComboFix files.  MrC