I've been trying to fix this all week. A few of the problems
I cant modify or delete HOSTS FILE. GOOGLE, GMAIL, and image verification for IAMNOTAGEEK dont work I cant update windows defender or
or re-install service pack 3 - said access was not allowed--only tried to do that bc a program was saying my svchost.exe was missing or something. Also website do not recognize that I have the most current Firefox browser and redirect me. I used to have norton but have tried to delete all the files but the updater and symantec files remain.

I ran ESET but didnt see the text log. There were no found problems.


---------------

Logfile of HijackThis v1.99.1
Scan saved at 5:07:04 AM, on 8/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\antivirus\jackedup.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 64.86.17.32 google.ae
O1 - Hosts: 64.86.17.32 google.as
O1 - Hosts: 64.86.17.32 google.at
O1 - Hosts: 64.86.17.32 google.az
O1 - Hosts: 64.86.17.32 google.ba
O1 - Hosts: 64.86.17.32 google.be
O1 - Hosts: 64.86.17.32 google.bg
O1 - Hosts: 64.86.17.32 google.bs
O1 - Hosts: 64.86.17.32 google.ca
O1 - Hosts: 64.86.17.32 google.cd
O1 - Hosts: 64.86.17.32 google.com.gh
O1 - Hosts: 64.86.17.32 google.com.hk
O1 - Hosts: 64.86.17.32 google.com.jm
O1 - Hosts: 64.86.17.32 google.com.mx
O1 - Hosts: 64.86.17.32 google.com.my
O1 - Hosts: 64.86.17.32 google.com.na
O1 - Hosts: 64.86.17.32 google.com.nf
O1 - Hosts: 64.86.17.32 google.com.ng
O1 - Hosts: 64.86.17.32 google.ch
O1 - Hosts: 64.86.17.32 google.com.np
O1 - Hosts: 64.86.17.32 google.com.pr
O1 - Hosts: 64.86.17.32 google.com.qa
O1 - Hosts: 64.86.17.32 google.com.sg
O1 - Hosts: 64.86.17.32 google.com.tj
O1 - Hosts: 64.86.17.32 google.com.tw
O1 - Hosts: 64.86.17.32 google.dj
O1 - Hosts: 64.86.17.32 google.de
O1 - Hosts: 64.86.17.32 google.dk
O1 - Hosts: 64.86.17.32 google.dm
O1 - Hosts: 64.86.17.32 google.ee
O1 - Hosts: 64.86.17.32 google.fi
O1 - Hosts: 64.86.17.32 google.fm
O1 - Hosts: 64.86.17.32 google.fr
O1 - Hosts: 64.86.17.32 google.ge
O1 - Hosts: 64.86.17.32 google.gg
O1 - Hosts: 64.86.17.32 google.gm
O1 - Hosts: 64.86.17.32 google.gr
O1 - Hosts: 64.86.17.32 google.ht
O1 - Hosts: 64.86.17.32 google.ie
O1 - Hosts: 64.86.17.32 google.im
O1 - Hosts: 64.86.17.32 google.in
O1 - Hosts: 64.86.17.32 google.it
O1 - Hosts: 64.86.17.32 google.ki
O1 - Hosts: 64.86.17.32 google.la
O1 - Hosts: 64.86.17.32 google.li
O1 - Hosts: 64.86.17.32 google.lv
O1 - Hosts: 64.86.17.32 google.ma
O1 - Hosts: 64.86.17.32 google.ms
O1 - Hosts: 64.86.17.32 google.mu
O1 - Hosts: 64.86.17.32 google.mw
O1 - Hosts: 64.86.17.32 google.nl
O1 - Hosts: 64.86.17.32 google.no
O1 - Hosts: 64.86.17.32 google.nr
O1 - Hosts: 64.86.17.32 google.nu
O1 - Hosts: 64.86.17.32 google.pl
O1 - Hosts: 64.86.17.32 google.pn
O1 - Hosts: 64.86.17.32 google.pt
O1 - Hosts: 64.86.17.32 google.ro
O1 - Hosts: 64.86.17.32 google.ru
O1 - Hosts: 64.86.17.32 google.rw
O1 - Hosts: 64.86.17.32 google.sc
O1 - Hosts: 64.86.17.32 google.se
O1 - Hosts: 64.86.17.32 google.sh
O1 - Hosts: 64.86.17.32 google.si
O1 - Hosts: 64.86.17.32 google.sm
O1 - Hosts: 64.86.17.32 google.sn
O1 - Hosts: 64.86.17.32 google.st
O1 - Hosts: 64.86.17.32 google.tl
O1 - Hosts: 64.86.17.32 google.tm
O1 - Hosts: 64.86.17.32 google.tt
O1 - Hosts: 64.86.17.32 google.us
O1 - Hosts: 64.86.17.32 google.vu
O1 - Hosts: 64.86.17.32 google.ws
O1 - Hosts: 64.86.17.32 google.co.ck
O1 - Hosts: 64.86.17.32 google.co.id
O1 - Hosts: 64.86.17.32 google.co.il
O1 - Hosts: 64.86.17.32 google.co.in
O1 - Hosts: 64.86.17.32 google.co.jp
O1 - Hosts: 64.86.17.32 google.co.kr
O1 - Hosts: 64.86.17.32 google.co.ls
O1 - Hosts: 64.86.17.32 google.co.ma
O1 - Hosts: 64.86.17.32 google.co.nz
O1 - Hosts: 64.86.17.32 google.co.tz
O1 - Hosts: 64.86.17.32 google.co.ug
O1 - Hosts: 64.86.17.32 google.co.uk
O1 - Hosts: 64.86.17.32 google.co.za
O1 - Hosts: 64.86.17.32 google.co.zm
O1 - Hosts: 64.86.17.32 google.com
O1 - Hosts: 64.86.17.32 google.com.af
O1 - Hosts: 64.86.17.32 google.com.ag
O1 - Hosts: 64.86.17.32 google.com.ar
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\antivirus\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [toscdspd] TOSCDSPD.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O17 - HKLM\System\CCS\Services\Tcpip\..\{588172A1-90A6-40BB-97CE-27B3F44B5350}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{8258AADA-EC4D-4A6B-B39A-537A0185E6B3}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{A21E134D-B69F-4B23-AFF5-9134E0528B10}: NameServer = 156.154.70.22,156.154.71.22
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - %fystemRoot%\system32\svchost.exe (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - %fystemroot%\system32\svchost.exe (file missing)


-------------------------------------
Uninstall list

Ad-Aware SE Personal
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player 11
Adobe® Photoshop® Album Starter Edition 3.2
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
Bluetooth Stack for Windows by Toshiba
Bonjour
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
COMODO Internet Security
Conexant HD Audio
Critical Update for Windows Media Player 11 (KB959772)
DivX Content Uploader
DivX Web Player
DVD-RAM Driver
ESET Online Scanner v3
GenoPro 2.0.1.6
GRE POWERPREP
HDAUDIO Soft Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Solution Center 7.0
HP Update
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD for TOSHIBA
iTunes
J2SE Runtime Environment 5.0 Update 4
LG USB Modem driver
LimeWire 4.18.8
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mIWA
mLogView
mMHouse
MobileMe Control Panel
Mozilla Firefox (3.5.2)
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mWlsSafe
mXML
mZConfig
Office 2003 Trial Assistant
Panda ActiveScan 2.0
PeerGuardian 2.0
QuickTime
RealPlayer Basic
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Shop for HP Supplies
Sonic DLA
Sonic Encoders
Sonic RecordNow!
Sony Picture Utility
Sony USB Driver
SPSS 16.0 Graduate Student Version
Spybot - Search & Destroy
SpywareBlaster 4.2
Symantec KB-DocID:2003093015493306
SymNet
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TOSHIBA Assist
TOSHIBA ConfigFree
Toshiba Controls Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA SD Memory Card Format
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Touchpad Utility
TOSHIBA TV Tuner 4.0.12.73
Toshiba Utility
TOSHIBA Zooming Utility
TrojanHunter 5.0
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
V CAST Music Manager
VideoLAN VLC media player 0.8.6c
Vuze Toolbar
Windows Defender
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver


------------------------------

MBAM log.


Malwarebytes' Anti-Malware 1.40
Database version: 2608
Windows 5.1.2600 Service Pack 3

8/17/2009 4:11:53 AM
mbam-log-2009-08-17 (04-11-53).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 165521
Time elapsed: 30 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hello, thank you for posting.

I have copied the text of your logs and added them to your post because our volunteer's do not want to download possibly infected files.


As a general rule we don't provide help support for computers that are currently using P2P/filesharing applications.. The reason is that these P2P applications can lead to infections, re-infections, we don't want the work done towards cleaning/uninfecting your machine to be a lost cause. Some of the files that you may have downloaded with these applications could contain viruses..

Please uninstall any filesharing/peer to peer applications, even if it is temporary on your part, then open spybot search and destroy, from the file menu at the top find and select advanced view, then from the left hand control panel of spybot search and destroy, find and select tools, then select resident, uncheck teatimer.

If you have installed and uninstalled other A/V applications, and still some of their files remain.. There's some other instructions in another post somewhere on here on how to deal with that, I think also, there are some removal utilities to look into, we may have to start with getting these extra A/V applications/files off your machine prior to doing any of the pre-clean up suggestions..


From there, start a new "before you post for help" process, according to the directions posted in this thread (http://forum.networktechs.com/showthread.php?t=49)

Ensure that MBAM is up to date before running, then ensure that "fix all" is checked/selected..

If you continue to have problems with Eset, make sure you are following the tips listed below:

You will need to use Internet Explorer to to complete this scan.
You will need to temporarily Disable your current Anti-virus program.
Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:
• ESET Online Scanner
• Kaspersky Online Scanner
• Panda Active Scan
• Trend Micro HouseCall
• F-Secure Online Virus Scanner

You will find the above links in the "before you post for help" sticky

Finally, ensure that you have only ONE anti-virus application installed and running at a time..


Copy and paste the entire text of your new logs into your next reply, please do not attach the files.

.....

Alright did everything as advised.

Malwarebytes' Anti-Malware 1.40
Database version: 2644
Windows 5.1.2600 Service Pack 3

8/18/2009 2:32:58 AM
mbam-log-2009-08-18 (02-32-58).txt

Scan type: Full Scan (C:\|)
Objects scanned: 167085
Time elapsed: 30 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





ESETSmartInstaller@High as downloader log:
all ok
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.5889
# api_version=3.0.2
# EOSSerial=4b8a8c955132fd4d862f202e4471aa96
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-08-09 08:41:23
# local_time=2009-08-09 03:41:23 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=62879
# found=0
# cleaned=0
# scan_time=2256
ESETSmartInstaller@High as downloader log:
all ok
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.5889
# api_version=3.0.2
# EOSSerial=4b8a8c955132fd4d862f202e4471aa96
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-08-10 07:2 7: 29
# local_time=2009-08-10 02:2 7: 29 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=62950
# found=0
# cleaned=0
# scan_time=2393
ESETSmartInstaller@High as downloader log:
all ok
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6048
# api_version=3.0.2
# EOSSerial=4b8a8c955132fd4d862f202e4471aa96
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-08-17 10:03:54
# local_time=2009-08-17 05:03:54 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3073 37 80 88 38957656250
# compatibility_mode=5889 61 66 100 749394448125000
# scanned=64551
# found=0
# cleaned=0
# scan_time=2742
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6048
# api_version=3.0.2
# EOSSerial=4b8a8c955132fd4d862f202e4471aa96
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-08-18 08:24:18
# local_time=2009-08-18 03:24:18 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3073 37 80 88 54308125000
# compatibility_mode=5889 61 66 100 750198685625000
# scanned=64780
# found=0
# cleaned=0
# scan_time=2607







Logfile of HijackThis v1.99.1
Scan saved at 3:35:14 AM, on 8/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\antivirus\jackedup.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 64.86.17.32 google.ae
O1 - Hosts: 64.86.17.32 google.as
O1 - Hosts: 64.86.17.32 google.at
O1 - Hosts: 64.86.17.32 google.az
O1 - Hosts: 64.86.17.32 google.ba
O1 - Hosts: 64.86.17.32 google.be
O1 - Hosts: 64.86.17.32 google.bg
O1 - Hosts: 64.86.17.32 google.bs
O1 - Hosts: 64.86.17.32 google.ca
O1 - Hosts: 64.86.17.32 google.cd
O1 - Hosts: 64.86.17.32 google.com.gh
O1 - Hosts: 64.86.17.32 google.com.hk
O1 - Hosts: 64.86.17.32 google.com.jm
O1 - Hosts: 64.86.17.32 google.com.mx
O1 - Hosts: 64.86.17.32 google.com.my
O1 - Hosts: 64.86.17.32 google.com.na
O1 - Hosts: 64.86.17.32 google.com.nf
O1 - Hosts: 64.86.17.32 google.com.ng
O1 - Hosts: 64.86.17.32 google.ch
O1 - Hosts: 64.86.17.32 google.com.np
O1 - Hosts: 64.86.17.32 google.com.pr
O1 - Hosts: 64.86.17.32 google.com.qa
O1 - Hosts: 64.86.17.32 google.com.sg
O1 - Hosts: 64.86.17.32 google.com.tj
O1 - Hosts: 64.86.17.32 google.com.tw
O1 - Hosts: 64.86.17.32 google.dj
O1 - Hosts: 64.86.17.32 google.de
O1 - Hosts: 64.86.17.32 google.dk
O1 - Hosts: 64.86.17.32 google.dm
O1 - Hosts: 64.86.17.32 google.ee
O1 - Hosts: 64.86.17.32 google.fi
O1 - Hosts: 64.86.17.32 google.fm
O1 - Hosts: 64.86.17.32 google.fr
O1 - Hosts: 64.86.17.32 google.ge
O1 - Hosts: 64.86.17.32 google.gg
O1 - Hosts: 64.86.17.32 google.gm
O1 - Hosts: 64.86.17.32 google.gr
O1 - Hosts: 64.86.17.32 google.ht
O1 - Hosts: 64.86.17.32 google.ie
O1 - Hosts: 64.86.17.32 google.im
O1 - Hosts: 64.86.17.32 google.in
O1 - Hosts: 64.86.17.32 google.it
O1 - Hosts: 64.86.17.32 google.ki
O1 - Hosts: 64.86.17.32 google.la
O1 - Hosts: 64.86.17.32 google.li
O1 - Hosts: 64.86.17.32 google.lv
O1 - Hosts: 64.86.17.32 google.ma
O1 - Hosts: 64.86.17.32 google.ms
O1 - Hosts: 64.86.17.32 google.mu
O1 - Hosts: 64.86.17.32 google.mw
O1 - Hosts: 64.86.17.32 google.nl
O1 - Hosts: 64.86.17.32 google.no
O1 - Hosts: 64.86.17.32 google.nr
O1 - Hosts: 64.86.17.32 google.nu
O1 - Hosts: 64.86.17.32 google.pl
O1 - Hosts: 64.86.17.32 google.pn
O1 - Hosts: 64.86.17.32 google.pt
O1 - Hosts: 64.86.17.32 google.ro
O1 - Hosts: 64.86.17.32 google.ru
O1 - Hosts: 64.86.17.32 google.rw
O1 - Hosts: 64.86.17.32 google.sc
O1 - Hosts: 64.86.17.32 google.se
O1 - Hosts: 64.86.17.32 google.sh
O1 - Hosts: 64.86.17.32 google.si
O1 - Hosts: 64.86.17.32 google.sm
O1 - Hosts: 64.86.17.32 google.sn
O1 - Hosts: 64.86.17.32 google.st
O1 - Hosts: 64.86.17.32 google.tl
O1 - Hosts: 64.86.17.32 google.tm
O1 - Hosts: 64.86.17.32 google.tt
O1 - Hosts: 64.86.17.32 google.us
O1 - Hosts: 64.86.17.32 google.vu
O1 - Hosts: 64.86.17.32 google.ws
O1 - Hosts: 64.86.17.32 google.co.ck
O1 - Hosts: 64.86.17.32 google.co.id
O1 - Hosts: 64.86.17.32 google.co.il
O1 - Hosts: 64.86.17.32 google.co.in
O1 - Hosts: 64.86.17.32 google.co.jp
O1 - Hosts: 64.86.17.32 google.co.kr
O1 - Hosts: 64.86.17.32 google.co.ls
O1 - Hosts: 64.86.17.32 google.co.ma
O1 - Hosts: 64.86.17.32 google.co.nz
O1 - Hosts: 64.86.17.32 google.co.tz
O1 - Hosts: 64.86.17.32 google.co.ug
O1 - Hosts: 64.86.17.32 google.co.uk
O1 - Hosts: 64.86.17.32 google.co.za
O1 - Hosts: 64.86.17.32 google.co.zm
O1 - Hosts: 64.86.17.32 google.com
O1 - Hosts: 64.86.17.32 google.com.af
O1 - Hosts: 64.86.17.32 google.com.ag
O1 - Hosts: 64.86.17.32 google.com.ar
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [toscdspd] TOSCDSPD.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O17 - HKLM\System\CCS\Services\Tcpip\..\{588172A1-90A6-40BB-97CE-27B3F44B5350}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{8258AADA-EC4D-4A6B-B39A-537A0185E6B3}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{A21E134D-B69F-4B23-AFF5-9134E0528B10}: NameServer = 156.154.70.22,156.154.71.22
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - %fystemRoot%\system32\svchost.exe (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - %fystemroot%\system32\svchost.exe (file missing)






Ad-Aware SE Personal
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player 11
Adobe® Photoshop® Album Starter Edition 3.2
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
Bluetooth Stack for Windows by Toshiba
Bonjour
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
COMODO Internet Security
Conexant HD Audio
Critical Update for Windows Media Player 11 (KB959772)
DivX Content Uploader
DivX Web Player
DVD-RAM Driver
ESET Online Scanner v3
GRE POWERPREP
HDAUDIO Soft Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Solution Center 7.0
HP Update
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD for TOSHIBA
iTunes
J2SE Runtime Environment 5.0 Update 4
LG USB Modem driver
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mIWA
mLogView
mMHouse
MobileMe Control Panel
Mozilla Firefox (3.5.2)
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mWlsSafe
mXML
mZConfig
Office 2003 Trial Assistant
Panda ActiveScan 2.0
QuickTime
RealPlayer Basic
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Shop for HP Supplies
Sonic DLA
Sonic Encoders
Sonic RecordNow!
Sony Picture Utility
Sony USB Driver
SPSS 16.0 Graduate Student Version
Spybot - Search & Destroy
Symantec KB-DocID:2003093015493306
SymNet
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TOSHIBA Assist
TOSHIBA ConfigFree
Toshiba Controls Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA SD Memory Card Format
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Touchpad Utility
TOSHIBA TV Tuner 4.0.12.73
Toshiba Utility
TOSHIBA Zooming Utility
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
V CAST Music Manager
VideoLAN VLC media player 0.8.6c
Windows Defender
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver

Download the program HostsXpert (http://www.funkytoad.com/download/HostsXpert.zip) which gives you the ability to restore the default host file back onto your machine. To do so, download the HostsXpert program and run it. When it opens, click on the Restore Original Hosts button and then exit HostsXpert.

You are using a WAY out of date version of HiJackThis. Please Uninstall that, download the latest version from HERE (http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10781312.html)

Run the full scan with it and post the new scan log. We have no need to see the installed programs list again so you don't have to do that again. Just the new HJT scan log.

Downloaded HostsXpert. At first it said the obvious "Your Hosts file is marked as a "system file" and can NOT be manipulated. Press OK to remove the system attribute, CANCEL to Quit." So I hit ok. But the same message pops up. So I hit OK again. The program runs and i guess makes changes something. Then I press Restore MS Hosts File. "Press ok to restore original hosts file" pops up I press ok. It says, "ERROR Cannot create C:\Windows\System 32\Drivers\ETC\hosts" I click ok and the program closes.

Should I try it in safe mode?






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:13 AM, on 8/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\antivirus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 64.86.17.32 google.ae
O1 - Hosts: 64.86.17.32 google.as
O1 - Hosts: 64.86.17.32 google.at
O1 - Hosts: 64.86.17.32 google.az
O1 - Hosts: 64.86.17.32 google.ba
O1 - Hosts: 64.86.17.32 google.be
O1 - Hosts: 64.86.17.32 google.bg
O1 - Hosts: 64.86.17.32 google.bs
O1 - Hosts: 64.86.17.32 google.ca
O1 - Hosts: 64.86.17.32 google.cd
O1 - Hosts: 64.86.17.32 google.com.gh
O1 - Hosts: 64.86.17.32 google.com.hk
O1 - Hosts: 64.86.17.32 google.com.jm
O1 - Hosts: 64.86.17.32 google.com.mx
O1 - Hosts: 64.86.17.32 google.com.my
O1 - Hosts: 64.86.17.32 google.com.na
O1 - Hosts: 64.86.17.32 google.com.nf
O1 - Hosts: 64.86.17.32 google.com.ng
O1 - Hosts: 64.86.17.32 google.ch
O1 - Hosts: 64.86.17.32 google.com.np
O1 - Hosts: 64.86.17.32 google.com.pr
O1 - Hosts: 64.86.17.32 google.com.qa
O1 - Hosts: 64.86.17.32 google.com.sg
O1 - Hosts: 64.86.17.32 google.com.tj
O1 - Hosts: 64.86.17.32 google.com.tw
O1 - Hosts: 64.86.17.32 google.dj
O1 - Hosts: 64.86.17.32 google.de
O1 - Hosts: 64.86.17.32 google.dk
O1 - Hosts: 64.86.17.32 google.dm
O1 - Hosts: 64.86.17.32 google.ee
O1 - Hosts: 64.86.17.32 google.fi
O1 - Hosts: 64.86.17.32 google.fm
O1 - Hosts: 64.86.17.32 google.fr
O1 - Hosts: 64.86.17.32 google.ge
O1 - Hosts: 64.86.17.32 google.gg
O1 - Hosts: 64.86.17.32 google.gm
O1 - Hosts: 64.86.17.32 google.gr
O1 - Hosts: 64.86.17.32 google.ht
O1 - Hosts: 64.86.17.32 google.ie
O1 - Hosts: 64.86.17.32 google.im
O1 - Hosts: 64.86.17.32 google.in
O1 - Hosts: 64.86.17.32 google.it
O1 - Hosts: 64.86.17.32 google.ki
O1 - Hosts: 64.86.17.32 google.la
O1 - Hosts: 64.86.17.32 google.li
O1 - Hosts: 64.86.17.32 google.lv
O1 - Hosts: 64.86.17.32 google.ma
O1 - Hosts: 64.86.17.32 google.ms
O1 - Hosts: 64.86.17.32 google.mu
O1 - Hosts: 64.86.17.32 google.mw
O1 - Hosts: 64.86.17.32 google.nl
O1 - Hosts: 64.86.17.32 google.no
O1 - Hosts: 64.86.17.32 google.nr
O1 - Hosts: 64.86.17.32 google.nu
O1 - Hosts: 64.86.17.32 google.pl
O1 - Hosts: 64.86.17.32 google.pn
O1 - Hosts: 64.86.17.32 google.pt
O1 - Hosts: 64.86.17.32 google.ro
O1 - Hosts: 64.86.17.32 google.ru
O1 - Hosts: 64.86.17.32 google.rw
O1 - Hosts: 64.86.17.32 google.sc
O1 - Hosts: 64.86.17.32 google.se
O1 - Hosts: 64.86.17.32 google.sh
O1 - Hosts: 64.86.17.32 google.si
O1 - Hosts: 64.86.17.32 google.sm
O1 - Hosts: 64.86.17.32 google.sn
O1 - Hosts: 64.86.17.32 google.st
O1 - Hosts: 64.86.17.32 google.tl
O1 - Hosts: 64.86.17.32 google.tm
O1 - Hosts: 64.86.17.32 google.tt
O1 - Hosts: 64.86.17.32 google.us
O1 - Hosts: 64.86.17.32 google.vu
O1 - Hosts: 64.86.17.32 google.ws
O1 - Hosts: 64.86.17.32 google.co.ck
O1 - Hosts: 64.86.17.32 google.co.id
O1 - Hosts: 64.86.17.32 google.co.il
O1 - Hosts: 64.86.17.32 google.co.in
O1 - Hosts: 64.86.17.32 google.co.jp
O1 - Hosts: 64.86.17.32 google.co.kr
O1 - Hosts: 64.86.17.32 google.co.ls
O1 - Hosts: 64.86.17.32 google.co.ma
O1 - Hosts: 64.86.17.32 google.co.nz
O1 - Hosts: 64.86.17.32 google.co.tz
O1 - Hosts: 64.86.17.32 google.co.ug
O1 - Hosts: 64.86.17.32 google.co.uk
O1 - Hosts: 64.86.17.32 google.co.za
O1 - Hosts: 64.86.17.32 google.co.zm
O1 - Hosts: 64.86.17.32 google.com
O1 - Hosts: 64.86.17.32 google.com.af
O1 - Hosts: 64.86.17.32 google.com.ag
O1 - Hosts: 64.86.17.32 google.com.ar
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [toscdspd] TOSCDSPD.EXE
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O17 - HKLM\System\CCS\Services\Tcpip\..\{588172A1-90A6-40BB-97CE-27B3F44B5350}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{8258AADA-EC4D-4A6B-B39A-537A0185E6B3}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{A21E134D-B69F-4B23-AFF5-9134E0528B10}: NameServer = 156.154.70.22,156.154.71.22
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 8361 bytes

Didn't notice till tonight, your last post was placed in que pending approval, it may not have been visible by you after posting. I moved it to approved but if you notice that you cant view your latest posts after posting, please send Jholland or myself a PM to bring it to our attention. Sorry for the inconvenience.

When you run the hostfile fix application, make sure you are logged in as administrator, disconnect from the internet/network physically, unplug.. then temporarily disable/exit any anti-virus/anti-malware applications that are running as they may be preventing the application from making the necesary changes.. "protecting system files from changes"

You may also need to run the application as administrator, to do this; Right click on the icon for that application, find and select "RUN AS" then "Administrator" If you see the option "protect my computer and data from unauthorized program activity" uncheck it.

If you are not currently logged in as administrator, select the user "administrator" from the user list below the current user.

I disconnected from the internet as told, and disabled all anti virus/malware programs. Still the same problem. Then I tried to right click..run as..(my account, I only have one user account- which is set to the administrator) didnt work, then at the bottom of the run as menu tried to select administrator, but my user account password didnt work and leaving it blank didnt work. Then i tried it in safe mode, logged in as the administrator-wth no password, and still the same problem. "ERROR Cannot create C:\Windows\System 32\Drivers\ETC\hosts

It looks like your post went through without being moderated by the system, so.. on with the show.. I have a couple more suggestions regarding the hosts file.

Open the start menu then "Search", then "for files and folders" type in Hosts, select local drive C: and then click search, your search should find, hosts "no extension" with the path C:\WINDOWS\system32\drivers\etc, if so it's in there, and everything should be OK with the file, right click on HOSTS with the path listed above, then select properties.. There should be some check boxes at the bottom of the popup box tht read/lists host file attributes.. Find and Uncheck read only, then try running the previous application as "administrator and see what happens.

The other suggestion is to ensure that you are logged in as administrator, open the start menu, select "settings" then "control panel" then find and open "system", click on the "advanced" tab near the top of the pop up box, from the advanced tab find and select settings in the "performance" section. From the performance settings, find and select the tab that says "data execution prevention".. Find and select Turn on DEP for all programs and services except those that I select.. Then select "ADD..." Use the explorer popup box to find and select the application's "hostxpert.exe?" whatever .exe the start/desktop Icon is linked to.. It's the main program EXE file that you are using to edit/restore your hosts file... Adding this application to DEP's exclusion list should give it full administrator access. If these suggestions do not work, you may need to run in safe mode and change the read only attribute of c:\windows\system32\drivers\etc\hosts, then just delete it.

ensure that "hide file extensions of known file types" is unchecked in folder vew options. then open notepad.exe, located in start/programs/accessories then copy and paste the following into notepad.. # Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

Then save the file as a .txt file in the c:\windows\system32\drivers\etc folder, as hosts.txt
Then navigate to the c:\windows\system32\drivers\etc folder, then right click on the HOSTS.TXT file that you just saved, then select rename, and finally delete the file name's extention ".txt" including the period.. windows should as if you are SURE you want to chane the file type, click yes or OK, then you have a new fixed default hosts file.. without readonly attributes.. If you do not still have access to hosts then most likely one of your antivirus/anti-malware" applications has taken ownership and denied access to the file/path via a registry setting.... to restore/take ownership of the hosts file again, you open regedit from the start run command, then select edit/search, type in hosts
look for any registry entries related to hosts, then let me know what you find, It may be difficult, but I'll probly need to see the registry entries word for word. if you can get a screenshot /s of the host file registry entries found and use something like image shack to host them, I would be able to find the culprit and suggest the changes "to retake ownership and deny system access, while granting admin full access..

Something I just noticed when i run msconfig and go to boot.ini i can't click /safeboot unless i click multi(............

should it read...
[boot loader]
timeout=3
default=multi (0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating system]
C:\CMDCONs\BOOTSECT.DAT="MicrosoftWindows Recovery Console' /cmdcons ***?
multi(0)disk(0)rdisk(0)partition(1)Windows="Windows XP Media Center Edition"/fastdetect /NoEecute=OptOut ***?

I used to be able to run msconfig then boot.ini and select safeboot right away but now i have to click on the multi... as i said.

Ive tried all of the above mentioned with no success. About the regedit part, I did not have anti virus/malware installed untill i had these host problems, so not being able to edit or delete the hosts file existed before i installed these programs. In safe mode the hosts file attributes cannot be changed from read only it says access denied.

I did the regedit search but am not familiar with regedit too well. On the left side a lot popped up on the right only one line that said "default" "REG_SZ" "Constructor that allows hosts better control creating scriptlets"

Thanks for the update.. Regarding your bootloader menu.. It's not the usual bootloader

the NoExecute=OptOut

The default value. OptIn Limits DEP to Windows system binaries. This may be why you can't change this system file with Anything.

edit, also, unless you are asking windows to load the safe mode boot menu, you don't need the CMDCONs entry. I don't know what to say other than there's something on your computer blocking access to the hosts file..

Have a look at this section at mvps.org, http://www.mvps.org/winhelp2002/hostsfaq.htm#Locking

Hmm so is there something i should do about the bootloader menu?

I read the link but that seems limited to ZoneAlarm, are we at the end of the road?

Try disconnecting from the internet, unplug/turn off the wireless router if you have wireless/ uninstall comodo and windows defender, then I think if you set msconfig back to normal startup, then use the f8 key to load in safemode, try to rename the hosts file from hosts to hosts.bac or hosts.old. Default location is windows/system32/driver/etc folder.. Then run hostxpert and see if it works or not.. If you still get the error cannot create hosts file.. There is another option.. Boot in safemode, put your windows installation CD in the CD/DVDROM drive, if it opens up a setup screen just close this, leave the windows installation disc in the CD/DVDROM drive, then open start|run and type sfc /scannow (then click ok) the sfc scannow option will compare the system files on the C drive to the files on the CD/DVDROM and replace any that don't match. If your installation disc is not sp3, you may have to uninstall service pack 3 in order to use the sfc /scannow command..

Once this is done, you should restart, then re-install ONE firewall application and ONE anti-virus/malware application that does not have a built in firewall.

If the first set of suggestions in the previous post, regarding uninstalling your current anti-virus/anti-malware applications, including windows defender don't work. there is another application that we can use to help you clean/fix the issue.. Hold off on the sfc /scannow suggestion..

The other application is called ComboFix, it requires specific instructions to run and someone to read the log and create the cleaning batch file.. I havn't used it myself but I think JHolland1964, knows how to make the script file.

Alright the first option worked..somewhat. I unistalled both Comodo and Defender. In safe mode i renamed the file created a new one with hostexpert. I then replaced it with the hosts file from mvps-hopefully you recommend that. However I cannot delete the old, now, hosts.bac - is that a problem?

Also is comodo pro and defender good or what free ware set up would you recommend?

Thanks a lot!

This may not be related but was on the original post i cant see the character (numbers/letter) in the image on the search page for this forum and other forums.

It could be a security setting in your browser, you may have to add the sites to the trusted zone and allow scripts/cookies for trusted sites.

The way to delete the old file: as follows; If your version of windows is "home" you need to restart in safe mode and log in as the administrator.. If it is windows xp pro, you don't need to restart in safe mode, but you need to open start | settings | control panel | folder options | view, then scroll down the view options to "use simple file sharing" and uncheck it... click ok and viola... I recomend that if you have this option to leave it unchecked..

I am uncertain if this method applies to windows xp media center edition.

You can access/delete the file by taking ownership.

link (http://support.microsoft.com/kb/308421)
To take ownership of a file, follow these steps:
Right-click the file that you want to take ownership of, and then click Properties.
Click the Security tab, and then click OK on the Security message (if one appears).
Click Advanced, and then click the Owner tab.
In the Name list, click Administrator, or click the Administrators group, and then click OK.

The administrator or the administrators group now owns the file.
To change the permissions on the file that you now own, follow these steps:
Click Add.
In the Enter the object names to select (examples) list, type the user or group account that you want to have access to the file. For example, type Administrator.
Click OK.
In the Group or user names list, click the account that you want, and then select the check boxes of the permissions that you want to assign that user.
When you are finished assigning permissions, click OK.
You can now access the file.

For permissions, I would recommend that you deny system permissions, and grant full control to the administrator

In regards to which applications are good, Malwarebytes anti-malware "mbam" is good, if it is kept up to date and run once n a while.. there are some other anti-malware applications that provide "protection" such as adawareSE or super anti-spyware, or spyware blaster. Then the built in windows firewall, at the minimum, or some other free firewall application. You want to get one that can report outgoing connections, prompt you to either allow, or deny the application permission to send information out on the network.... I have used zone alarm free firewall in the past, with a different OS, but I think; or it is my speculation that, it is lacking in security/privacy, updates may lend to worse privacy/security...

If you want to find what other people are using, I'd suggest searching through google for free firewall reviews from well known tech/help or security related websites. I think some of the comercial companies, that have fee based products, have to put the lotion on their skin, in order for them to be a for profit comercial entity, in this organization//


I'm thinking that you still have some little issues, so I am going to recommend that you follow the instructions for running ComboFix, "when you get the instructions" and then attach the CombFixlog.

BEFORE running Combofix, I think other steps should be taken. Combofix is a pretty drastic program to begin with. Start with these steps, post the logs, then do a new HJT scan and post that log and then it can be decided if Combofix is needed, right now? I would say no.

Please download Malwarebytes' Anti-Malware (MBA-M) (http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html) to your Desktop.

DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer


Please Run the ESET Online Scanner (http://www.eset.com/onlinescan/) and attach the ScanLog with your post for assistance.

You will need to use Internet Explorer to to complete this scan.
You will need to temporarily Disable your current Anti-virus program.
Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

Again, Reboot the computer.

Run a new HiJackThis scan and save the log. Post back here with the logs in this order;
MBA-M log, ESET log, and the HJT log.
I'll take a look at all.
Judy

Malwarebytes' Anti-Malware 1.40
Database version: 2734
Windows 5.1.2600 Service Pack 3

9/3/2009 3:20:23 AM
mbam-log-2009-09-03 (03-20-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 168707
Time elapsed: 29 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=4b8a8c955132fd4d862f202e4471aa96
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-09-03 09:30:22
# local_time=2009-09-03 04:30:22 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=64767
# found=0
# cleaned=0
# scan_time=2284





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:55 AM, on 9/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\antivirus\jackT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [toscdspd] TOSCDSPD.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8258AADA-EC4D-4A6B-B39A-537A0185E6B3}: NameServer = 207.7.4.67,207.7.4.66
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 3948 bytes

You have ONE entry for a Norton/Symantec program in services is that part of your old anti-virus program.
You need to install a new one. I recommend either Avira (http://www.free-av.com/) or Avast (http://www.avast.com/eng/programs.html). Both EXCELLENT Free programs. You choose.
Otherwise the logs looks ok.

Nice! just put a check in the symantec network service noted with (file missing) and have hijack this fix it. |

Were you able to delete the old hosts file after Mbam cleared the couple of registry hijacks?

Comodo seems to be a decent applicaiton, regarding security/firewall, and I have heard good things about tiny personal firewall, download/cnet shows over 1.6million downloads of Tiny firewall, so I hope it's OK...

I tried to take ownership and still cant delete the old file. (hosts.bac)

After you take ownership, ensure that you remove the read only attribute via right clicking on hosts.bac and selecting properties, then unchecking the read only box. If you still can't delete the file once you have unchecked the read only attribute, try in safe mode.

Alright got EVERYTHING taken care of thanks A LOT! I re-downloaded Windows Defender, but it won't let me update says error found: code 0x8000700002.

This could be an incompatability with one or more of your security applications. Windows defender should only be used if you don't have a 3rd party anti-spyware/anti-virus and or firewall application already installed.