Google result links keep redirecting

Dell Dimension 3000 desktop
April 19, 2010 at 18:10:27
Specs: Windows XP
Basically, every time I search something using Google and I click on a link I get redirected to a somewhat related advertisement. I used Malwarebytes Anti-Malware and that deleted whatever was causing it. However, it came back. I also tried SUPERAntiSpyware and Ad-Aware but every time I delete whatever is causing this, it just comes back again. This problem seems to be plaguing the community but I don't know what else to try at this point. I saw other posts related to this but they seem to be unique to each infected computer. Any help would be appreciated.

See More: Google result links keep redirecting

Report •


#1
April 19, 2010 at 18:34:35
have the same problem.. ran the same programs, no luck. let
me know if you find help or a solution, I'm having trouble gettin
this off and it's annoying!

Report •

#2
April 19, 2010 at 19:20:59
Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt (do not zip just copy/paste)

Save both reports to your desktop then post them please.You may need to post in segments to get all the info to us as the logs may be to large to fit in one post.

Download TDSSKiller to your Desktop from the following link.

TDSSKiller

1. Extract the contents of TDSSKiller.zip to your Desktop.

2. Double click on TDSSKiller.exe to run it.

3. If it finds something and asks you what to do, follow the instructions to type in "delete".

4. When done, a log file should be created on your C: drive called TDSSKiller.txt(with time+date appended) please post this log in your next reply.

Then update Malwarebytes > run it> post its log.


Report •

#3
April 19, 2010 at 20:16:45
DDS (Ver_10-03-17.01) - NTFSx86
Run by Zack Hendrick at 22:11:12.32 on Mon 04/19/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.77 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Zack Hendrick\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.yahoo.com/
uSearch Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {0c25c00e-43d9-4a33-9a1e-0c4802edb222}: {222bde20-84c0-e1a9-33a4-9d34e00c52c0}
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
{dc3d2c40-5e32-4f95-bf25-fdb4f007c883}
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Auto EPSON Stylus Photo R280 Series on DON] c:\windows\system32\spool\drivers\w32x86\3\e_faticka.exe /fu "c:\windows\temp\E_S4A.tmp" /EF

"HKCU"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program

files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [RunNarrator] Narrator.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft

office\office14\ONBttnIELinkedNotes.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: Photobucket Publisher - hxxp://pic.photobucket.com/plugins/csve/photobucket_publisher.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247335678046
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\byXOfeeb
LSA: Notification Packages = scecli c:\windows\system32\wokohebu.dll
Hosts: 82.98.231.89 url.adtrgt.com
Hosts: 82.98.231.89 googleads2.gdoubleclick.net

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\zackhe~1\applic~1\mozilla\firefox\profiles\023c5rus.default\
FF - prefs.js: browser.startup.homepage - hxxp://att.yahoo.com/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows

presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-18 64288]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-10-22 214664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1265264]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-22 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-10-22 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-10-22 144704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-13 24652]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-10-22 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-10-22 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-10-22 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-10-22 40552]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-10-22 34248]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26

4639136]

=============== Created Last 30 ================

2010-04-20 02:27:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-20 02:27:22 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 02:27:21 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-20 00:39:31 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-04-18 23:40:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-18 20:36:07 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-18 20:35:50 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-18 20:30:58 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-18 20:27:31 0 d-----w- c:\program files\Lavasoft
2010-04-10 21:51:24 411368 ----a-w- c:\windows\system32\deploytk.dll

==================== Find3M ====================

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-02-25 16:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-17 14:10:28 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-17 14:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 13:25:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2006-03-09 22:06:01 640426 --sha-w- c:\windows\system32\abadd.bak2
2006-03-09 22:44:55 281974 --sha-w- c:\windows\system32\abadd.ini2
2009-01-16 04:32:54 1650605 --sha-w- c:\windows\system32\beefOXyb.ini2
2006-04-04 01:32:05 313160 --sha-w- c:\windows\system32\edeeg.bak2
2008-09-22 18:16:07 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092220080923\index.dat

============= FINISH: 22:12:56.21 ===============


Report •

Related Solutions

#4
April 19, 2010 at 20:18:02
UNLESS SPECIFICALLY

INSTRUCTED, DO NOT POST

THIS LOG.
IF REQUESTED, ZIP IT UP &

ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device:

\Device\HarddiskVolume2
Install Date: 6/23/2005 10:13:09 PM
System Uptime: 4/19/2010 9:42:58

PM (1 hours ago)

Motherboard: Dell Computer Corp. |

| 0TC666
Processor: Intel(R)

Celeron(R) CPU 2.40GHz |

Microprocessor | 2395/533mhz

==== Disk Partitions

=========================

C: is FIXED (NTFS) - 33 GiB total,

13.264 GiB free.

==== Disabled Device Manager Items

=============

==== System Restore Points

===================

RP296: 2/20/2010 3:47:17 PM -

System Checkpoint
RP297: 2/20/2010 4:41:15 PM -

Installed QuickTime
RP298: 2/23/2010 7:34:31 PM -

System Checkpoint
RP299: 2/24/2010 8:28:49 AM -

Software Distribution Service 3.0
RP300: 2/25/2010 5:53:10 PM -

System Checkpoint
RP301: 2/27/2010 11:12:28 AM -

System Checkpoint
RP302: 3/1/2010 3:46:00 PM -

System Checkpoint
RP303: 3/3/2010 6:08:06 PM -

System Checkpoint
RP304: 3/4/2010 6:24:30 PM -

System Checkpoint
RP305: 3/5/2010 11:00:43 PM -

System Checkpoint
RP306: 3/7/2010 12:29:50 PM -

System Checkpoint
RP307: 3/11/2010 12:04:34 AM -

Software Distribution Service 3.0
RP308: 3/13/2010 11:45:15 AM -

System Checkpoint
RP309: 3/14/2010 1:31:57 PM -

System Checkpoint
RP310: 3/15/2010 6:32:48 PM -

System Checkpoint
RP311: 3/16/2010 7:12:18 PM -

System Checkpoint
RP312: 3/17/2010 7:22:35 PM -

System Checkpoint
RP313: 3/19/2010 5:21:39 PM -

System Checkpoint
RP314: 3/20/2010 5:35:47 PM -

System Checkpoint
RP315: 3/21/2010 5:49:25 PM -

System Checkpoint
RP316: 3/22/2010 6:32:54 PM -

System Checkpoint
RP317: 3/24/2010 6:43:49 PM -

System Checkpoint
RP318: 3/25/2010 6:54:00 PM -

System Checkpoint
RP319: 3/26/2010 7:05:41 PM -

System Checkpoint
RP320: 3/27/2010 8:03:26 PM -

System Checkpoint
RP321: 3/28/2010 8:17:51 PM -

System Checkpoint
RP322: 3/31/2010 8:33:31 AM -

Software Distribution Service 3.0
RP323: 4/1/2010 8:52:58 AM -

System Checkpoint
RP324: 4/3/2010 10:57:47 AM -

System Checkpoint
RP325: 4/5/2010 4:23:25 PM -

System Checkpoint
RP326: 4/9/2010 3:47:04 PM -

System Checkpoint
RP327: 4/10/2010 4:49:21 PM -

Installed Java(TM) 6 Update 18
RP328: 4/13/2010 4:08:18 PM -

System Checkpoint
RP329: 4/14/2010 8:33:21 AM -

Software Distribution Service 3.0
RP330: 4/14/2010 8:38:16 PM -

Software Distribution Service 3.0
RP331: 4/16/2010 6:21:21 PM -

System Checkpoint
RP332: 4/18/2010 12:13:31 AM -

Installed SUPERAntiSpyware Free

Edition
RP333: 4/18/2010 4:05:13 PM -

Removed SUPERAntiSpyware Free

Edition
RP334: 4/18/2010 4:13:23 PM -

Removed Adobe Reader 9.3.2.
RP335: 4/18/2010 4:15:35 PM -

Removed Acrobat.com
RP336: 4/18/2010 4:18:50 PM -

Removed QuickTime
RP337: 4/19/2010 7:43:27 PM -

Restore Operation

==== Installed Programs

======================

3DVIA Player 4.1
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
AOLIcon
Apple Application Support
Apple Software Update
AT&T Yahoo! Applications
AT&T Yahoo! DSL Activation
Bonjour
BroadJump Client Foundation
CCleaner
Critical Update for Windows Media

Player 11 (KB959772)
Dell Driver Download Manager
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell System Restore
DellSupport
Hotfix for Microsoft .NET Framework

3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework

3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer

7 (KB947864)
Hotfix for Windows Media Format 11

SDK (KB929399)
Hotfix for Windows Media Player 11

(KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP

(KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP

(KB970653-v3)
Hotfix for Windows XP

(KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and

Drivers
Intel(R) PROSet for Wired

Connections
Internet Explorer Default Page
J2SE Runtime Environment 5.0

Update 11
J2SE Runtime Environment 5.0

Update 3
J2SE Runtime Environment 5.0

Update 9
Java 2 Runtime Environment, SE

v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) SE Runtime Environment 6

Update 1
LiveUpdate Notice (Symantec

Corporation)
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1

Security Update (KB953297)
Microsoft .NET Framework 2.0

Service Pack 2
Microsoft .NET Framework 3.0

Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack

1.0 for Windows XP
Microsoft IntelliPoint 4.1
Microsoft Internationalized Domain

Names Mitigation APIs
Microsoft National Language Support

Downlevel APIs
Microsoft Office 2000 SR-1 Small

Business
Microsoft Office Access MUI

(English) 2010 (Beta)
Microsoft Office Access Setup

Metadata MUI (English) 2010 (Beta)
Microsoft Office Excel MUI (English)

2010 (Beta)
Microsoft Office OneNote MUI

(English) 2010 (Beta)
Microsoft Office Outlook MUI

(English) 2010 (Beta)
Microsoft Office PowerPoint MUI

(English) 2010 (Beta)
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010

(Beta)
Microsoft Office Proof (French) 2010

(Beta)
Microsoft Office Proof (Spanish)

2010 (Beta)
Microsoft Office Proofing (English)

2010 (Beta)
Microsoft Office Publisher MUI

(English) 2010 (Beta)
Microsoft Office Shared MUI

(English) 2010 (Beta)
Microsoft Office Shared Setup

Metadata MUI (English) 2010 (Beta)
Microsoft Office Single Image 2010

(Beta)
Microsoft Office Word MUI (English)

2010 (Beta)
Microsoft Plus! Digital Media Edition

Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Software Update for Web

Folders (English) 14 (Beta)
Microsoft SQL Server 2008

Management Objects
Microsoft User-Mode Driver

Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
My Way Search Assistant
PowerDVD 5.5
RealPlayer Basic
Security Update for Microsoft Office

2010 File Validation - Beta

(KB976133)
Security Update for Step By Step

Interactive Training (KB898458)
Security Update for Step By Step

Interactive Training (KB923723)
Security Update for Windows Internet

Explorer 7 (KB928090)
Security Update for Windows Internet

Explorer 7 (KB929969)
Security Update for Windows Internet

Explorer 7 (KB931768)
Security Update for Windows Internet

Explorer 7 (KB933566)
Security Update for Windows Internet

Explorer 7 (KB937143)
Security Update for Windows Internet

Explorer 7 (KB938127)
Security Update for Windows Internet

Explorer 7 (KB939653)
Security Update for Windows Internet

Explorer 7 (KB942615)
Security Update for Windows Internet

Explorer 7 (KB944533)
Security Update for Windows Internet

Explorer 7 (KB950759)
Security Update for Windows Internet

Explorer 7 (KB953838)
Security Update for Windows Internet

Explorer 7 (KB956390)
Security Update for Windows Internet

Explorer 7 (KB958215)
Security Update for Windows Internet

Explorer 7 (KB960714)
Security Update for Windows Internet

Explorer 7 (KB969897)
Security Update for Windows Internet

Explorer 8 (KB969897)
Security Update for Windows Internet

Explorer 8 (KB971961)
Security Update for Windows Internet

Explorer 8 (KB972260)
Security Update for Windows Internet

Explorer 8 (KB974455)
Security Update for Windows Internet

Explorer 8 (KB976325)
Security Update for Windows Internet

Explorer 8 (KB978207)
Security Update for Windows Internet

Explorer 8 (KB981332)
Security Update for Windows Media

Player (KB911564)
Security Update for Windows Media

Player (KB952069)
Security Update for Windows Media

Player (KB954155)
Security Update for Windows Media

Player (KB968816)
Security Update for Windows Media

Player (KB973540)
Security Update for Windows Media

Player 10 (KB911565)
Security Update for Windows Media

Player 10 (KB917734)
Security Update for Windows Media

Player 10 (KB936782)
Security Update for Windows Media

Player 11 (KB936782)
Security Update for Windows Media

Player 11 (KB954154)
Security Update for Windows Media

Player 6.4 (KB925398)
Security Update for Windows XP

(KB923561)
Security Update for Windows XP

(KB923689)
Security Update for Windows XP

(KB938464-v2)
Security Update for Windows XP

(KB938464)
Security Update for Windows XP

(KB941569)
Security Update for Windows XP

(KB946648)
Security Update for Windows XP

(KB950760)
Security Update for Windows XP

(KB950762)
Security Update for Windows XP

(KB950974)
Security Update for Windows XP

(KB951066)
Security Update for Windows XP

(KB951376-v2)
Security Update for Windows XP

(KB951376)
Security Update for Windows XP

(KB951698)
Security Update for Windows XP

(KB951748)
Security Update for Windows XP

(KB952004)
Security Update for Windows XP

(KB952954)
Security Update for Windows XP

(KB953839)
Security Update for Windows XP

(KB954211)
Security Update for Windows XP

(KB954459)
Security Update for Windows XP

(KB954600)
Security Update for Windows XP

(KB955069)
Security Update for Windows XP

(KB956391)
Security Update for Windows XP

(KB956572)
Security Update for Windows XP

(KB956744)
Security Update for Windows XP

(KB956802)
Security Update for Windows XP

(KB956803)
Security Update for Windows XP

(KB956841)
Security Update for Windows XP

(KB956844)
Security Update for Windows XP

(KB957095)
Security Update for Windows XP

(KB957097)
Security Update for Windows XP

(KB958644)
Security Update for Windows XP

(KB958687)
Security Update for Windows XP

(KB958869)
Security Update for Windows XP

(KB959426)
Security Update for Windows XP

(KB960225)
Security Update for Windows XP

(KB960803)
Security Update for Windows XP

(KB960859)
Security Update for Windows XP

(KB961371)
Security Update for Windows XP

(KB961373)
Security Update for Windows XP

(KB961501)
Security Update for Windows XP

(KB968537)
Security Update for Windows XP

(KB969059)
Security Update for Windows XP

(KB969898)
Security Update for Windows XP

(KB969947)
Security Update for Windows XP

(KB970238)
Security Update for Windows XP

(KB970430)
Security Update for Windows XP

(KB971468)
Security Update for Windows XP

(KB971486)
Security Update for Windows XP

(KB971557)
Security Update for Windows XP

(KB971633)
Security Update for Windows XP

(KB971657)
Security Update for Windows XP

(KB972270)
Security Update for Windows XP

(KB973346)
Security Update for Windows XP

(KB973354)
Security Update for Windows XP

(KB973507)
Security Update for Windows XP

(KB973525)
Security Update for Windows XP

(KB973869)
Security Update for Windows XP

(KB973904)
Security Update for Windows XP

(KB974112)
Security Update for Windows XP

(KB974318)
Security Update for Windows XP

(KB974392)
Security Update for Windows XP

(KB974571)
Security Update for Windows XP

(KB975025)
Security Update for Windows XP

(KB975467)
Security Update for Windows XP

(KB975560)
Security Update for Windows XP

(KB975561)
Security Update for Windows XP

(KB975713)
Security Update for Windows XP

(KB977165)
Security Update for Windows XP

(KB977816)
Security Update for Windows XP

(KB977914)
Security Update for Windows XP

(KB978037)
Security Update for Windows XP

(KB978251)
Security Update for Windows XP

(KB978262)
Security Update for Windows XP

(KB978338)
Security Update for Windows XP

(KB978601)
Security Update for Windows XP

(KB978706)
Security Update for Windows XP

(KB979309)
Security Update for Windows XP

(KB979683)
Security Update for Windows XP

(KB980232)
Sound Blaster Live! 24-bit
SQL Server System CLR Types
Update for Microsoft .NET

Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer

8 (KB971930)
Update for Windows Internet Explorer

8 (KB976662)
Update for Windows Internet Explorer

8 (KB976749)
Update for Windows Internet Explorer

8 (KB980182)
Update for Windows XP

(KB951072-v2)
Update for Windows XP

(KB951978)
Update for Windows XP

(KB955759)
Update for Windows XP

(KB955839)
Update for Windows XP

(KB967715)
Update for Windows XP

(KB968389)
Update for Windows XP

(KB971737)
Update for Windows XP

(KB973687)
Update for Windows XP

(KB973815)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime -

(v9.0.30729)
Visual C++ 2008 x86 Runtime -

v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage

Notifications (KB905474)
Windows Genuine Advantage

v1.3.0254.0
Windows Genuine Advantage

Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From

Past Week ========

4/19/2010 9:44:33 PM, error: Service

Control Manager [7026] - The

following boot-start or system-start

driver(s) failed to load: IntelIde
4/19/2010 9:43:30 PM, error: sr [1] -

The System Restore filter encountered

the unexpected error '0xC0000001'

while processing the file '' on the

volume 'HarddiskVolume2'. It has

stopped monitoring the volume.
4/19/2010 3:12:42 PM, error: Service

Control Manager [7009] - Timeout

(30000 milliseconds) waiting for the

McAfee SystemGuards service to

connect.
4/19/2010 3:12:42 PM, error: Service

Control Manager [7000] - The

McAfee SystemGuards service failed

to start due to the following error: The

service did not respond to the start or

control request in a timely fashion.
4/18/2010 4:07:02 PM, error: Service

Control Manager [7023] - The

Application Management service

terminated with the following error:

The specified module could not be

found.
4/18/2010 10:41:24 AM, error:

Service Control Manager [7000] -

The Automatic LiveUpdate Scheduler

service failed to start due to the

following error: The system cannot

find the file specified.
4/16/2010 9:06:09 PM, error: System

Error [1003] - Error code 1000000a,

parameter1 00000010, parameter2

00000002, parameter3 00000001,

parameter4 80514c9b.
4/15/2010 3:47:18 PM, error: System

Error [1003] - Error code 1000000a,

parameter1 00000000, parameter2

00000002, parameter3 00000000,

parameter4 804fd603.
4/14/2010 9:43:30 PM, error: Print

[19] - Sharing printer failed + 1722,

Printer Send To OneNote 2010 share

name Send To OneNote 2010.
4/14/2010 2:48:11 PM, error: Service

Control Manager [7031] - The

McAfee SystemGuards service

terminated unexpectedly. It has done

this 1 time(s). The following corrective

action will be taken in 60000

milliseconds: Restart the service.
4/12/2010 7:32:47 AM, error: Print

[19] - Sharing printer failed + 1722,

Printer Microsoft XPS Document

Writer share name Printer2.

==== End Of File

==========================

=


Report •

#5
April 19, 2010 at 20:21:58
22:20:17:546 3728 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
22:20:17:546 3728 ================================================================================
22:20:17:546 3728 SystemInfo:

22:20:17:546 3728 OS Version: 5.1.2600 ServicePack: 3.0
22:20:17:546 3728 Product type: Workstation
22:20:17:546 3728 ComputerName: ZACKS
22:20:17:546 3728 UserName: Zack Hendrick
22:20:17:546 3728 Windows directory: C:\WINDOWS
22:20:17:546 3728 Processor architecture: Intel x86
22:20:17:546 3728 Number of processors: 1
22:20:17:546 3728 Page size: 0x1000
22:20:17:546 3728 Boot type: Normal boot
22:20:17:546 3728 ================================================================================
22:20:17:578 3728 UnloadDriverW: NtUnloadDriver error 2
22:20:17:578 3728 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
22:20:17:859 3728 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
22:20:17:859 3728 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
22:20:17:859 3728 wfopen_ex: Trying to KLMD file open
22:20:17:859 3728 wfopen_ex: File opened ok (Flags 2)
22:20:17:859 3728 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
22:20:17:859 3728 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
22:20:17:859 3728 wfopen_ex: Trying to KLMD file open
22:20:17:859 3728 wfopen_ex: File opened ok (Flags 2)
22:20:17:859 3728 Initialize success
22:20:17:859 3728
22:20:17:859 3728 Scanning Services ...
22:20:18:343 3728 Raw services enum returned 354 services
22:20:18:375 3728
22:20:18:375 3728 Scanning Kernel memory ...
22:20:18:375 3728 Devices to scan: 4
22:20:18:375 3728
22:20:18:375 3728 Driver Name: Disk
22:20:18:375 3728 IRP_MJ_CREATE : F864DBB0
22:20:18:375 3728 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
22:20:18:375 3728 IRP_MJ_CLOSE : F864DBB0
22:20:18:375 3728 IRP_MJ_READ : F8647D1F
22:20:18:375 3728 IRP_MJ_WRITE : F8647D1F
22:20:18:375 3728 IRP_MJ_QUERY_INFORMATION : 804FA88E
22:20:18:375 3728 IRP_MJ_SET_INFORMATION : 804FA88E
22:20:18:375 3728 IRP_MJ_QUERY_EA : 804FA88E
22:20:18:375 3728 IRP_MJ_SET_EA : 804FA88E
22:20:18:375 3728 IRP_MJ_FLUSH_BUFFERS : F86482E2
22:20:18:375 3728 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
22:20:18:375 3728 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
22:20:18:375 3728 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
22:20:18:375 3728 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
22:20:18:375 3728 IRP_MJ_DEVICE_CONTROL : F86483BB
22:20:18:375 3728 IRP_MJ_INTERNAL_DEVICE_CONTROL : F864BF28
22:20:18:375 3728 IRP_MJ_SHUTDOWN : F86482E2
22:20:18:375 3728 IRP_MJ_LOCK_CONTROL : 804FA88E
22:20:18:375 3728 IRP_MJ_CLEANUP : 804FA88E
22:20:18:375 3728 IRP_MJ_CREATE_MAILSLOT : 804FA88E
22:20:18:375 3728 IRP_MJ_QUERY_SECURITY : 804FA88E
22:20:18:375 3728 IRP_MJ_SET_SECURITY : 804FA88E
22:20:18:375 3728 IRP_MJ_POWER : F8649C82
22:20:18:375 3728 IRP_MJ_SYSTEM_CONTROL : F864E99E
22:20:18:375 3728 IRP_MJ_DEVICE_CHANGE : 804FA88E
22:20:18:375 3728 IRP_MJ_QUERY_QUOTA : 804FA88E
22:20:18:375 3728 IRP_MJ_SET_QUOTA : 804FA88E
22:20:18:390 3728 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
22:20:18:390 3728
22:20:18:390 3728 Driver Name: Disk
22:20:18:390 3728 IRP_MJ_CREATE : F864DBB0
22:20:18:390 3728 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
22:20:18:390 3728 IRP_MJ_CLOSE : F864DBB0
22:20:18:390 3728 IRP_MJ_READ : F8647D1F
22:20:18:390 3728 IRP_MJ_WRITE : F8647D1F
22:20:18:390 3728 IRP_MJ_QUERY_INFORMATION : 804FA88E
22:20:18:390 3728 IRP_MJ_SET_INFORMATION : 804FA88E
22:20:18:390 3728 IRP_MJ_QUERY_EA : 804FA88E
22:20:18:390 3728 IRP_MJ_SET_EA : 804FA88E
22:20:18:390 3728 IRP_MJ_FLUSH_BUFFERS : F86482E2
22:20:18:390 3728 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
22:20:18:390 3728 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
22:20:18:390 3728 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
22:20:18:390 3728 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
22:20:18:390 3728 IRP_MJ_DEVICE_CONTROL : F86483BB
22:20:18:390 3728 IRP_MJ_INTERNAL_DEVICE_CONTROL : F864BF28
22:20:18:390 3728 IRP_MJ_SHUTDOWN : F86482E2
22:20:18:390 3728 IRP_MJ_LOCK_CONTROL : 804FA88E
22:20:18:390 3728 IRP_MJ_CLEANUP : 804FA88E
22:20:18:390 3728 IRP_MJ_CREATE_MAILSLOT : 804FA88E
22:20:18:390 3728 IRP_MJ_QUERY_SECURITY : 804FA88E
22:20:18:390 3728 IRP_MJ_SET_SECURITY : 804FA88E
22:20:18:390 3728 IRP_MJ_POWER : F8649C82
22:20:18:390 3728 IRP_MJ_SYSTEM_CONTROL : F864E99E
22:20:18:390 3728 IRP_MJ_DEVICE_CHANGE : 804FA88E
22:20:18:390 3728 IRP_MJ_QUERY_QUOTA : 804FA88E
22:20:18:390 3728 IRP_MJ_SET_QUOTA : 804FA88E
22:20:18:390 3728 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
22:20:18:390 3728
22:20:18:390 3728 Driver Name: Disk
22:20:18:390 3728 IRP_MJ_CREATE : F864DBB0
22:20:18:390 3728 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
22:20:18:390 3728 IRP_MJ_CLOSE : F864DBB0
22:20:18:390 3728 IRP_MJ_READ : F8647D1F
22:20:18:390 3728 IRP_MJ_WRITE : F8647D1F
22:20:18:390 3728 IRP_MJ_QUERY_INFORMATION : 804FA88E
22:20:18:390 3728 IRP_MJ_SET_INFORMATION : 804FA88E
22:20:18:390 3728 IRP_MJ_QUERY_EA : 804FA88E
22:20:18:390 3728 IRP_MJ_SET_EA : 804FA88E
22:20:18:390 3728 IRP_MJ_FLUSH_BUFFERS : F86482E2
22:20:18:390 3728 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
22:20:18:390 3728 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
22:20:18:390 3728 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
22:20:18:390 3728 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
22:20:18:390 3728 IRP_MJ_DEVICE_CONTROL : F86483BB
22:20:18:390 3728 IRP_MJ_INTERNAL_DEVICE_CONTROL : F864BF28
22:20:18:390 3728 IRP_MJ_SHUTDOWN : F86482E2
22:20:18:390 3728 IRP_MJ_LOCK_CONTROL : 804FA88E
22:20:18:390 3728 IRP_MJ_CLEANUP : 804FA88E
22:20:18:390 3728 IRP_MJ_CREATE_MAILSLOT : 804FA88E
22:20:18:390 3728 IRP_MJ_QUERY_SECURITY : 804FA88E
22:20:18:390 3728 IRP_MJ_SET_SECURITY : 804FA88E
22:20:18:390 3728 IRP_MJ_POWER : F8649C82
22:20:18:390 3728 IRP_MJ_SYSTEM_CONTROL : F864E99E
22:20:18:390 3728 IRP_MJ_DEVICE_CHANGE : 804FA88E
22:20:18:390 3728 IRP_MJ_QUERY_QUOTA : 804FA88E
22:20:18:390 3728 IRP_MJ_SET_QUOTA : 804FA88E
22:20:18:390 3728 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
22:20:18:390 3728
22:20:18:390 3728 Driver Name: atapi
22:20:18:390 3728 IRP_MJ_CREATE : F856A6F2
22:20:18:390 3728 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
22:20:18:390 3728 IRP_MJ_CLOSE : F856A6F2
22:20:18:390 3728 IRP_MJ_READ : 804FA88E
22:20:18:390 3728 IRP_MJ_WRITE : 804FA88E
22:20:18:390 3728 IRP_MJ_QUERY_INFORMATION : 804FA88E
22:20:18:390 3728 IRP_MJ_SET_INFORMATION : 804FA88E
22:20:18:390 3728 IRP_MJ_QUERY_EA : 804FA88E
22:20:18:390 3728 IRP_MJ_SET_EA : 804FA88E
22:20:18:390 3728 IRP_MJ_FLUSH_BUFFERS : 804FA88E
22:20:18:390 3728 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
22:20:18:390 3728 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
22:20:18:390 3728 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
22:20:18:390 3728 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
22:20:18:390 3728 IRP_MJ_DEVICE_CONTROL : F856A712
22:20:18:390 3728 IRP_MJ_INTERNAL_DEVICE_CONTROL : 82A4F330
22:20:18:390 3728 IRP_MJ_SHUTDOWN : 804FA88E
22:20:18:390 3728 IRP_MJ_LOCK_CONTROL : 804FA88E
22:20:18:390 3728 IRP_MJ_CLEANUP : 804FA88E
22:20:18:390 3728 IRP_MJ_CREATE_MAILSLOT : 804FA88E
22:20:18:390 3728 IRP_MJ_QUERY_SECURITY : 804FA88E
22:20:18:390 3728 IRP_MJ_SET_SECURITY : 804FA88E
22:20:18:390 3728 IRP_MJ_POWER : F856A73C
22:20:18:390 3728 IRP_MJ_SYSTEM_CONTROL : F8571336
22:20:18:390 3728 IRP_MJ_DEVICE_CHANGE : 804FA88E
22:20:18:390 3728 IRP_MJ_QUERY_QUOTA : 804FA88E
22:20:18:390 3728 IRP_MJ_SET_QUOTA : 804FA88E
22:20:18:406 3728 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
22:20:18:406 3728
22:20:18:406 3728 Completed
22:20:18:406 3728
22:20:18:406 3728 Results:
22:20:18:406 3728 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
22:20:18:406 3728 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
22:20:18:406 3728 File objects infected / cured / cured on reboot: 0 / 0 / 0
22:20:18:406 3728
22:20:18:406 3728 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
22:20:18:406 3728 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
22:20:18:406 3728 KLMD(ARK) unloaded successfully


Report •

#6
April 19, 2010 at 20:40:54
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4010

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/19/2010 10:40:36 PM
mbam-log-2010-04-19 (22-40-36).txt

Scan type: Quick scan
Objects scanned: 128597
Time elapsed: 16 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Report •

#7
April 20, 2010 at 16:35:30

Please download OTL from following site:

OTL by OldTimer

1. Save it to your desktop
2. Double click the OTL icon on your desktop
3. Close any open browsers.
4. Double-click on OTL.exe to start the program.

Under the Custom Scans/Fixes box at the bottom, paste in text between the X's
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:Commands
[resethosts]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Then click the Run Fix button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply.

Please download Combofix with internet explorer instead of any other browser if possible.

Remember..your MacAfee antivirus and Ad-Aware must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#8
April 20, 2010 at 16:44:02
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.1.3 log created on 04202010_184216

Report •

#9
April 20, 2010 at 18:11:39
ComboFix 10-04-19.08 - Zack Hendrick 04/20/2010 19:05:55.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.41 [GMT -5:00]
Running from: C:\Documents and Settings\Zack Hendrick\Desktop\combofix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Zack Hendrick\Application Data\inst.exe
C:\WINDOWS\MailSwitch.ocx
C:\WINDOWS\system32\abadd.ini2
C:\WINDOWS\system32\beefOXyb.ini
C:\WINDOWS\system32\beefOXyb.ini2
C:\WINDOWS\system32\Data
C:\WINDOWS\winhelp.ini

.
original MBR restored successfully !
.
((((((((((((((((((((((((( Files Created from 2010-03-21 to 2010-04-21 )))))))))))))))))))))))))))))))
.

2010-04-20 23:42:16 . 2010-04-20 23:42:16 -------- d-----w- C:\_OTL
2010-04-20 02:27:25 . 2010-03-30 05:46:30 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-04-20 02:27:22 . 2010-03-30 05:45:52 20824 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-04-20 02:27:21 . 2010-04-20 02:27:30 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-20 00:39:31 . 2010-04-20 00:39:31 -------- d-----w- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-19 00:43:03 . 2010-04-20 21:57:02 -------- d-----w- C:\WINDOWS\system32\Macromed
2010-04-18 23:40:55 . 2010-04-18 20:35:40 15880 ----a-w- C:\WINDOWS\system32\lsdelete.exe
2010-04-18 20:36:07 . 2010-02-04 15:53:02 64288 ----a-w- C:\WINDOWS\system32\drivers\Lbd.sys
2010-04-18 20:35:50 . 2010-04-18 20:35:47 95024 ----a-w- C:\WINDOWS\system32\drivers\SBREDrv.sys
2010-04-18 20:30:58 . 2010-04-20 00:39:39 -------- dc-h--w- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-18 20:27:31 . 2010-04-18 20:35:55 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-04-18 20:27:31 . 2010-04-18 20:31:34 -------- d-----w- C:\Program Files\Lavasoft
2010-04-10 21:51:24 . 2010-04-10 21:50:11 411368 ----a-w- C:\WINDOWS\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-20 02:43:44 . 2009-11-04 00:01:57 -------- d-----w- C:\Documents and Settings\All Users\Application Data\NOS
2010-04-20 00:39:49 . 2007-12-08 02:01:24 -------- d-----w- C:\Program Files\DivX
2010-04-10 21:52:25 . 2005-06-21 15:43:24 -------- d-----w- C:\Program Files\Common Files\Java
2010-04-10 21:49:39 . 2005-06-21 15:43:25 -------- d-----w- C:\Program Files\Java
2010-04-06 18:59:27 . 2008-07-30 04:22:46 -------- d-----w- C:\Program Files\CCleaner
2010-03-31 20:00:43 . 2008-10-22 17:14:25 -------- d-----w- C:\Program Files\McAfee
2010-03-10 06:15:52 . 2004-08-10 17:51:27 420352 ----a-w- C:\WINDOWS\system32\vbscript.dll
2010-02-25 06:24:37 . 2004-08-10 17:51:29 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2010-02-24 13:11:07 . 2005-06-21 15:21:24 455680 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2010-02-20 22:40:40 . 2010-02-20 22:40:40 -------- d-----w- C:\Program Files\Common Files\Apple
2010-02-20 22:40:12 . 2010-02-20 22:40:09 -------- d-----w- C:\Program Files\Apple Software Update
2010-02-17 14:10:28 . 2004-08-10 17:51:17 2189952 ----a-w- C:\WINDOWS\system32\ntoskrnl.exe
2010-02-16 13:25:04 . 2004-08-04 03:59:00 2066816 ----a-w- C:\WINDOWS\system32\ntkrnlpa.exe
2010-02-12 04:33:11 . 2004-08-10 17:50:53 100864 ----a-w- C:\WINDOWS\system32\6to4svc.dll
2010-02-11 12:02:15 . 2004-08-10 17:51:26 226880 ----a-w- C:\WINDOWS\system32\drivers\tcpip6.sys
2010-01-26 22:11:02 . 2005-07-17 01:42:13 78824 ----a-w- C:\Documents and Settings\Zack Hendrick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-03-09 22:06:01 . 2005-12-30 01:44:14 640426 --sha-w- C:\WINDOWS\system32\abadd.bak2
2006-02-06 01:43:29 . 2006-02-06 01:42:19 280824 --sha-w- C:\WINDOWS\system32\abadd.tmp
2006-04-04 01:32:05 . 2006-04-03 00:27:05 313160 --sha-w- C:\WINDOWS\system32\edeeg.bak2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-04 03:12:00 556432 ----a-w- C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 22:38:31 583048]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2009-10-29 12:54:44 1218008]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2009-07-08 02:02:26 1176808]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 00:42:54 1404928]
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" [2009-09-27 05:32:26 83312]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 18:17:47 952768]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 05:42:51 36272]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 20:21:52 246504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 00:12:29 53760]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Zack Hendrick^Start Menu^Programs^Startup^Styler.lnk]
path=C:\Documents and Settings\Zack Hendrick\Start Menu\Programs\Startup\Styler.lnk
backup=C:\WINDOWS\pss\Styler.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Zack Hendrick^Start Menu^Programs^Startup^TrueAssistant.lnk]
path=C:\Documents and Settings\Zack Hendrick\Start Menu\Programs\Startup\TrueAssistant.lnk
backup=C:\WINDOWS\pss\TrueAssistant.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12:16 15360 ----a-w- C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2003-09-17 15:43:36 57344 ----a-w- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 16:09:36 460784 ----a-w- C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 21:19:56 53248 ------w- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 15:32:24 77824 ----a-w- C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 15:36:20 114688 ----a-w- C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 15:35:40 94208 ----a-w- C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 21:50:18 81920 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12:28 1695232 ----a-w- C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2004-06-10 21:51:00 60928 ----a-w- C:\WINDOWS\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-06-21 15:53:30 26112 ----a-w- C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-03-14 08:43:44 83608 ----a-w- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00:00 90112 ------w- C:\WINDOWS\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\McAfee\\MPF\\MpfSrv.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3246:TCP"= 3246:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"2389:TCP"= 2389:TCP:Services
"3278:TCP"= 3278:TCP:Services

R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys [4/18/2010 3:36:07 PM 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52:57 AM 1265264]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [10/22/2008 12:19:26 PM 93320]
.
Contents of the 'Scheduled Tasks' folder

2010-04-21 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:52:58 . 2010-04-18 20:35:08]

2008-10-22 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2008-10-22 17:15:12 . 2009-09-25 17:22:14]

2010-01-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2008-10-22 17:15:12 . 2009-09-25 17:22:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: Photobucket Publisher - hxxp://pic.photobucket.com/plugins/csve/photobucket_publisher.CAB
FF - ProfilePath - C:\Documents and Settings\Zack Hendrick\Application Data\Mozilla\Firefox\Profiles\023c5rus.default\
FF - prefs.js: browser.startup.homepage - hxxp://att.yahoo.com/
FF - component: C:\Program Files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Program Files\Virtools\3D Life Player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

BHO-{0c25c00e-43d9-4a33-9a1e-0c4802edb222} - (no file)
BHO-{DC3D2C40-5E32-4F95-BF25-FDB4F007C883} - (no file)
MSConfigStartUp-BJCFD - C:\Program Files\BroadJump\Client Foundation\CFD.exe
MSConfigStartUp-CaAvTray - C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
MSConfigStartUp-CAVRID - C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
MSConfigStartUp-ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-IntelMeM - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
MSConfigStartUp-ISUSPM Startup - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
MSConfigStartUp-iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe
MSConfigStartUp-MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-osCheck - C:\PROGRA~1\Symantec\osCheck.exe
MSConfigStartUp-POINTER - point32.exe
MSConfigStartUp-QuickTime Task - C:\Program Files\QuickTime\qttask.exe
MSConfigStartUp-YOP - C:\PROGRA~1\Yahoo!\YOP\yop.exe
MSConfigStartUp-YPC - C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe



Report •

#10
April 20, 2010 at 18:24:17
Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
C:\WINDOWS\system32\abadd.bak2
C:\WINDOWS\system32\abadd.tmp
C:\WINDOWS\system32\edeeg.bak2

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Please post the log that is produced.


Report •

#11
April 20, 2010 at 19:15:10
ComboFix 10-04-19.08 - Zack Hendrick 04/20/2010 20:48:23.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.256 [GMT -5:00]
Running from: c:\documents and settings\Zack Hendrick\Desktop\combofix.exe
Command switches used :: c:\documents and settings\Zack Hendrick\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\system32\abadd.bak2"
"c:\windows\system32\abadd.tmp"
"c:\windows\system32\edeeg.bak2"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\abadd.bak2
c:\windows\system32\abadd.tmp
c:\windows\system32\edeeg.bak2
.
---- Previous Run -------
.
c:\documents and settings\Zack Hendrick\Application Data\inst.exe
c:\windows\MailSwitch.ocx
c:\windows\system32\abadd.ini2
c:\windows\system32\beefOXyb.ini
c:\windows\system32\beefOXyb.ini2
c:\windows\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2010-03-21 to 2010-04-21 )))))))))))))))))))))))))))))))
.

2010-04-20 23:42 . 2010-04-20 23:42 -------- d-----w- C:\_OTL
2010-04-20 02:27 . 2010-03-30 05:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-20 02:27 . 2010-03-30 05:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 02:27 . 2010-04-20 02:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-20 00:39 . 2010-04-20 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-19 00:43 . 2010-04-20 21:57 -------- d-----w- c:\windows\system32\Macromed
2010-04-18 23:40 . 2010-04-18 20:35 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-18 20:36 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-18 20:35 . 2010-04-18 20:35 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-18 20:30 . 2010-04-20 00:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-18 20:27 . 2010-04-18 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-18 20:27 . 2010-04-18 20:31 -------- d-----w- c:\program files\Lavasoft
2010-04-10 21:51 . 2010-04-10 21:50 411368 ----a-w- c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-20 02:43 . 2009-11-04 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-20 00:39 . 2007-12-08 02:01 -------- d-----w- c:\program files\DivX
2010-04-10 21:52 . 2005-06-21 15:43 -------- d-----w- c:\program files\Common Files\Java
2010-04-10 21:49 . 2005-06-21 15:43 -------- d-----w- c:\program files\Java
2010-04-06 18:59 . 2008-07-30 04:22 -------- d-----w- c:\program files\CCleaner
2010-03-31 20:00 . 2008-10-22 17:14 -------- d-----w- c:\program files\McAfee
2010-03-10 06:15 . 2004-08-10 17:51 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2005-06-21 15:21 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-20 22:40 . 2010-02-20 22:40 -------- d-----w- c:\program files\Common Files\Apple
2010-02-20 22:40 . 2010-02-20 22:40 -------- d-----w- c:\program files\Apple Software Update
2010-02-17 14:10 . 2004-08-10 17:51 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 03:59 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-10 17:50 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-10 17:51 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-26 22:11 . 2005-07-17 01:42 78824 ----a-w- c:\documents and settings\Zack Hendrick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-04 03:12 556432 ----a-w- c:\progra~1\MI1933~1\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-27 83312]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Zack Hendrick^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\Zack Hendrick\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Zack Hendrick^Start Menu^Programs^Startup^TrueAssistant.lnk]
path=c:\documents and settings\Zack Hendrick\Start Menu\Programs\Startup\TrueAssistant.lnk
backup=c:\windows\pss\TrueAssistant.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
c:\program files\BroadJump\Client Foundation\CFD.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
c:\program files\Yahoo!\Antivirus\CAVTray.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
c:\program files\Yahoo!\Antivirus\CAVRID.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\program files\Common Files\Symantec Shared\ccApp.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2003-09-17 15:43 57344 ----a-w- c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 21:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 15:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 15:36 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 15:35 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
c:\program files\Intel\Modem Event Monitor\IntelMEM.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 21:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
c:\program files\iTunes\iTunesHelper.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
c:\program files\MSN Messenger\MsnMsgr.Exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
c:\progra~1\Symantec\osCheck.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2004-06-10 21:51 60928 ----a-w- c:\windows\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POINTER]
point32.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\qttask.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-06-21 15:53 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-03-14 08:43 83608 ----a-w- c:\program files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
c:\progra~1\Yahoo!\YOP\yop.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YPC]
c:\progra~1\Yahoo!\PARENT~1\ypc.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\MPF\\MpfSrv.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3246:TCP"= 3246:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"2389:TCP"= 2389:TCP:Services
"3278:TCP"= 3278:TCP:Services

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/18/2010 3:36 PM 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1265264]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/22/2008 12:19 PM 93320]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/13/2008 9:32 PM 24652]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 5:28 AM 4639136]
.
Contents of the 'Scheduled Tasks' folder

2010-04-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 20:35]

2008-10-22 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-22 17:22]

2010-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-22 17:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: Photobucket Publisher - hxxp://pic.photobucket.com/plugins/csve/photobucket_publisher.CAB
FF - ProfilePath - c:\documents and settings\Zack Hendrick\Application Data\Mozilla\Firefox\Profiles\023c5rus.default\
FF - prefs.js: browser.startup.homepage - hxxp://att.yahoo.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\progra~1\MI1933~1\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MI1933~1\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

BHO-{0c25c00e-43d9-4a33-9a1e-0c4802edb222} - (no file)
BHO-{DC3D2C40-5E32-4F95-BF25-FDB4F007C883} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-20 21:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2076)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\McAfee\MPF\MPFSrv.exe
.
**************************************************************************
.
Completion time: 2010-04-20 21:13:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-21 02:13

Pre-Run: 14,197,084,160 bytes free
Post-Run: 14,158,565,376 bytes free

- - End Of File - - 38EC671E8DC9B307B55F64D7AA2D790C


Report •

#12
April 20, 2010 at 19:28:53
Are you still being redirected?

Delete DDS from your desktop

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.


Report •

#13
April 20, 2010 at 19:38:56
It's no longer redirecting. But it's happened before where it stopped redirected and then came back. Do you think it's actually gone from my computer?

Report •

#14
April 20, 2010 at 19:44:18
You need to do the cleanup right away. Then reboot and see if it returns.

Report •

#15
April 20, 2010 at 20:07:44
I ran the cleanup. I cleared the restore points and set a new one. It's no longer redirecting. You recommend getting Spywareblaster as a finishing touch? But I can't thank you enough for your help. You've been really quick at responding and extremely polite while dealing with my limited knowledge of computers. I sincerely appreciate it.

Report •

#16
April 20, 2010 at 20:17:32
Good job.

Yes on Spywareblaster, I use it and most help forums recommend it. If it should return let us know.

Glad we could help.


Report •

#17
April 22, 2010 at 07:22:28
Hi guys,...

I'm having the same problem where I all the links from google, yahoo, etc are getting redirected.

All my coworkers are telling me to rebuild but I don't want to give in and lose to this malware...

Please help...


Report •

#18
June 18, 2010 at 18:14:08

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/9/2007 1:50:37 PM
System Uptime: 6/18/2010 5:17:13 PM (3 hours ago)

Motherboard: Dell Inc. | | 0HC416
Processor: Intel(R) Pentium(R) M processor 1.86GHz | Microprocessor | 1861/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 68 GiB total, 6.609 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP742: 3/21/2010 2:16:09 PM - Software Distribution Service 3.0
RP743: 3/23/2010 9:28:43 PM - System Checkpoint
RP744: 3/28/2010 8:51:16 PM - System Checkpoint
RP745: 3/31/2010 9:29:20 AM - System Checkpoint
RP746: 4/1/2010 10:36:18 AM - System Checkpoint
RP747: 4/3/2010 6:05:27 PM - System Checkpoint
RP748: 4/6/2010 8:24:03 PM - System Checkpoint
RP749: 4/11/2010 6:46:24 PM - System Checkpoint
RP750: 4/11/2010 11:42:13 PM - Software Distribution Service 3.0
RP751: 4/14/2010 2:35:14 PM - Software Distribution Service 3.0
RP752: 4/15/2010 3:14:46 PM - Software Distribution Service 3.0
RP753: 4/15/2010 3:51:22 PM - Software Distribution Service 3.0
RP754: 4/16/2010 11:13:16 AM - Software Distribution Service 3.0
RP755: 4/17/2010 1:50:44 PM - Software Distribution Service 3.0
RP756: 4/19/2010 8:14:02 AM - Software Distribution Service 3.0
RP757: 4/21/2010 6:08:15 PM - System Checkpoint
RP758: 4/22/2010 1:59:43 PM - Software Distribution Service 3.0
RP759: 4/22/2010 5:35:20 PM - Software Distribution Service 3.0
RP760: 4/23/2010 7:47:56 PM - System Checkpoint
RP761: 4/24/2010 8:29:02 AM - Software Distribution Service 3.0
RP762: 4/25/2010 3:00:27 AM - Software Distribution Service 3.0
RP763: 4/26/2010 12:17:34 PM - Software Distribution Service 3.0
RP764: 4/27/2010 7:36:30 PM - System Checkpoint
RP765: 4/28/2010 9:54:59 AM - Software Distribution Service 3.0
RP766: 4/29/2010 12:23:03 PM - System Checkpoint
RP767: 4/30/2010 12:00:41 PM - Software Distribution Service 3.0
RP768: 5/1/2010 2:12:14 PM - Software Distribution Service 3.0
RP769: 5/3/2010 8:05:29 AM - Software Distribution Service 3.0
RP770: 5/4/2010 6:06:32 PM - System Checkpoint
RP771: 5/5/2010 3:07:24 PM - Software Distribution Service 3.0
RP772: 5/6/2010 3:42:04 PM - System Checkpoint
RP773: 5/7/2010 9:32:54 AM - Software Distribution Service 3.0
RP774: 5/8/2010 3:24:13 PM - System Checkpoint
RP775: 5/9/2010 10:25:42 AM - Software Distribution Service 3.0
RP776: 5/10/2010 11:48:36 PM - System Checkpoint
RP777: 5/11/2010 3:11:13 PM - Software Distribution Service 3.0
RP778: 5/12/2010 11:15:50 AM - Software Distribution Service 3.0
RP779: 5/13/2010 3:06:18 PM - Software Distribution Service 3.0
RP780: 5/14/2010 8:05:00 PM - System Checkpoint
RP781: 5/14/2010 10:45:03 PM - Software Distribution Service 3.0
RP782: 5/16/2010 11:29:44 AM - Software Distribution Service 3.0
RP783: 5/18/2010 3:40:51 PM - Software Distribution Service 3.0
RP784: 5/19/2010 6:02:48 PM - System Checkpoint
RP785: 5/20/2010 9:14:05 AM - Software Distribution Service 3.0
RP786: 5/21/2010 7:37:55 PM - System Checkpoint
RP787: 5/22/2010 8:35:12 PM - Software Distribution Service 3.0
RP788: 5/24/2010 10:15:21 AM - Software Distribution Service 3.0
RP789: 5/25/2010 9:00:18 PM - Unsigned driver install
RP790: 5/26/2010 5:08:47 PM - Software Distribution Service 3.0
RP791: 5/27/2010 8:30:58 AM - Software Distribution Service 3.0
RP792: 5/28/2010 12:49:05 PM - Software Distribution Service 3.0
RP793: 5/29/2010 3:13:26 PM - System Checkpoint
RP794: 5/30/2010 4:58:13 PM - Software Distribution Service 3.0
RP795: 5/31/2010 3:23:03 PM - Software Distribution Service 3.0
RP796: 6/1/2010 4:27:40 PM - System Checkpoint
RP797: 6/2/2010 8:19:56 AM - Software Distribution Service 3.0
RP798: 6/3/2010 12:26:25 PM - Software Distribution Service 3.0
RP799: 6/4/2010 8:18:30 AM - Software Distribution Service 3.0
RP800: 6/5/2010 1:09:37 PM - Software Distribution Service 3.0
RP801: 6/6/2010 8:33:31 PM - System Checkpoint
RP802: 6/7/2010 12:54:51 PM - Software Distribution Service 3.0
RP803: 6/8/2010 7:20:28 AM - Software Distribution Service 3.0
RP804: 6/9/2010 11:00:09 AM - System Checkpoint
RP805: 6/11/2010 3:52:51 PM - System Checkpoint
RP806: 6/12/2010 1:39:17 PM - Software Distribution Service 3.0
RP807: 6/13/2010 9:01:18 AM - Software Distribution Service 3.0
RP808: 6/14/2010 3:29:04 PM - System Checkpoint
RP809: 6/15/2010 8:16:25 AM - Software Distribution Service 3.0
RP810: 6/17/2010 7:47:44 AM - Software Distribution Service 3.0
RP811: 6/18/2010 3:22:07 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Action Replay Code Manager
Ad-Aware 2007
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Reader 7.1.0
Adobe Shockwave Player 11.5
AOLIcon
Apple Mobile Device Support
Apple Software Update
Banctec Service Agreement
Blackhawk Striker 2
Bonjour
Broadcom Management Programs
BufferChm
Conexant HDA D110 MDC V.92 Modem
Corel Photo Album 6
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Cypress USB Mass Storage Driver Installation
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support Center
Dell System Restore
DellSupport
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
Digital Line Detect
DVD Shrink 3.2
EarthLink setup files
ELIcon
eSupportQFolder
Garmin Communicator Plugin
Garmin WebUpdater
GemMaster Mystic
Google AFE
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet 5400 series
HP Extended Capabilities 5.0
HP Image Zone Express
HP Imaging Device Functions 5.0
HP Software Update
HP Solution Center & Imaging Support Tools 5.0
HPDeskjet5400Series
HPProductAssistant
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Kaspersky Anti-Virus 2009
Learn2 Player (Uninstall Only)
Macromedia Flash Player
MarketResearch
mCore
MCU
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Media Content
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
mToolkit
Musicmatch for Windows Media Player
Musicmatch® Jukebox
mWlsSafe
mXML
mZConfig
Napster
NetWaiting
Octoshape add-in for Adobe Flash Player
Otto
PD Media Converter
PowerDVD 5.5
QuickSet
QuickTime
RealPlayer Basic
Roxio Burn Engine
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Skype Toolbars
Skype™ 4.2
Solero Music Viewer 8.0.29.370
SolutionCenter
Sonic DLA
Sonic Encoders
Sonic Foundry MP3 Plug-In
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sound Forge 4.5g (Build 372)
Status
Synaptics Pointing Device Driver
The Holy Bible v2.0
The Sanctuary Story v1.00
TrayApp
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb983486)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
USB Storage Adapter FX (SM1)
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
White Estate Software
WildTangent Web Driver
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Presentation Foundation
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WordPerfect Office 12
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger

==== End Of File ===========================


Report •

#19
June 18, 2010 at 19:51:39
Follow the removal guide article below to remove the google redirect virus. http://www.securitysofts.com/Intern...

After clean the google redirect virus.
To make sure that you are running clean, make sure that you have an up to date antivirus. Such as Kaspersky Internet Security 2011. Stay Clean.

Good Luck.


Report •


Ask Question