Solved r3.google.com/xxxxxx redirect problem

67bmer · 2010/11/12

[Resolved] r3.google.com/xxxxxx redirect problem

I a mid level computer user. I have been getting re-rirected to an advertising sight using google chrome for the past several months. Just returned from vacation and now I am gettining really hi jacked to r3.google.com/xxx. I have followed several proceedures posted on the web and nothing has helped.

I followed this proceedure completely and still I get hi jacked
http://www.windowsbbs.com/malware-v...ed-google-redirect-issue-r3-google-com-2.html

is this a google scam or is it a virus/malware? what can I do to get rid of it and all redirections.

broni · 2010/11/12

Welcome aboard

NEVER used any solutions designed for a different computer. Every computer is an unique unit.

Please, read this post, then post the requested log(s).

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

67bmer · 2010/11/13

mbam log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5110

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/13/2010 8:06:55 PM
mbam-log-2010-11-13 (20-06-55).txt

Scan type: Quick scan
Objects scanned: 152710
Time elapsed: 10 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\W. Jeffrey Lees\Application Data\dsfsds.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\W. Jeffrey Lees\Application Data\sdfsfs.bat (Malware.Trace) -> Quarantined and deleted successfully.

GMER:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-13 23:07:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS424040M9AT00 rev.MA2OA72A
Running: 9uso9m67.exe; Driver: C:\DOCUME~1\W6319~1.JEF\LOCALS~1\Temp\kwriypob.sys

---- System - GMER 1.0.15 ----

SSDT F7F7ACA6 ZwCreateKey
SSDT F7F7AC9C ZwCreateThread
SSDT F7F7ACAB ZwDeleteKey
SSDT F7F7ACB5 ZwDeleteValueKey
SSDT F7F7ACBA ZwLoadKey
SSDT F7F7AC88 ZwOpenProcess
SSDT F7F7AC8D ZwOpenThread
SSDT F7F7ACC4 ZwReplaceKey
SSDT F7F7ACBF ZwRestoreKey
SSDT F7F7ACB0 ZwSetValueKey
SSDT F7F7AC97 ZwTerminateProcess

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 3E3E528D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 3E3E52BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 3E3E528D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 3E3E52BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[2820] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{A76448FF-EA59-23D3-98F3B9C94A7EC293}\{51B7BFF3-30C4-3859-72DBC6993BF1721D}\{60FC5D85-3D13-ED0E-8811CBE6817E353D}
Reg HKLM\SOFTWARE\Classes\CLSID\{A76448FF-EA59-23D3-98F3B9C94A7EC293}\{51B7BFF3-30C4-3859-72DBC6993BF1721D}\{60FC5D85-3D13-ED0E-8811CBE6817E353D}@1D1OWFM6WKF6TLM3S2BGKKUUDG1 0x01 0x00 0x01 0x00 ...

---- EOF - GMER 1.0.15 ----

67bmer · 2010/11/13

attach log:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/2/2006 10:13:02 AM
System Uptime: 11/13/2010 12:22:41 PM (11 hours ago)

Motherboard: Quanta | | 09EC
Processor: Intel(R) Celeron(R) M processor 1.50GHz | U1 | 1496/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 8.217 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\66EAFFC09F00
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\66EAFFC09F00
Service: NIC1394

==== System Restore Points ===================

RP659: 8/16/2010 6:42:18 PM - System Checkpoint
RP660: 8/21/2010 7:25:01 PM - Installed Microsoft Fix it 50463
RP661: 8/23/2010 7:00:58 PM - System Checkpoint
RP662: 8/29/2010 2:40:57 PM - System Checkpoint
RP663: 8/31/2010 8:30:41 PM - System Checkpoint
RP664: 9/3/2010 4:51:48 PM - System Checkpoint
RP665: 9/4/2010 8:29:12 PM - System Checkpoint
RP666: 9/6/2010 8:58:19 AM - System Checkpoint
RP667: 9/12/2010 3:18:58 PM - System Checkpoint
RP668: 9/17/2010 5:52:45 AM - Software Distribution Service 3.0
RP669: 9/18/2010 10:23:27 PM - System Checkpoint
RP670: 9/19/2010 7:10:40 AM - Software Distribution Service 3.0
RP671: 9/20/2010 6:24:28 PM - System Checkpoint
RP672: 9/22/2010 8:43:55 PM - System Checkpoint
RP673: 9/25/2010 1:08:49 PM - System Checkpoint
RP674: 9/27/2010 10:07:44 PM - System Checkpoint
RP675: 9/29/2010 7:22:16 AM - Software Distribution Service 3.0
RP676: 9/30/2010 10:26:31 PM - System Checkpoint
RP677: 10/2/2010 9:38:39 PM - System Checkpoint
RP678: 10/5/2010 10:36:48 PM - System Checkpoint
RP679: 10/7/2010 10:05:42 PM - System Checkpoint
RP680: 10/8/2010 7:24:57 AM - Software Distribution Service 3.0
RP681: 10/9/2010 1:44:10 PM - System Checkpoint
RP682: 10/10/2010 2:29:49 PM - System Checkpoint
RP683: 10/14/2010 11:48:41 PM - System Checkpoint
RP684: 10/15/2010 1:59:53 PM - Software Distribution Service 3.0
RP685: 10/17/2010 12:04:39 PM - Software Distribution Service 3.0
RP686: 10/27/2010 7:04:17 PM - System Checkpoint
RP687: 10/29/2010 7:59:05 PM - Installed Microsoft Office PowerPoint Viewer 2007 (English)
RP688: 10/31/2010 12:12:47 AM - System Checkpoint
RP689: 11/12/2010 2:54:41 PM - System Checkpoint
RP690: 11/12/2010 6:39:25 PM - Software Distribution Service 3.0
RP691: 11/12/2010 7:47:49 PM - Installed Java(TM) 6 Update 22

==== Installed Programs ======================

Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 5.5
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS
Adobe Reader 7.0
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
BitPim 1.0.6
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon EOS-1D Mark II N WIA Driver
Canon EOS-1Ds Mark II WIA Driver
Canon EOS 5D WIA Driver
Canon EOS Kiss_N REBEL_XT 350D WIA Driver
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 2.1
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Conexant AC-Link Audio
DeductionPro 2007
DeductionPro 2008
DeductionPro 2009
deskPDF 2.5 Professional Edition
Docudesk GPL Ghostscript 8.15
EPSON CX 4200 4800 Guide
EPSON PhotoCenter
EPSON Printer Software
EPSON Scan
EPSON Web-To-Page
ESET Online Scanner v3
F1 2002
Google Chrome
Google Toolbar for Internet Explorer
Google Updater
H&R Block Deluxe + Efile + State 2009
H&R Block Maryland 2009
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Format SDK (KB910998)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HpSdpAppCoreApp
HSP 1.0
Intel(R) Extreme Graphics 2 Driver
InterVideo WinDVD
Ipswitch WS_FTP Professional 2007
iTunes
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_05
Java Auto Updater
Java(TM) 6 Update 22
Jewel Quest (remove only)
LG USB Modem driver
LiveUpdate 3.0 (Symantec Corporation)
Logitech Desktop Messenger
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Standard Edition 2003
Microsoft Office Visio Professional 2003
Microsoft Office XP Professional with FrontPage
Microsoft Project 2000 SR-1
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 3.5 - SE
P.I.M. II Plug-In
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
PodUtil 2.7.1
Quick Launch Buttons 5.00 C2
Quicken 2007
QuickTime
Remote Control USB Driver
Scan Workshop / NeoTicker EOD 3
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SoftV92 Data Fax Modem with SmartCP
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Synaptics Pointing Device Driver
TaxCut Maryland 2007
TaxCut Maryland 2008
TaxCut Premium + State + Efile 2007
TaxCut Premium + State + Efile 2008
Texas Instruments PCIxx21/x515 drivers.
TIxx21/x515
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
V CAST Music with Rhapsody
Verizon Online DSL
Verizon Online Help & Support
Verizon Yahoo! Applications
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows XP Service Pack 3
WinPatrol 2007
WinZip
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

11/13/2010 8:09:23 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
11/12/2010 8:09:39 PM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
11/12/2010 8:09:39 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/12/2010 8:09:39 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
11/12/2010 8:09:39 PM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
11/12/2010 8:09:39 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
11/12/2010 8:09:39 PM, error: Service Control Manager [7034] - The Automatic LiveUpdate Scheduler service terminated unexpectedly. It has done this 1 time(s).
11/12/2010 8:09:39 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/12/2010 8:09:39 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/12/2010 6:46:49 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/12/2010 6:46:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
11/12/2010 11:48:50 AM, error: Print [19] - Sharing printer failed + 1722, Printer PDF995 share name Printer2.
11/12/2010 11:48:46 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

dds log:

DDS (Ver_10-11-10.01) - NTFSx86
Run by W. Jeffrey Lees at 23:09:47.45 on Sat 11/13/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.734.329 [GMT -5:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Documents and Settings\W. Jeffrey Lees\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\W. Jeffrey Lees\My Documents\downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyServer = proxy.ict:8080
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: UberButton Class: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\program files\yahoo!\common\YIeTagBm.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\documents and settings\w. jeffrey lees\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [MP10_EnsureFileVer] c:\windows\inf\unregmp2.exe /EnsureFileVersions
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: stumbleupon.com
Trusted Zone: turbotax.com
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {AECD14A8-F662-11D1-A395-00805F535788} - hxxp://www.investors.com/member/ocx/plotwon.ocx
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-10-5 64288]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-11-25 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-25 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-11-25 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-25 56816]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1375992]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15264]
S4 Faspnpwhise;Faspnpwhise; [x]

=============== Created Last 30 ================

2010-11-14 01:08:05 54016 ----a-w- c:\windows\system32\drivers\icbepvpr.sys
2010-11-14 00:54:43 -------- d-----w- c:\docume~1\w6319~1.jef\applic~1\Malwarebytes
2010-11-14 00:54:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-14 00:54:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-14 00:54:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-14 00:54:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-13 01:48:12 -------- d-----w- c:\program files\ESET
2010-11-13 01:09:26 -------- d-----w- C:\_OTL
2010-11-13 00:49:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 23:03:00 -------- d-sha-r- C:\cmdcons
2010-11-12 22:58:25 98816 ----a-w- c:\windows\sed.exe
2010-11-12 22:58:25 89088 ----a-w- c:\windows\MBR.exe
2010-11-12 22:58:25 256512 ----a-w- c:\windows\PEV.exe
2010-11-12 22:58:25 161792 ----a-w- c:\windows\SWREG.exe
2010-11-12 22:57:38 -------- d-----w- C:\ComboFix
2010-10-29 23:58:40 -------- d-----w- c:\program files\MSECache
2010-10-17 15:59:32 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

==================== Find3M ====================

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 07:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 23:10:31.00 ===============

broni · 2010/11/14

MBRCheck log is missing.

67bmer · 2010/11/14

sorry!

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 131):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7E03000 \WINDOWS\system32\KDCOM.DLL
0xF7D13000 \WINDOWS\system32\BOOTVID.dll
0xF78B4000 ACPI.sys
0xF7E05000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF78A3000 pci.sys
0xF7903000 isapnp.sys
0xF7913000 ohci1394.sys
0xF7923000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7D17000 compbatt.sys
0xF7D1B000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7ECB000 pciide.sys
0xF7B83000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7E07000 intelide.sys
0xF7E09000 viaide.sys
0xF7E0B000 aliide.sys
0xF7885000 pcmcia.sys
0xF7933000 MountMgr.sys
0xF7866000 ftdisk.sys
0xF7D1F000 ACPIEC.sys
0xF7ECC000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7B8B000 PartMgr.sys
0xF7943000 VolSnap.sys
0xF784E000 atapi.sys
0xF7953000 disk.sys
0xF7963000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF782E000 fltmgr.sys
0xF781C000 sr.sys
0xF7973000 Lbd.sys
0xF7983000 PxHelp20.sys
0xF7805000 KSecDD.sys
0xF77F2000 WudfPf.sys
0xF7765000 Ntfs.sys
0xF7738000 NDIS.sys
0xF7993000 serial.sys
0xF771E000 Mup.sys
0xF7A33000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7DF3000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF6BB2000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF6B9E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7C73000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6B7A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7C7B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6B68000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys
0xF6858000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xF7A43000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7C83000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF682A000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7E3D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7C8B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7142000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7C93000 \SystemRoot\system32\drivers\pfc.sys
0xF7132000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7122000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6807000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7C9B000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xF67C3000 \SystemRoot\system32\drivers\camchal.sys
0xF677B000 \SystemRoot\system32\drivers\camcaud.sys
0xF6757000 \SystemRoot\system32\drivers\portcls.sys
0xF7112000 \SystemRoot\system32\drivers\drmk.sys
0xF6726000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF6627000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6580000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7CA3000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7DFB000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF802A000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7102000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7DFF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6569000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF70F2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF70E2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7CAB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6558000 \SystemRoot\system32\DRIVERS\psched.sys
0xF70D2000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7CBB000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7CC3000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF70C2000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7E41000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF64FA000 \SystemRoot\system32\DRIVERS\update.sys
0xF76CC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF70B2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7A63000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7E43000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7F1B000 \SystemRoot\System32\Drivers\Null.SYS
0xF7E45000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7CD3000 \SystemRoot\System32\drivers\vga.sys
0xF7E47000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7E49000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7CDB000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7CE3000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7D9F000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xED748000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xED6EF000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xED6C7000 \SystemRoot\system32\DRIVERS\netbt.sys
0xED6A5000 \SystemRoot\System32\drivers\afd.sys
0xF7A73000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7CEB000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xED67A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xED5E2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7A83000 \SystemRoot\System32\Drivers\Fips.SYS
0xED5BC000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7A93000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xED55A000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xF7E4D000 \??\C:\WINDOWS\system32\drivers\EABFiltr.sys
0xED53E000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7E61000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xF7AB3000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xED526000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7E63000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6C64000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7D0B000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7FD6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF040000 \SystemRoot\System32\ialmdev5.DLL
0xBF064000 \SystemRoot\System32\ialmdd5.DLL
0xED3D2000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xED306000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xED05D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xED020000 \SystemRoot\system32\drivers\wdmaud.sys
0xED34A000 \SystemRoot\system32\drivers\sysaudio.sys
0xECD09000 \SystemRoot\System32\Drivers\HTTP.sys
0xECE26000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xED010000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xECB71000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA7BD000 \??\C:\DOCUME~1\W6319~1.JEF\LOCALS~1\Temp\kwriypob.sys
0xBA792000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 53):
0 System Idle Process
4 System
568 C:\WINDOWS\system32\smss.exe
640 csrss.exe
664 C:\WINDOWS\system32\winlogon.exe
716 C:\WINDOWS\system32\services.exe
728 C:\WINDOWS\system32\lsass.exe
896 C:\WINDOWS\system32\svchost.exe
948 svchost.exe
1008 C:\WINDOWS\system32\svchost.exe
1112 C:\WINDOWS\system32\svchost.exe
1256 C:\WINDOWS\explorer.exe
1296 svchost.exe
1408 svchost.exe
1556 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1628 C:\WINDOWS\system32\spoolsv.exe
1684 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1728 svchost.exe
1944 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1964 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1984 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
208 C:\Program Files\Bonjour\mDNSResponder.exe
276 C:\Program Files\Java\jre6\bin\jqs.exe
424 C:\WINDOWS\system32\svchost.exe
496 C:\Program Files\Viewpoint\Common\ViewpointService.exe
1940 C:\Program Files\Canon\CAL\CALMAIN.exe
1920 alg.exe
416 unsecapp.exe
436 C:\WINDOWS\system32\igfxtray.exe
596 wmiprvse.exe
1212 C:\WINDOWS\system32\hkcmd.exe
604 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
1368 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1228 C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
1812 C:\Program Files\Yahoo!\browser\ybrwicon.exe
1660 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
1024 C:\Program Files\iTunes\iTunesHelper.exe
2052 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2060 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2072 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
2184 C:\Program Files\Yahoo!\browser\ycommon.exe
2284 C:\Documents and Settings\W. Jeffrey Lees\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
2324 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
3196 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
3888 C:\WINDOWS\system32\svchost.exe
3224 C:\Program Files\iPod\bin\iPodService.exe
2508 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
3624 C:\WINDOWS\system32\taskmgr.exe
3524 C:\Program Files\Internet Explorer\iexplore.exe
2820 C:\Program Files\Internet Explorer\iexplore.exe
2228 C:\WINDOWS\system32\notepad.exe
1892 C:\Program Files\Internet Explorer\iexplore.exe
1724 C:\Documents and Settings\W. Jeffrey Lees\My Documents\downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HTS424040M9AT00, Rev: MA2OA72A

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E

Done!

broni · 2010/11/14

That looks good

I can see some Norton's leftovers. Please, run this tool to remove them: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

================================================================

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ( "drive-by-install ") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

===============================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

67bmer · 2010/11/14

ComboFix 10-11-12.01 - W. Jeffrey Lees 11/14/2010 21:29:29.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.734.312 [GMT -5:00]
Running from: c:\documents and settings\W. Jeffrey Lees\My Documents\downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.

((((((((((((((((((((((((( Files Created from 2010-10-15 to 2010-11-15 )))))))))))))))))))))))))))))))
.

2010-11-14 00:54 . 2010-11-14 00:54 -------- d-----w- c:\documents and settings\W. Jeffrey Lees\Application Data\Malwarebytes
2010-11-14 00:54 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-14 00:54 . 2010-11-14 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-14 00:54 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-14 00:54 . 2010-11-14 00:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-13 01:48 . 2010-11-13 01:48 -------- d-----w- c:\program files\ESET
2010-11-13 01:09 . 2010-11-13 01:09 -------- d-----w- C:\_OTL
2010-11-13 00:49 . 2010-09-15 09:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-29 23:58 . 2010-10-29 23:58 -------- d-----w- c:\program files\MSECache
2010-10-17 15:59 . 2010-11-12 18:25 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-28 01:56 . 2001-08-17 15:51 3328 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-09-18 16:23 . 2004-08-04 08:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 08:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 08:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 08:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 07:29 . 2009-07-18 02:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-04 08:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 08:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 08:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-04 08:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-17 21:35 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-04 08:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-11-12_23.16.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-15 02:12 . 2010-11-15 02:12 16384 c:\windows\temp\Perflib_Perfdata_764.dat
+ 2010-11-13 00:49 . 2010-09-15 09:50 153376 c:\windows\system32\javaws.exe
+ 2010-11-13 00:49 . 2010-09-15 09:50 145184 c:\windows\system32\javaw.exe
+ 2010-11-13 00:49 . 2010-09-15 09:50 145184 c:\windows\system32\java.exe
+ 2010-11-13 00:50 . 2010-11-13 00:50 180224 c:\windows\Installer\a8614.msi
+ 2006-01-07 01:06 . 2010-11-12 23:39 35758536 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-11-13 2105176]
"Google Update "= "c:\documents and settings\W. Jeffrey Lees\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-11 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2004-06-17 118784]
"UpdateManager "= "c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SynTPLpr "= "c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
"eabconfg.cpl "= "c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-18 290816]
"Cpqset "= "c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-14 229438]
"YBrowser "= "c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 57344]
"WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2007-09-23 292152]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"MP10_EnsureFileVer "= "c:\windows\inf\unregmp2.exe" [2008-04-14 208896]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-4-10 113664]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-4-10 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-7-19 67128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.ex\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=c:\windows\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-15 18:11 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe "=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe "=
"c:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe "=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/5/2010 10:04 PM 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/25/2009 7:01 PM 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 7:15 AM 1375992]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 7:15 AM 15264]
S4 Faspnpwhise;Faspnpwhise; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-11-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 18:25]

2010-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-309974401-3624260699-964024907-1006Core.job
- c:\documents and settings\W. Jeffrey Lees\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-11 23:13]

2010-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-309974401-3624260699-964024907-1006UA.job
- c:\documents and settings\W. Jeffrey Lees\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-11 23:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyServer = proxy.ict:8080
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: stumbleupon.com
Trusted Zone: turbotax.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 21:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????H<C? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A76448FF-EA59-23D3-98F3B9C94A7EC293}\{51B7BFF3-30C4-3859-72DBC6993BF1721D}\{60FC5D85-3D13-ED0E-8811CBE6817E353D}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1 "=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1228)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-11-14 21:43:57
ComboFix-quarantined-files.txt 2010-11-15 02:43
ComboFix2.txt 2010-11-12 23:21

Pre-Run: 4,533,481,472 bytes free
Post-Run: 4,507,750,400 bytes free

- - End Of File - - 39A13E530C19C3909B10CBEF2EFE9BD5

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as W. Jeffrey Lees on 11/14/2010 at 22:02:23.

Services Stopped:

Processes terminated by Rkill or while it was running:

C:\Documents and Settings\W. Jeffrey Lees\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\W. Jeffrey Lees\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\W. Jeffrey Lees\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\W. Jeffrey Lees\My Documents\downloads\rkill.com

Rkill completed on 11/14/2010 at 22:02:26.

broni · 2010/11/14

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
DDS::
uInternet Settings,ProxyServer = proxy.ict:8080
uInternet Settings,ProxyOverride = *.local;<local>


Driver::
Faspnpwhise


RegNull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A76448FF-EA59-23D3-98F3B9C94A7EC293}\{51B7BFF3-30C4-3859-72DBC6993BF1721D}\{60FC5D85-3D13-ED0E-8811CBE6817E353D}*]
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

67bmer · 2010/11/14

ComboFix 10-11-12.01 - W. Jeffrey Lees 11/14/2010 23:16:54.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.734.230 [GMT -5:00]
Running from: c:\documents and settings\W. Jeffrey Lees\My Documents\downloads\ComboFix.exe
Command switches used :: c:\documents and settings\W. Jeffrey Lees\My Documents\downloads\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Faspnpwhise

((((((((((((((((((((((((( Files Created from 2010-10-15 to 2010-11-15 )))))))))))))))))))))))))))))))
.

2010-11-14 00:54 . 2010-11-14 00:54 -------- d-----w- c:\documents and settings\W. Jeffrey Lees\Application Data\Malwarebytes
2010-11-14 00:54 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-14 00:54 . 2010-11-14 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-14 00:54 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-14 00:54 . 2010-11-14 00:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-13 01:48 . 2010-11-13 01:48 -------- d-----w- c:\program files\ESET
2010-11-13 01:09 . 2010-11-13 01:09 -------- d-----w- C:\_OTL
2010-11-13 00:49 . 2010-09-15 09:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-29 23:58 . 2010-10-29 23:58 -------- d-----w- c:\program files\MSECache
2010-10-17 15:59 . 2010-11-12 18:25 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-28 01:56 . 2001-08-17 15:51 3328 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-09-18 16:23 . 2004-08-04 08:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 08:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 08:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 08:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 07:29 . 2009-07-18 02:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-04 08:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 08:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 08:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-04 08:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-17 21:35 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-04 08:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-11-13 2105176]
"Google Update "= "c:\documents and settings\W. Jeffrey Lees\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-11 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2004-06-17 118784]
"UpdateManager "= "c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SynTPLpr "= "c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
"eabconfg.cpl "= "c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-18 290816]
"Cpqset "= "c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-14 229438]
"YBrowser "= "c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 57344]
"WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2007-09-23 292152]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"MP10_EnsureFileVer "= "c:\windows\inf\unregmp2.exe" [2008-04-14 208896]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-4-10 113664]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-4-10 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-7-19 67128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.ex\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=c:\windows\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-15 18:11 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe "=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe "=
"c:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe "=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/5/2010 10:04 PM 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/25/2009 7:01 PM 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 7:15 AM 1375992]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 7:15 AM 15264]
.
Contents of the 'Scheduled Tasks' folder

2010-11-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 18:25]

2010-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-309974401-3624260699-964024907-1006Core.job
- c:\documents and settings\W. Jeffrey Lees\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-11 23:13]

2010-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-309974401-3624260699-964024907-1006UA.job
- c:\documents and settings\W. Jeffrey Lees\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-11 23:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: stumbleupon.com
Trusted Zone: turbotax.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 23:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????H<C? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3520)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\documents and settings\W. Jeffrey Lees\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-11-14 23:43:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-15 04:43
ComboFix2.txt 2010-11-15 02:43
ComboFix3.txt 2010-11-12 23:21

Pre-Run: 4,495,511,552 bytes free
Post-Run: 4,417,667,072 bytes free

- - End Of File - - 2D2FDC8F7A7B02ECD81F70E14D00E6CD

broni · 2010/11/14

Good

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

My bed time is coming, so I'll check on you tomorrow

67bmer · 2010/11/16

I have been staying off the www since seeking your help. I have done some google searches and I have not been re-direced once. was he r3 a google scam or was it a virus/malware?

here is the modified scan results:

OTL logfile created on: 11/15/2010 7:28:58 AM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\W. Jeffrey Lees\My Documents\downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

734.00 Mb Total Physical Memory | 237.00 Mb Available Physical Memory | 32.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 35.00% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 4.14 Gb Free Space | 11.11% Space Free | Partition Type: NTFS

Computer Name: JEFFSLAPTOP | User Name: W. Jeffrey Lees | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/15 07:27:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\W. Jeffrey Lees\My Documents\downloads\OTL.exe
PRC - [2010/11/12 13:25:28 | 000,928,496 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/11/12 13:25:26 | 001,375,992 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/10/21 19:32:32 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\W. Jeffrey Lees\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/07/19 20:20:23 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/23 12:30:24 | 000,292,152 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2005/09/30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/04/01 16:44:18 | 000,229,376 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2004/10/05 11:25:10 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/09/17 19:19:42 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2003/12/09 11:03:08 | 000,057,344 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ybrwicon.exe

========== Modules (SafeList) ==========

MOD - [2010/11/15 07:27:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\W. Jeffrey Lees\My Documents\downloads\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/09/23 12:30:38 | 000,062,768 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
MOD - [2004/10/01 05:44:30 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/12 13:25:26 | 001,375,992 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2006/04/18 03:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2005/09/30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/11/12 13:25:52 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/08/12 07:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/12/07 17:43:39 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/04/09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2004/11/08 10:06:08 | 000,085,504 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/10/14 09:53:00 | 000,276,480 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004/10/14 09:52:02 | 000,292,864 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2004/10/05 11:17:32 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/09/20 03:41:00 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2004/06/28 05:35:24 | 000,069,760 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/04/14 11:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/03/10 06:40:28 | 000,199,552 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/03/10 06:37:26 | 000,682,624 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/03/10 06:35:48 | 001,041,536 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/19 15:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/06/06 15:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2001/08/17 15:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 10:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010/11/14 23:30:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo!, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: stumbleupon.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} http://www.investors.com/member/ocx/plotwon.ocx (Plotwon Control)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\W. Jeffrey Lees\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\W. Jeffrey Lees\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.ex) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/15 00:15:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/13 19:54:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\W. Jeffrey Lees\Application Data\Malwarebytes
[2010/11/13 19:54:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/13 19:54:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/13 19:54:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/13 19:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/12 20:48:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/12 20:09:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/12 19:50:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/11/12 18:03:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/12 17:58:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/12 17:58:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/12 17:58:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/12 17:58:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/12 17:57:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/12 17:56:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/29 18:58:40 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/10/17 10:59:32 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

========== Files - Modified Within 30 Days ==========

[2010/11/15 01:37:16 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-309974401-3624260699-964024907-1006UA.job
[2010/11/14 23:38:12 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/14 23:31:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/14 23:30:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/14 23:29:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/14 20:37:01 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-309974401-3624260699-964024907-1006Core.job
[2010/11/13 19:54:34 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/13 17:39:54 | 000,186,841 | ---- | M] () -- C:\Documents and Settings\W. Jeffrey Lees\My Documents\2010-09-13-verizon.pdf
[2010/11/13 17:38:13 | 000,187,654 | ---- | M] () -- C:\Documents and Settings\W. Jeffrey Lees\My Documents\2010-10-13-verizon.pdf
[2010/11/12 18:03:11 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/12 17:51:30 | 000,026,107 | ---- | M] () -- C:\Documents and Settings\W. Jeffrey Lees\Desktop\combofix.htm
[2010/11/12 13:25:56 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/11/12 12:44:58 | 000,002,388 | ---- | M] () -- C:\Documents and Settings\W. Jeffrey Lees\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/12 12:44:56 | 000,002,410 | ---- | M] () -- C:\Documents and Settings\W. Jeffrey Lees\Desktop\Google Chrome.lnk
[2010/11/12 11:55:05 | 000,401,848 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/12 11:55:04 | 000,062,856 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/12 11:48:05 | 000,254,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/10/24 21:59:37 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\W. Jeffrey Lees\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/10/17 16:11:01 | 000,013,590 | ---- | M] () -- C:\WINDOWS\System32\235.js
[2010/10/17 11:13:40 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2010/11/13 19:54:34 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/13 17:39:54 | 000,186,841 | ---- | C] () -- C:\Documents and Settings\W. Jeffrey Lees\My Documents\2010-09-13-verizon.pdf
[2010/11/13 17:38:13 | 000,187,654 | ---- | C] () -- C:\Documents and Settings\W. Jeffrey Lees\My Documents\2010-10-13-verizon.pdf
[2010/11/12 18:03:11 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/11/12 18:03:04 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/12 17:58:25 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/12 17:58:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/12 17:58:25 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/12 17:58:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/12 17:58:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/12 17:51:49 | 000,026,107 | ---- | C] () -- C:\Documents and Settings\W. Jeffrey Lees\Desktop\combofix.htm
[2010/10/17 16:11:01 | 000,013,590 | ---- | C] () -- C:\WINDOWS\System32\235.js
[2009/02/28 12:01:48 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\W. Jeffrey Lees\Application Data\175E7C
[2009/02/28 12:01:47 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\W. Jeffrey Lees\Application Data\mcs.rma
[2008/04/05 20:10:57 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/04/05 20:09:05 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/04/02 19:37:41 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/10/07 13:47:57 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\W. Jeffrey Lees\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/28 21:11:40 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/09/23 19:02:41 | 000,018,764 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2006/08/30 19:14:24 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/08/30 19:13:41 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/06/17 03:38:54 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/06/07 17:00:02 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2006/06/06 09:35:02 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\EAL.INI
[2006/05/25 19:42:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/02/24 15:54:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\deskMenu2.dll
[2006/02/17 18:26:25 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\W. Jeffrey Lees\Application Data\com.kennettnet.PodUtil.plist
[2006/02/04 10:12:43 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2006/01/20 18:55:27 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/01/20 18:55:27 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/01/07 21:52:07 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/01/07 21:48:07 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4200.ini
[2006/01/01 22:33:10 | 000,000,233 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2006/01/01 22:32:42 | 000,000,221 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/03/01 14:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2005/02/18 16:52:14 | 000,061,502 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL
[2004/12/14 08:00:54 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/12/14 08:00:54 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/12/14 08:00:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/12/14 08:00:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/12/14 08:00:54 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/12/14 08:00:54 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/12/14 07:53:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/16 07:42:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 08:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 08:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 07:57:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2007/07/17 22:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2007/09/28 22:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Joy coal mpeg heck
[2004/12/14 08:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/10/17 20:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/03/27 11:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2010/10/24 10:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/14 21:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/06/02 19:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2010/10/05 22:02:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2007/05/05 20:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\W. Jeffrey Lees\Application Data\Aim
[2006/12/10 16:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\W. Jeffrey Lees\Application Data\Canon
[2007/09/23 19:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\W. Jeffrey Lees\Application Data\deskPDF
[2010/08/23 19:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\W. Jeffrey Lees\Application Data\EPSON
[2006/01/30 19:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\W. Jeffrey Lees\Application Data\ICAClient
[2006/01/07 21:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\W. Jeffrey Lees\Application Data\Leadertech
[2008/04/05 20:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\W. Jeffrey Lees\Application Data\pdf995
[2008/11/05 19:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\W. Jeffrey Lees\Application Data\StumbleUpon
[2010/05/11 20:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\W. Jeffrey Lees\Application Data\TaxCut
[2007/08/17 19:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\W. Jeffrey Lees\Application Data\Viewpoint
[2007/09/28 22:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\W. Jeffrey Lees\Application Data\WinPatrol
[2010/11/14 23:38:12 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/11/14 23:29:15 | 000,008,904 | ---- | M] () -- C:\aaw7boot.log
[2007/02/24 20:48:10 | 000,000,462 | ---- | M] () -- C:\asmruntime.log
[2006/01/26 20:47:44 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/11/12 18:03:11 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/11/14 23:43:23 | 000,011,506 | ---- | M] () -- C:\ComboFix.txt
[2007/09/28 22:42:47 | 000,000,106 | ---- | M] () -- C:\delete.bat
[2006/01/01 22:34:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/07/06 20:19:24 | 000,001,093 | -H-- | M] () -- C:\IPH.PH
[2010/11/12 19:55:10 | 000,000,623 | ---- | M] () -- C:\JavaRa.log
[2006/01/01 22:34:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/09/28 22:44:14 | 000,004,776 | ---- | M] () -- C:\NoLop.log
[2004/08/04 03:00:00 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com
[2008/10/16 17:35:36 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/14 23:29:15 | 352,321,536 | -HS- | M] () -- C:\pagefile.sys
[2010/11/14 22:02:26 | 000,000,763 | ---- | M] () -- C:\rkill.log
[2006/01/20 20:57:47 | 000,001,433 | ---- | M] () -- C:\smitfiles.txt
[2005/10/31 10:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2010/10/27 20:53:02 | 000,039,946 | ---- | M] () -- C:\TDSSKiller.2.4.5.1_27.10.2010_21.51.34_log.txt

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/07 07:57:38 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2003/06/18 20:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/10/14 17:18:06 | 000,001,682 | -H-- | M] () -- C:\Documents and Settings\W. Jeffrey Lees\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/07 00:45:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/07 00:45:26 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/07 00:45:26 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/10/16 18:03:27 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2004/12/14 08:20:44 | 000,002,568 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\secedit.INTEG.RAW

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/01/02 10:16:07 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\W. Jeffrey Lees\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/07 08:04:04 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\W. Jeffrey Lees\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2007/04/06 20:23:10 | 000,439,296 | ---- | M] (Citrix Online) -- C:\Documents and Settings\W. Jeffrey Lees\GoToAssist_phone__317_en.exe
[2006/05/26 09:02:04 | 000,439,296 | ---- | M] (Citrix Online) -- C:\Documents and Settings\W. Jeffrey Lees\remote.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/01/02 10:16:03 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\W. Jeffrey Lees\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2009/07/12 00:01:56 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\W. Jeffrey Lees\Cookies\desktop.ini
[2010/11/15 07:25:26 | 000,163,840 | -H-- | M] () -- C:\Documents and Settings\W. Jeffrey Lees\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/13 19:12:38 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/03 22:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/03 22:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/03 22:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/03 22:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/03 22:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/03 22:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/03 22:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >

broni · 2010/11/16

I still need Extras.txt

broni · 2010/11/17

It happens sometimes.
Let me take a look at your log...hold on there.

broni · 2010/11/17

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2010/11/14 21:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/08/17 19:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\W. Jeffrey Lees\Application Data\Viewpoint


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

67bmer · 2010/11/21

OTL log:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Folder C:\Documents and Settings\All Users\Application Data\Viewpoint\ not found.
Folder C:\Documents and Settings\W. Jeffrey Lees\Application Data\Viewpoint\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: W. Jeffrey Lees
->Temp folder emptied: 102070 bytes
->Temporary Internet Files folder emptied: 2267851 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 46518580 bytes
->Flash cache emptied: 2143 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 452 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 47.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: W. Jeffrey Lees
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 11212010_092754

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\W. Jeffrey Lees\Local Settings\Temp\~DFE647.tmp not found!
File\Folder C:\Documents and Settings\W. Jeffrey Lees\Local Settings\Temp\~DFE661.tmp not found!
File\Folder C:\Documents and Settings\W. Jeffrey Lees\Local Settings\Temp\~DFE9F9.tmp not found!
File\Folder C:\Documents and Settings\W. Jeffrey Lees\Local Settings\Temp\~DFEA17.tmp not found!
File\Folder C:\Documents and Settings\W. Jeffrey Lees\Local Settings\Temp\~DFEB8A.tmp not found!
File\Folder C:\Documents and Settings\W. Jeffrey Lees\Local Settings\Temp\~DFECCB.tmp not found!
C:\Documents and Settings\W. Jeffrey Lees\Local Settings\Temporary Internet Files\Content.IE5\V5R0HBXB\audmeasure[1].gif moved successfully.
C:\Documents and Settings\W. Jeffrey Lees\Local Settings\Temporary Internet Files\Content.IE5\V5R0HBXB\L[2].htm moved successfully.
C:\Documents and Settings\W. Jeffrey Lees\Local Settings\Temporary Internet Files\Content.IE5\V5R0HBXB\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Documents and Settings\W. Jeffrey Lees\Local Settings\Temporary Internet Files\Content.IE5\V5R0HBXB\p-01-0VIaSjnOLg[2].gif moved successfully.
C:\Documents and Settings\W. Jeffrey Lees\Local Settings\Temporary Internet Files\Content.IE5\SY87H1DG\ads[1].htm moved successfully.
C:\Documents and Settings\W. Jeffrey Lees\Local Settings\Temporary Internet Files\Content.IE5\SY87H1DG\iframescript[1].htm moved successfully.
C:\Documents and Settings\W. Jeffrey Lees\Local Settings\Temporary Internet Files\Content.IE5\SY87H1DG\L[1].htm moved successfully.
C:\Documents and Settings\W. Jeffrey Lees\Local Settings\Temporary Internet Files\Content.IE5\EHF37S6S\96220-active-r3-google-com-xxxxxx-redirect-problem[1].html moved successfully.
C:\Documents and Settings\W. Jeffrey Lees\Local Settings\Temporary Internet Files\Content.IE5\EHF37S6S\audmeasure[1].gif moved successfully.
C:\Documents and Settings\W. Jeffrey Lees\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Out of date Spybot installed!
Ad-Aware
WinPatrol 2007 (Outdated! Latest version is WinPatrol 2009)
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Java 2 Runtime Environment, SE v1.4.2_05
Out of date Java installed!
Adobe Flash Player 10.1.53.64
Adobe Reader 7.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
WinPatrol winpatrol.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
BillP Studios WinPatrol winpatrol.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

ESET log:
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP691\A0107212.exe probably a variant of Win32/Agent.HZHBURL trojan

broni · 2010/11/21

Update WinPatrol.

Uninstall Java 2 Runtime Environment, SE v1.4.2_05 .

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

make sure, you have both boxes UN-checked AND (important!) click on Decline button

================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

67bmer · 2010/11/21

Thank you very much!!!

what browser do you recommend? I have been using google chrome. it looks like WOT is only for ie.

broni · 2010/11/21

You're very welcome

You can use WOT in Chrome: http://www.mywot.com/en/download

Good luck and stay safe

Log in or Sign up

Solved r3.google.com/xxxxxx redirect problem

67bmer Inactive Thread Starter

broni Moderator Malware Analyst

67bmer Inactive Thread Starter

67bmer Inactive Thread Starter

broni Moderator Malware Analyst

67bmer Inactive Thread Starter

broni Moderator Malware Analyst

67bmer Inactive Thread Starter

broni Moderator Malware Analyst

67bmer Inactive Thread Starter

broni Moderator Malware Analyst

67bmer Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

broni Moderator Malware Analyst

67bmer Inactive Thread Starter

broni Moderator Malware Analyst

67bmer Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved r3.google.com/xxxxxx redirect problem

67bmer Inactive Thread Starter

broni Moderator Malware Analyst

67bmer Inactive Thread Starter

67bmer Inactive Thread Starter

broni Moderator Malware Analyst

67bmer Inactive Thread Starter

broni Moderator Malware Analyst

67bmer Inactive Thread Starter

broni Moderator Malware Analyst

67bmer Inactive Thread Starter

broni Moderator Malware Analyst

67bmer Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

broni Moderator Malware Analyst

67bmer Inactive Thread Starter

broni Moderator Malware Analyst

67bmer Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches