BleepingComputer.com: Another Google Redirect Issue

I'm having the same issue many other posters are having. Went to an iffy website last week and got infected. I managed to clean out most of the malware with Symantec, MBAM, and Ad-Aware, but I still get Google link redirects to ad sites. I can get to the cached result and then click the link, but no direct links to websites. I followed the forum's prep guide; DDS log is below, attach.txt and ark.txt are attached. Thank you so much for your help. I really appreciate the time you put into this.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by BMiller at 9:19:48.08 on Fri 04/08/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.280 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Altiris\Aclient\AClient.exe
C:\Program Files\Altiris\Altiris Agent\aexnsagent.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hasplms.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\lotus\notes\nsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Altiris\Aclient\AClntUsr.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\lotus\notes\NLNOTES.EXE
C:\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\lotus\notes\ntaskldr.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\BMiller.INT\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://secure.constructware.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Pistolstar Web SSO: {f01a34b2-0067-431c-a5e1-eff58d85c9be} - c:\program files\pistolstar\password power client\IE_SSO_Toolbar.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Pistolstar Web SSO: {f01a34b2-0067-431c-a5e1-eff58d85c9be} - c:\program files\pistolstar\password power client\IE_SSO_Toolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [AClntUsr] c:\program files\altiris\aclient\AClntUsr.EXE
mRun: [Logon Script Launcher] c:\vpnraslogonhook.vbs
mRun: [Client Access Service] "c:\program files\ibm\client access\cwbsvstr.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
mRun: [AeXAgentLogon] c:\program files\altiris\altiris agent\AeXAgentActivate.exe /logon
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Pistolstar_SSO] "c:\program files\pistolstar\password power client\APOSSO.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{871df2be-41d2-4334-ac33-839af16fc8fe}\Icon3E5562ED7.ico
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-explorer: NoMSAppLogo5ChannelNotify = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01892B12-4ABE-47E8-B7C1-4692F0B74024} - hxxps://drawing.constructware.com/IGC/BravaClientX.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633
DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} - hxxp://intranet.clarkus.com/qp2.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} - hxxps://secure.constructware.com/FileTransfer/SoftwareArtisans/saxfile.cab
DPF: {36F17E17-AC00-42BC-A6D9-294AD4E7DCD6} - hxxp://ccgbthaltns.int.clarkus.com/Altiris/NS/NSCap/Bin/Win32/x86/AeXClientBootstrap.cab
DPF: {5BDBA960-6534-11D3-97C7-00500422B550} - hxxps://clarkmail.clarkus.com/download/dolcontrol.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201882458203
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://clarkmail.clarkus.com/dwa8W.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D79BD4AB-C8E1-48C7-9A86-DF163C340383} - hxxp://ccgbthdom2.clarkus.com/sametime/stmeetingroomclient/STJNILoader.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://clarkmail.clarkus.com/dwa7W.cab
DPF: {F8C41CBF-721F-4B99-9FC8-2F8077C4AD39} - hxxps://drawing.constructware.com/IGC/BravaClientX.cab
Notify: igfxcui - igfxdev.dll
Notify: itlnfw32 - itlnfw32.dll
Notify: itlntfy - itlnfw32.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: PCANotify - PCANotify.dll
AppInit_DLLs: AMINIT32.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-4-7 64512]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2007-3-30 17848]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]
R2 awhost32;Symantec pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2009-2-9 136568]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-24 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-24 169632]
R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-1 1753048]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\lotus\notes\nsd.exe -svcinvoke -ini "c:\lotus\notes\notes.ini" --> c:\lotus\notes\nsd.exe -svcinvoke -ini c:\lotus\notes\notes.ini [?]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-6-15 115952]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-6-15 1805552]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2007-11-6 6016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-11-12 102448]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-4-1 15232]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110407.002\naveng.sys [2011-4-7 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110407.002\navex15.sys [2011-4-7 1393144]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-29 136176]
S3 AltirisAgentProvider;AltirisAgentProvider;c:\program files\altiris\altiris agent\agents\wmiprovideragent\AltirisAgentProvider.exe [2009-8-25 614400]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\androidusb.sys --> c:\windows\system32\drivers\ANDROIDUSB.sys [?]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2010-8-18 13184]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S4 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2007-3-30 18232]
.
=============== Created Last 30 ================
.
2011-04-08 12:08:44 -------- d-----w- c:\docume~1\bmiller.int\applic~1\smkits
2011-04-07 16:51:13 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-07 15:57:08 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-04-07 15:56:55 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-07 15:46:25 -------- d-----w- c:\docume~1\bmiller.int\locals~1\applic~1\Sunbelt Software
2011-04-07 15:44:32 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{6A395471-4AA3-4072-AE1B-9B69A97AD164}
2011-04-07 15:43:49 -------- d-----w- c:\program files\Lavasoft
2011-04-06 18:40:46 -------- d-----w- c:\documents and settings\bmiller.int\SametimeTranscripts
2011-04-05 11:33:35 -------- d-sh--w- c:\documents and settings\bmiller.int\IECompatCache
2011-03-31 11:20:23 0 ----a-w- c:\windows\Ayehoxebux.bin
2011-03-31 11:20:22 -------- d-----w- c:\docume~1\bmiller.int\locals~1\applic~1\{18207F01-7DEB-4E05-9E6D-0E239191FB16}
2011-03-30 20:56:17 2768 ----a-w- c:\windows\ojovumeg.dll
2011-03-30 18:54:19 2768 ----a-w- c:\windows\arumarigafey.dll
2011-03-30 17:30:35 -------- d-----w- c:\docume~1\bmiller.int\locals~1\applic~1\Apple Computer
2011-03-30 14:18:25 2768 ----a-w- c:\windows\ogadageq.dll
2011-03-30 14:09:10 2768 ----a-w- c:\windows\ucicesofihut.dll
2011-03-30 13:51:12 2768 ----a-w- c:\windows\igulivih.dll
2011-03-30 13:14:20 -------- d-----w- c:\docume~1\bmiller.int\applic~1\Malwarebytes
2011-03-30 12:04:08 2768 ----a-w- c:\windows\atokoziy.dll
2011-03-29 21:27:55 2768 ----a-w- c:\windows\ijokuqis.dll
2011-03-29 19:37:34 34816 ----a-w- c:\windows\system32\itlnfw32.dll
2011-03-29 19:25:55 2768 ----a-w- c:\windows\ilodokez.dll
2011-03-29 17:23:55 2768 ----a-w- c:\windows\izohibew.dll
2011-03-29 15:22:05 2766 ----a-w- c:\windows\agevanoqiq.dll
2011-03-29 15:21:23 108032 --sha-r- c:\windows\system32\msdatsrcb.dll
2011-03-22 14:55:04 -------- d-----w- c:\docume~1\bmiller.int\locals~1\applic~1\Autodesk
2011-03-17 19:04:21 -------- d-----w- c:\windows\system32\CCM
2011-03-17 19:04:21 -------- d-----w- c:\windows\ms
2011-03-17 19:03:27 -------- d-----w- c:\program files\Windows Imaging
2011-03-17 19:03:11 -------- dc-h--w- c:\windows\$UninstallRDC$
2011-03-17 19:00:16 -------- d-----w- c:\windows\system32\ccmsetup
2011-03-17 11:28:46 -------- d-sh--w- c:\documents and settings\bmiller.int\PrivacIE
2011-03-17 11:26:43 -------- d-----w- c:\docume~1\bmiller.int\locals~1\applic~1\Adobe
2011-03-17 11:26:24 -------- d-----w- c:\docume~1\bmiller.int\locals~1\applic~1\Symantec
2011-03-17 11:25:04 45056 ----a-r- c:\docume~1\bmiller.int\applic~1\microsoft\installer\{42929f0f-ce14-47af-9fc7-ff297a603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST9160314AS rev.D005DEM1 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-e
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86C6C439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86c727d0]; MOV EAX, [0x86c7284c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86C82AB8]
3 CLASSPNP[0xF75AEFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86C389A0]
\Driver\atapi[0x86DD4CC8] -> IRP_MJ_CREATE -> 0x86C6C439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskST9160314AS_____________________________D005DEM1#5&266ff5a6&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x86C6C27F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 9:23:43.93 ===============

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Hi. Thanks so much for the quick resoonse. The issue is on my work computer so I will do what you said first thing monday morning and get back to you. Thanks again.

OK, thanks

Not sure if you wanted this pasted or attached so did both. Thanks so much.

ComboFix 11-04-10.03 - BMiller 04/11/2011 8:28.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.286 [GMT -4:00]
Running from: c:\documents and settings\BMiller.INT\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\WINDOWS
c:\documents and settings\BMiller.INT\Local Settings\Application Data\{18207F01-7DEB-4E05-9E6D-0E239191FB16}
c:\documents and settings\BMiller.INT\Local Settings\Application Data\{18207F01-7DEB-4E05-9E6D-0E239191FB16}\chrome.manifest
c:\documents and settings\BMiller.INT\Local Settings\Application Data\{18207F01-7DEB-4E05-9E6D-0E239191FB16}\chrome\content\_cfg.js
c:\documents and settings\BMiller.INT\Local Settings\Application Data\{18207F01-7DEB-4E05-9E6D-0E239191FB16}\chrome\content\overlay.xul
c:\documents and settings\BMiller.INT\Local Settings\Application Data\{18207F01-7DEB-4E05-9E6D-0E239191FB16}\install.rdf
c:\documents and settings\BMiller.INT\WINDOWS
c:\documents and settings\ClarkIT\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\helpdesk\WINDOWS
c:\documents and settings\NetworkService\Local Settings\Application Data\glowext.dll
C:\LOG2.tmp
c:\windows\agevanoqiq.dll
c:\windows\arumarigafey.dll
c:\windows\atokoziy.dll
c:\windows\Client.ini
c:\windows\igulivih.dll
c:\windows\ijokuqis.dll
c:\windows\ilodokez.dll
c:\windows\izohibew.dll
c:\windows\ogadageq.dll
c:\windows\ojovumeg.dll
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\itlnfw32.dll
c:\windows\ucicesofihut.dll
c:\windows\UNWISE.EXE
.
----- BITS: Possible infected sites -----
.
hxxp://CCGBTHSCM001.int.clarkus.com:80
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
.
.
((((((((((((((((((((((((( Files Created from 2011-03-11 to 2011-04-11 )))))))))))))))))))))))))))))))
.
.
2011-04-07 16:51 . 2011-04-07 07:59 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-07 15:57 . 2011-04-01 07:22 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-04-07 15:56 . 2011-04-07 15:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-07 15:44 . 2011-04-07 15:44 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{6A395471-4AA3-4072-AE1B-9B69A97AD164}
2011-04-07 15:43 . 2011-04-07 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-04-07 15:43 . 2011-04-07 15:43 -------- d-----w- c:\program files\Lavasoft
2011-03-31 11:20 . 2011-03-31 11:20 0 ----a-w- c:\windows\Ayehoxebux.bin
2011-03-30 18:21 . 2011-03-30 18:21 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-03-29 15:21 . 2011-03-29 15:21 108032 --sha-r- c:\windows\system32\msdatsrcb.dll
2011-03-17 19:04 . 2011-03-17 20:42 -------- d-----w- c:\windows\system32\CCM
2011-03-17 19:04 . 2011-03-17 19:04 -------- d-----w- c:\windows\ms
2011-03-17 19:03 . 2011-03-17 19:03 -------- d-----w- c:\program files\Windows Imaging
2011-03-17 19:03 . 2011-03-17 19:03 -------- dc-h--w- c:\windows\$UninstallRDC$
2011-03-17 19:00 . 2011-03-17 19:07 -------- d-----w- c:\windows\system32\ccmsetup
2011-03-17 11:24 . 2003-02-19 18:42 118784 ----a-w- C:\newsid.exe
2011-03-17 11:24 . 2008-08-01 12:18 -------- d-----w- C:\SSO
2011-03-17 11:24 . 2011-04-11 12:38 -------- d-----w- c:\documents and settings\BMiller.INT
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2008-04-14 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2007-10-27 03:30 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2007-10-27 03:30 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2008-04-14 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 53408]
"AClntUsr"="c:\program files\Altiris\Aclient\AClntUsr.EXE" [2011-04-11 184320]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2006-12-04 20531]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"Tweak UI"="TWEAKUI.CPL" [2000-06-18 106544]
"AeXAgentLogon"="c:\program files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2009-08-17 203560]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"Pistolstar_SSO"="c:\program files\Pistolstar\Password Power Client\APOSSO.exe" [2009-03-10 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2008-7-29 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2009-02-09 16:10 17272 ----a-w- c:\windows\system32\PCANotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\AMInit32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2258509989-2767499943-243238699-24363\Scripts\Logon\0\0]
"Script"=Login.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Auto run of VideoCam Suite 1.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Auto run of VideoCam Suite 1.0.lnk
backup=c:\windows\pss\Auto run of VideoCam Suite 1.0.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^BMiller^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
path=c:\documents and settings\BMiller\Start Menu\Programs\Startup\PdaNet Desktop.lnk
backup=c:\windows\pss\PdaNet Desktop.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-12-17 17:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 01:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 22:23 118784 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Altiris\\Aclient\\AClntUsr.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/7/2011 11:57 AM 64512]
R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4/1/2011 3:22 AM 1753048]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\lotus\notes\nsd.exe -svcinvoke -ini "c:\lotus\notes\notes.ini" --> c:\lotus\notes\nsd.exe -svcinvoke -ini c:\lotus\notes\notes.ini [?]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/15/2006 2:40 AM 115952]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [11/6/2007 2:43 PM 6016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [11/12/2010 12:31 PM 102448]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [4/1/2011 3:22 AM 15232]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/29/2010 11:43 AM 136176]
S3 AltirisAgentProvider;AltirisAgentProvider;c:\program files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe [8/25/2009 10:17 AM 614400]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys --> c:\windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [8/18/2010 6:05 PM 13184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
itlsvc REG_MULTI_SZ itlperf
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-01 07:58]
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 15:43]
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 15:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://secure.constructware.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {01892B12-4ABE-47E8-B7C1-4692F0B74024} - hxxps://drawing.constructware.com/IGC/BravaClientX.cab
DPF: {36F17E17-AC00-42BC-A6D9-294AD4E7DCD6} - hxxp://ccgbthaltns.int.clarkus.com/Altiris/NS/NSCap/Bin/Win32/x86/AeXClientBootstrap.cab
DPF: {5BDBA960-6534-11D3-97C7-00500422B550} - hxxps://clarkmail.clarkus.com/download/dolcontrol.cab
DPF: {D79BD4AB-C8E1-48C7-9A86-DF163C340383} - hxxp://ccgbthdom2.clarkus.com/sametime/stmeetingroomclient/STJNILoader.cab
DPF: {F8C41CBF-721F-4B99-9FC8-2F8077C4AD39} - hxxps://drawing.constructware.com/IGC/BravaClientX.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
HKLM-Run-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe
HKLM-Run-Logon Script Launcher - c:\vpnraslogonhook.vbs
HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
Notify-itlntfy - itlnfw32.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-11 09:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
@DACL=(02 0011)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@DACL=(02 0011)
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@DACL=(02 0011)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(500)
c:\windows\system32\WININET.dll
c:\windows\system32\AcSignIcon.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Altiris\Aclient\AClient.exe
c:\program files\Altiris\Altiris Agent\aexnsagent.exe
c:\program files\Symantec\pcAnywhere\awhost32.exe
c:\program files\Canon\DIAS\CnxDIAS.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\windows\system32\rundll32.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\hasplms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\lotus\notes\nsd.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\lotus\notes\ntmulti.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\StacSV.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Symantec\pcAnywhere\pcaEvents.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\Altiris\Altiris Agent\AeXAgentUIHost.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2011-04-11 09:23:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-11 13:22
.
Pre-Run: 134,815,707,136 bytes free
Post-Run: 135,111,135,232 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 34E0A26BA7C41191C2C2EF15A4645B04

Hi

Please do the following:

• Please open your MalwareBytes AntiMalware Program
  
• Click the Update Tab and search for updates
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish, so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected. <-- very important
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.

• Note: You will need to use Internet explorer for this scan
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan
  
• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start
  
• When asked, allow the activeX control to install
  
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  
• Click Scan
  
• Wait for the scan to finish
  
• When the scan completes, press the LIST OF THREATS FOUND button
  
• Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  
• Include the contents of this report in your next reply.
  
• Press the BACK button.
  
• Press Finish

Both MBAM and ESET did not find anything. MBAM log below. ESET did not offer me a export option, I guess since no threats were found. I am still having the redirects.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6333

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/11/2011 1:12:00 PM
mbam-log-2011-04-11 (13-12-00).txt

Scan type: Quick scan
Objects scanned: 211217
Time elapsed: 12 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hi,

Please do the following:


Please download TDSSKiller.zip

• Extract it to your desktop
  
• Double click TDSSKiller.exe
  
• Press Start Scan
  
  • Only if Malicious objects are found then ensure Cure is selected
    
  • Then click Continue > Reboot now
  
  
• Copy and paste the log in your next reply
  
  • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Nothing found. Log:

2011/04/12 08:12:33.0070 1964 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/12 08:12:33.0273 1964 ================================================================================
2011/04/12 08:12:33.0273 1964 SystemInfo:
2011/04/12 08:12:33.0273 1964
2011/04/12 08:12:33.0273 1964 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/12 08:12:33.0273 1964 Product type: Workstation
2011/04/12 08:12:33.0273 1964 ComputerName: BMILL-70965
2011/04/12 08:12:33.0273 1964 UserName: BMiller
2011/04/12 08:12:33.0273 1964 Windows directory: C:\WINDOWS
2011/04/12 08:12:33.0273 1964 System windows directory: C:\WINDOWS
2011/04/12 08:12:33.0273 1964 Processor architecture: Intel x86
2011/04/12 08:12:33.0273 1964 Number of processors: 2
2011/04/12 08:12:33.0273 1964 Page size: 0x1000
2011/04/12 08:12:33.0273 1964 Boot type: Normal boot
2011/04/12 08:12:33.0273 1964 ================================================================================
2011/04/12 08:12:34.0460 1964 Initialize success
2011/04/12 08:12:45.0496 3560 ================================================================================
2011/04/12 08:12:45.0496 3560 Scan started
2011/04/12 08:12:45.0496 3560 Mode: Manual;
2011/04/12 08:12:45.0496 3560 ================================================================================
2011/04/12 08:12:50.0445 3560 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/12 08:12:51.0022 3560 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/12 08:12:52.0021 3560 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/12 08:12:52.0427 3560 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/12 08:12:53.0270 3560 aksfridge (45f65f2f7ae28e5e56ab64e3ac61bd52) C:\WINDOWS\system32\drivers\aksfridge.sys
2011/04/12 08:12:54.0488 3560 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/04/12 08:12:55.0690 3560 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/04/12 08:12:56.0314 3560 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/12 08:12:58.0937 3560 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/12 08:13:00.0029 3560 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/12 08:13:01.0153 3560 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/12 08:13:02.0027 3560 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/12 08:13:02.0558 3560 awecho (c7dfd42d1906bb6f3ab7368a638c706a) C:\WINDOWS\system32\drivers\awechomd.sys
2011/04/12 08:13:02.0964 3560 awlegacy (fcd631b75d01fecb673d52bfe87774ac) C:\WINDOWS\System32\Drivers\awlegacy.sys
2011/04/12 08:13:03.0245 3560 AW_HOST (be23b51d1af7ab948f883f864454393d) C:\WINDOWS\system32\drivers\aw_host5.sys
2011/04/12 08:13:03.0729 3560 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/04/12 08:13:04.0385 3560 BCM43XX (3003c21e5e1f04ba84fc8e705a65db2b) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/04/12 08:13:05.0446 3560 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/12 08:13:05.0868 3560 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/12 08:13:06.0742 3560 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/12 08:13:07.0429 3560 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/12 08:13:08.0272 3560 Cdr4_xp (297acc7d7c66ec86ee0b4eb5af9a8fd3) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/04/12 08:13:09.0317 3560 Cdralw2k (5e31abf467a6fd857710c0927c88ee4c) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/04/12 08:13:09.0708 3560 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/12 08:13:10.0129 3560 cdudf_xp (cfd81f2140193fc7f1812e6d6eaf6795) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2011/04/12 08:13:12.0143 3560 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/04/12 08:13:12.0580 3560 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/04/12 08:13:13.0251 3560 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2011/04/12 08:13:13.0517 3560 CVPNDRVA (8a15d7bd4cf1a8ccd7c65f7349f22e35) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2011/04/12 08:13:14.0484 3560 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/12 08:13:15.0889 3560 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/12 08:13:16.0592 3560 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/12 08:13:17.0045 3560 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/12 08:13:17.0357 3560 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/12 08:13:17.0700 3560 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2011/04/12 08:13:18.0215 3560 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/04/12 08:13:18.0746 3560 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/04/12 08:13:19.0011 3560 dot4ufd (0a57b5876530febb4ebf6ad501864f96) C:\WINDOWS\system32\DRIVERS\hppaufd0.sys
2011/04/12 08:13:19.0370 3560 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/12 08:13:19.0620 3560 dvd_2K (677829f7010768eeeed8d0083e510dab) C:\WINDOWS\system32\drivers\dvd_2K.sys
2011/04/12 08:13:19.0917 3560 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/04/12 08:13:20.0089 3560 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/04/12 08:13:20.0307 3560 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/12 08:13:20.0494 3560 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/04/12 08:13:20.0666 3560 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/12 08:13:20.0807 3560 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/04/12 08:13:20.0947 3560 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/12 08:13:21.0134 3560 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/12 08:13:21.0244 3560 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/12 08:13:21.0712 3560 Gernuwa (b390bc5aa09f333c5d95be651c073564) C:\WINDOWS\system32\drivers\Gernuwa.sys
2011/04/12 08:13:21.0915 3560 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/12 08:13:22.0227 3560 guardian2 (0e1fd1ea2837d6b7a1d7b6c928014d05) C:\WINDOWS\system32\Drivers\oz776.sys
2011/04/12 08:13:22.0430 3560 hardlock (995178a443b07fa9eeaea041d7b4b5ca) C:\WINDOWS\system32\drivers\hardlock.sys
2011/04/12 08:13:22.0883 3560 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/12 08:13:23.0117 3560 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/12 08:13:23.0585 3560 HSFHWAZL (b1526810210980bed9d22315946c919d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/04/12 08:13:24.0428 3560 HSF_DPV (ddbd528e60f5961c142a490dc4ea7780) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/04/12 08:13:25.0599 3560 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/12 08:13:26.0723 3560 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/12 08:13:27.0363 3560 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/04/12 08:13:28.0097 3560 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/12 08:13:28.0581 3560 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/12 08:13:28.0955 3560 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/12 08:13:29.0236 3560 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/12 08:13:29.0502 3560 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/12 08:13:29.0907 3560 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/12 08:13:29.0985 3560 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/12 08:13:30.0142 3560 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/12 08:13:30.0220 3560 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/12 08:13:30.0298 3560 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/12 08:13:30.0438 3560 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/12 08:13:30.0547 3560 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/12 08:13:30.0750 3560 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/04/12 08:13:30.0953 3560 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/04/12 08:13:31.0141 3560 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/04/12 08:13:31.0422 3560 mmc_2K (9b90303a9c9405a6ce1466ff4aa20fdd) C:\WINDOWS\system32\drivers\mmc_2K.sys
2011/04/12 08:13:31.0531 3560 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/12 08:13:31.0687 3560 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/12 08:13:31.0781 3560 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/12 08:13:31.0859 3560 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/12 08:13:31.0968 3560 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/12 08:13:32.0108 3560 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/12 08:13:32.0171 3560 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/12 08:13:32.0265 3560 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/12 08:13:32.0358 3560 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/12 08:13:32.0452 3560 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/12 08:13:32.0546 3560 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/12 08:13:32.0624 3560 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/12 08:13:32.0717 3560 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/12 08:13:32.0905 3560 NAVENG (c34e2a884ccca8b5567d0c2752527073) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110407.002\naveng.sys
2011/04/12 08:13:33.0014 3560 NAVEX15 (b3916eeec738dd4178f4fd6a44a32e36) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110407.002\navex15.sys
2011/04/12 08:13:33.0342 3560 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/12 08:13:33.0966 3560 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/12 08:13:34.0122 3560 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/12 08:13:34.0216 3560 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/12 08:13:34.0310 3560 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/12 08:13:34.0419 3560 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/12 08:13:34.0481 3560 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/12 08:13:34.0684 3560 NETw4x32 (88100ebdd10309fbd445ef8e42452eae) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2011/04/12 08:13:34.0981 3560 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/12 08:13:35.0231 3560 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/12 08:13:35.0496 3560 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/12 08:13:35.0777 3560 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/12 08:13:35.0949 3560 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/12 08:13:36.0059 3560 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/12 08:13:36.0246 3560 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/12 08:13:36.0355 3560 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/12 08:13:36.0543 3560 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/12 08:13:36.0621 3560 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/12 08:13:36.0683 3560 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/12 08:13:36.0824 3560 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/12 08:13:36.0886 3560 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/04/12 08:13:37.0261 3560 pneteth (f31dfc4872de0fcf8687e6b308f4abb1) C:\WINDOWS\system32\DRIVERS\pneteth.sys
2011/04/12 08:13:37.0402 3560 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/12 08:13:37.0449 3560 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/12 08:13:37.0511 3560 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/12 08:13:37.0667 3560 pwd_2k (d8b90616a8bd53de281dbdb664c0984a) C:\WINDOWS\system32\drivers\pwd_2k.sys
2011/04/12 08:13:38.0402 3560 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/12 08:13:38.0480 3560 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/12 08:13:38.0730 3560 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/12 08:13:38.0855 3560 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/12 08:13:39.0058 3560 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/12 08:13:39.0136 3560 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/12 08:13:39.0339 3560 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/12 08:13:39.0557 3560 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/12 08:13:39.0682 3560 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/12 08:13:39.0870 3560 SAVRT (cdb565c093b0105086cc630b32f9e6e6) C:\Program Files\Symantec AntiVirus\savrt.sys
2011/04/12 08:13:39.0948 3560 SAVRTPEL (1042cb5a003f9aed8d6cec56a0fc6c49) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
2011/04/12 08:13:40.0167 3560 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/12 08:13:40.0417 3560 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/12 08:13:40.0573 3560 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/12 08:13:40.0698 3560 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/04/12 08:13:41.0104 3560 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/04/12 08:13:41.0307 3560 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/12 08:13:41.0432 3560 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/12 08:13:41.0729 3560 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/12 08:13:42.0182 3560 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2011/04/12 08:13:42.0556 3560 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/04/12 08:13:42.0697 3560 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/12 08:13:42.0838 3560 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/12 08:13:43.0197 3560 SymEvent (3c6790d26d03fe5163e2bec490e51a7e) C:\Program Files\Symantec\SYMEVENT.SYS
2011/04/12 08:13:43.0447 3560 SYMREDRV (5314e345dfc068504cfb2676d3b2ca39) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/04/12 08:13:43.0728 3560 SYMTDI (8cd0a1478256240249b8ee88e6f25e94) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/04/12 08:13:43.0993 3560 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/12 08:13:44.0103 3560 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/12 08:13:44.0228 3560 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/12 08:13:44.0306 3560 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/12 08:13:44.0384 3560 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/12 08:13:44.0571 3560 UdfReadr_xp (4e75005b74be901c30f2636df40b0c15) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2011/04/12 08:13:44.0743 3560 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/12 08:13:44.0977 3560 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/12 08:13:45.0305 3560 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/12 08:13:45.0493 3560 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/12 08:13:45.0602 3560 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/12 08:13:45.0758 3560 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/12 08:13:45.0930 3560 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/12 08:13:46.0055 3560 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/12 08:13:46.0211 3560 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/12 08:13:46.0368 3560 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/04/12 08:13:46.0664 3560 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/12 08:13:47.0367 3560 vnccom (b67632451f760797bb183e1fb99f4b39) C:\WINDOWS\system32\Drivers\vnccom.SYS
2011/04/12 08:13:47.0633 3560 vncdrv (4ec979b157d1aa075330362acb5424e5) C:\WINDOWS\system32\DRIVERS\vncdrv.sys
2011/04/12 08:13:48.0039 3560 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/12 08:13:48.0351 3560 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
2011/04/12 08:13:48.0789 3560 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/12 08:13:48.0914 3560 Wdf01000 (4769596d7cc0f5fa447d2babc239672a) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/04/12 08:13:49.0132 3560 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/12 08:13:49.0304 3560 winachsf (96aff1738271755a39b52eef7e35f98f) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/04/12 08:13:49.0726 3560 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2011/04/12 08:13:49.0929 3560 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/04/12 08:13:50.0069 3560 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/12 08:13:50.0163 3560 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/12 08:13:50.0757 3560 ================================================================================
2011/04/12 08:13:50.0757 3560 Scan finished
2011/04/12 08:13:50.0757 3560 ================================================================================
2011/04/12 08:14:17.0794 0204 Deinitialize success

So I just went to google and did some searches....and no issues! Thanks so much for your help. I'll keep monitoring but hopefully the issue is all gone. Thanks again.

Hi

Please do the following:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  
• Scroll down to where it says Java Runtime Environment (JRE) 6 Update 24 The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
  
• Click the Download button to the right.
  
• Select the Windows platform from the dropdown menu.
  
• Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement
  
• Click Continue The page will refresh.
  
• Click on the link to download Windows Offline Installation and Save the file to your Desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start(or My Computer) > Control Panel and double-click on Add or Remove Programs and remove all older versions of Java.
  
• Click (highlight) any item with Java Runtime Environment (JRE, J2SE, Java™ SE or Java™ 6) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java version.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version.
  
• After the install is complete, go back to your Control Panel(using Classic View) and click the Java icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
    
  • Next, click on the Delete Files button.
    
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      
    • Trace and Log Files
    
    
  • Click OK on Delete Temporary Files Window. Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
    
  • Click OK to leave the Temporary Files Window.
    
  • Click OK to leave the Java Control Panel.
    
  • Delete jre-6u24-windows-i586-p.exe from your desktop.

NEXT
Please post a fresh DDS Log and advise how the computer is running now and if there are any outstanding issues

Java install went fine. DDS Log below. Also attached the other file in case it is needed. No more Google redirects, everything else is running well. Thanks so much for all your help. It is really appreciated.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by BMiller at 10:59:43.19 on Tue 04/12/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.277 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Altiris\Aclient\AClient.exe
C:\Program Files\Altiris\Altiris Agent\aexnsagent.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\hasplms.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\lotus\notes\nsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Altiris\Aclient\AClntUsr.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\BMiller.INT\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://secure.constructware.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Pistolstar Web SSO: {f01a34b2-0067-431c-a5e1-eff58d85c9be} - c:\program files\pistolstar\password power client\IE_SSO_Toolbar.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Pistolstar Web SSO: {f01a34b2-0067-431c-a5e1-eff58d85c9be} - c:\program files\pistolstar\password power client\IE_SSO_Toolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [AClntUsr] c:\program files\altiris\aclient\AClntUsr.EXE
mRun: [Client Access Service] "c:\program files\ibm\client access\cwbsvstr.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
mRun: [AeXAgentLogon] c:\program files\altiris\altiris agent\AeXAgentActivate.exe /logon
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Pistolstar_SSO] "c:\program files\pistolstar\password power client\APOSSO.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{871df2be-41d2-4334-ac33-839af16fc8fe}\Icon3E5562ED7.ico
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-explorer: NoMSAppLogo5ChannelNotify = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01892B12-4ABE-47E8-B7C1-4692F0B74024} - hxxps://drawing.constructware.com/IGC/BravaClientX.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633
DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} - hxxp://intranet.clarkus.com/qp2.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} - hxxps://secure.constructware.com/FileTransfer/SoftwareArtisans/saxfile.cab
DPF: {36F17E17-AC00-42BC-A6D9-294AD4E7DCD6} - hxxp://ccgbthaltns.int.clarkus.com/Altiris/NS/NSCap/Bin/Win32/x86/AeXClientBootstrap.cab
DPF: {5BDBA960-6534-11D3-97C7-00500422B550} - hxxps://clarkmail.clarkus.com/download/dolcontrol.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201882458203
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://clarkmail.clarkus.com/dwa8W.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D79BD4AB-C8E1-48C7-9A86-DF163C340383} - hxxp://ccgbthdom2.clarkus.com/sametime/stmeetingroomclient/STJNILoader.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://clarkmail.clarkus.com/dwa7W.cab
DPF: {F8C41CBF-721F-4B99-9FC8-2F8077C4AD39} - hxxps://drawing.constructware.com/IGC/BravaClientX.cab
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: PCANotify - PCANotify.dll
AppInit_DLLs: c:\windows\system32\AMInit32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-4-7 64512]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2007-3-30 17848]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]
R2 awhost32;Symantec pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2009-2-9 136568]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-24 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-24 169632]
R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-1 1753048]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\lotus\notes\nsd.exe -svcinvoke -ini "c:\lotus\notes\notes.ini" --> c:\lotus\notes\nsd.exe -svcinvoke -ini c:\lotus\notes\notes.ini [?]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-6-15 115952]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2007-11-6 6016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-11-12 102448]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-4-1 15232]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110411.003\naveng.sys [2011-4-12 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110411.003\navex15.sys [2011-4-12 1393144]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-29 136176]
S3 AltirisAgentProvider;AltirisAgentProvider;c:\program files\altiris\altiris agent\agents\wmiprovideragent\AltirisAgentProvider.exe [2009-8-25 614400]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\androidusb.sys --> c:\windows\system32\drivers\ANDROIDUSB.sys [?]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2010-8-18 13184]
S3 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-6-15 1805552]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S4 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2007-3-30 18232]
.
=============== Created Last 30 ================
.
2011-04-12 14:54:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-11 19:13:30 -------- d-----w- c:\program files\ESET
2011-04-11 12:15:58 -------- d-sha-r- C:\cmdcons
2011-04-11 12:11:54 89088 ----a-w- c:\windows\MBR.exe
2011-04-11 12:11:53 98816 ----a-w- c:\windows\sed.exe
2011-04-11 12:11:53 256512 ----a-w- c:\windows\PEV.exe
2011-04-11 12:11:53 161792 ----a-w- c:\windows\SWREG.exe
2011-04-07 16:51:13 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-07 15:57:08 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-04-07 15:56:55 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-07 15:46:25 -------- d-----w- c:\docume~1\bmiller.int\locals~1\applic~1\Sunbelt Software
2011-04-07 15:44:32 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{6A395471-4AA3-4072-AE1B-9B69A97AD164}
2011-04-07 15:43:49 -------- d-----w- c:\program files\Lavasoft
2011-04-06 18:40:46 -------- d-----w- c:\documents and settings\bmiller.int\SametimeTranscripts
2011-04-05 11:33:35 -------- d-sh--w- c:\documents and settings\bmiller.int\IECompatCache
2011-03-31 11:20:23 0 ----a-w- c:\windows\Ayehoxebux.bin
2011-03-30 17:30:35 -------- d-----w- c:\docume~1\bmiller.int\locals~1\applic~1\Apple Computer
2011-03-30 13:14:20 -------- d-----w- c:\docume~1\bmiller.int\applic~1\Malwarebytes
2011-03-29 15:21:23 108032 --sha-r- c:\windows\system32\msdatsrcb.dll
2011-03-22 14:55:04 -------- d-----w- c:\docume~1\bmiller.int\locals~1\applic~1\Autodesk
2011-03-17 19:04:21 -------- d-----w- c:\windows\system32\CCM
2011-03-17 19:04:21 -------- d-----w- c:\windows\ms
2011-03-17 19:03:27 -------- d-----w- c:\program files\Windows Imaging
2011-03-17 19:03:11 -------- dc-h--w- c:\windows\$UninstallRDC$
2011-03-17 19:00:16 -------- d-----w- c:\windows\system32\ccmsetup
2011-03-17 11:28:46 -------- d-sh--w- c:\documents and settings\bmiller.int\PrivacIE
2011-03-17 11:26:43 -------- d-----w- c:\docume~1\bmiller.int\locals~1\applic~1\Adobe
2011-03-17 11:26:24 -------- d-----w- c:\docume~1\bmiller.int\locals~1\applic~1\Symantec
2011-03-17 11:25:04 45056 ----a-r- c:\docume~1\bmiller.int\applic~1\microsoft\installer\{42929f0f-ce14-47af-9fc7-ff297a603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
.
==================== Find3M ====================
.
2011-04-12 14:53:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
============= FINISH: 11:00:59.32 ===============

Hi

Just some housekeeping to do now,

Please do the following:

You can delete the DDS and GMER logs and programs from your desktop.


NEXT

Follow these steps to uninstall Combofix

• Make sure your security programs are totally disabled.
  
• Click START then RUN
  
• Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

• It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
  Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe.
  
  
  
• Keep Windows updated by regularly checking their website at :
  http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
  
  
  
• Make Internet Explorer more secure
  
  • Click Start > Run
    
  • Type Inetcpl.cpl & click OK
    
  • Click on the Security tab
    
  • Click Reset all zones to default level
    
  • Make sure the Internet Zone is selected & Click Custom level
    
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  
  
  
  
• Download TFC to your desktop
  
  • Close any open windows.
    
  • Double click the TFC icon to run the program
    
  • TFC will close all open programs itself in order to run,
    
  • Click the Start button to begin the process.
    
  • Allow TFC to run uninterrupted.
    
  • The program should not take long to finish it's job
    
  • Once its finished it should automatically reboot your machine,
    
  • if it doesn't, manually reboot to ensure a complete clean
  
  It's normal after running TFC cleaner that the PC will be slower to boot the first time.
  
  
  
• WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
    
  • Yellow for caution
    
  • Red to stop
  WOT has an addon available for both Firefox and IE
  
  
  
• Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  
  
  
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  
  
  
• In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
  PC Safety and Security--What Do I Need?.

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Thanks for all your help. I followed all the latest instructions and my computer is running better than ever.

you are welcome

stay safe

~CB