Google searches being redirected to other sites. Malwarebytes not effective.

Hi Tootall99,

I'd like you to follow these steps carefully. After running these tools could you please tell me if your browser redirections have stopped.

Step 1
TDSSKiller

Please read carefully and follow these steps.

• • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

     

    

     

  • If an infected file is detected, the default action will be Cure, click on Continue.

     

    

     

  • If a suspicious file is detected, the default action will be Skip, click on Continue.

     

    

     

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

     

    

     

• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 2
OTL

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

   

   

• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  
• Please copy (Edit->Select All, Edit->Copy)
• the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

•  

  In your next reply:

OTL.txt

Extras.txt
TDSSKiller.txt

Have the redirects stopped.

Hello tootall99 and welcome to the Forums,

My name is George and I will be assisting you with your problem. Please be patient while I determine my first set of instructions.

Please follow all my instructions carefully in the order that I give them.

Please give a VERY clear description of the problem you are having. The more detailed, the quicker we will be able to work through the problem together.

Do not install any updates until I tell you to do so. Updating an infected computer can have disastrous effects.

Do not attempt any other fixes than what I give you here. Using other tools might interfere with the cleaning process. It may also damage your computer.

Either print or save to Notepad all the instructions that I give you. If there is anything you are unsure of or any instructions you feel lack clarity, please do not hesitate to ask.

Some of the logs I may ask for are very long and complex. As is analysing these logs. My responses to you may take longer than you would expect. I assure you that I will work through your problem and a solution as quick as I can

I am currently an advanced trainee in Malware removal at SpywareHammer Academy. My posts have to be approved by a Mentor before posting, so my responses may take longer than expected; all I ask is that you please be patient.

Please wait while I analyse your log and devise my first set of instructions.

Thanks

G

Here is the OTL logfile

OTL logfile created on: 21/06/2011 7:03:59 PM - Run 1

OTL by OldTimer - Version 3.2.24.1     Folder = C:\Documents and Settings\Tom Cuthbertson\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 49.67% Memory free

4.83 Gb Paging File | 3.37 Gb Available in Paging File | 69.75% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 288.25 Gb Total Space | 252.06 Gb Free Space | 87.44% Space Free | Partition Type: NTFS

Computer Name: TOM | User Name: Tom Cuthbertson | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Tom Cuthbertson\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Documents and Settings\Tom Cuthbertson\Desktop\tdsskiller\TDSSKiller.exe (Kaspersky Lab ZAO)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)

PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)

PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)

PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)

PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

PRC - C:\WINDOWS\system32\drivers\o2flash.exe (O2Micro International)

PRC - C:\WINDOWS\OEM13Mon.exe (Creative Technology Ltd.)

PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe (Logitech Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Tom Cuthbertson\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll (Microsoft Corporation)

MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\SetPoint\lgscroll.dll (Logitech Inc.)

========== Win32 Services (SafeList) ==========

SRV - (McAfee SiteAdvisor Enterprise Service) --  File not found

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)

SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()

SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)

SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)

SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)

SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McOobeSv) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

SRV - (O2FLASH) -- C:\WINDOWS\system32\drivers\o2flash.exe (O2Micro International)

SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)

DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)

DRV - (MfeAVFK) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)

DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)

DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)

DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)

DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)

DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)

DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)

DRV - (MfeBOPK) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)

DRV - (MOBKFilter) -- C:\WINDOWS\system32\drivers\MOBK.sys (Mozy, Inc.)

DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)

DRV - (MfeRKDK) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)

DRV - (O2SDRDR) -- C:\WINDOWS\system32\drivers\o2sd.sys (O2Micro )

DRV - (O2MDRDR) -- C:\WINDOWS\system32\drivers\o2media.sys (O2Micro )

DRV - (OEM13Vid) -- C:\WINDOWS\system32\drivers\OEM13Vid.sys (Creative Technology Ltd.)

DRV - (OEM13Vfx) -- C:\WINDOWS\system32\drivers\OEM13Vfx.sys (EyePower Games Pte. Ltd.)

DRV - (OEM13Afx) -- C:\WINDOWS\system32\drivers\OEM13Afx.sys (Creative Technology Ltd.)

DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)

DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)

DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)

DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)

DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)

DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)

DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)

DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)

DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )

DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/.../en_ca

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.ca/.../side.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/.../en_ca

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.ca/.../side.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/25 07:33:05 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2008/04/14 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110512072847.dll (McAfee, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O2 - BHO: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )

O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )

O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)

O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} dlm.tools.akamai.com/.../dlm-activex-2.2.4.1.cab (DLM Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/.../jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} fpdownload.macromedia.com/.../ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} tools.ebayimg.com/.../eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} java.sun.com/.../jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} java.sun.com/.../jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/.../jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} platformdl.adobe.com/.../gp.cab (get_atlcom Class)

O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} www.arkansashighways.com/.../acgm.cab (ActiveCGM Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)

O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)

O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Tom Cuthbertson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tom Cuthbertson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/04/25 15:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/21 19:02:34 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tom Cuthbertson\Desktop\OTL.exe

[2011/06/21 18:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Cuthbertson\Desktop\tdsskiller

[2011/06/20 23:30:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Cuthbertson\Start Menu\Programs\HiJackThis

[2011/06/20 23:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2011/06/20 07:07:19 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2011/06/20 00:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee

[2011/06/16 03:03:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel

[2011/06/15 13:58:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth

[2011/06/13 21:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Cuthbertson\Local Settings\Application Data\AskToolbar

[2011/06/12 19:12:07 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com

[2011/06/12 19:12:06 | 000,000,000 | ---D | C] -- C:\Firefox

[2011/06/12 19:12:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Cuthbertson\Application Data\Sammsoft

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/21 19:03:30 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom Cuthbertson\Desktop\OTL.exe

[2011/06/21 19:01:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2011/06/21 18:59:23 | 001,309,375 | ---- | M] () -- C:\Documents and Settings\Tom Cuthbertson\Desktop\tdsskiller.zip

[2011/06/21 18:56:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/06/21 18:50:21 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2011/06/20 23:30:57 | 000,002,467 | ---- | M] () -- C:\Documents and Settings\Tom Cuthbertson\Desktop\HiJackThis.lnk

[2011/06/20 23:30:01 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Tom Cuthbertson\Desktop\HijackThis.msi

[2011/06/20 07:07:19 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2011/06/20 00:29:12 | 000,468,098 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/06/20 00:29:12 | 000,080,956 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/06/20 00:25:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/06/20 00:25:17 | 000,001,597 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk

[2011/06/20 00:25:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/06/20 00:25:03 | 000,000,324 | -HS- | M] () -- C:\WINDOWS\tasks\hqgt.job

[2011/06/20 00:25:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/06/20 00:24:59 | 3211,186,176 | -HS- | M] () -- C:\hiberfil.sys

[2011/06/17 14:52:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/06/16 03:05:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/06/15 13:58:25 | 000,001,917 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

[2011/06/14 22:56:44 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2011/06/04 23:24:24 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/30 16:19:48 | 005,964,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/21 18:58:53 | 001,309,375 | ---- | C] () -- C:\Documents and Settings\Tom Cuthbertson\Desktop\tdsskiller.zip

[2011/06/20 23:30:24 | 000,002,467 | ---- | C] () -- C:\Documents and Settings\Tom Cuthbertson\Desktop\HiJackThis.lnk

[2011/06/20 23:29:56 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Tom Cuthbertson\Desktop\HijackThis.msi

[2011/06/15 13:58:25 | 000,001,917 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

[2011/06/12 19:12:22 | 000,000,254 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2011/04/24 14:17:11 | 000,134,656 | RHS- | C] () -- C:\WINDOWS\System32\apphelpy.dll

[2010/08/05 19:13:40 | 000,027,768 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/07/24 15:29:16 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll

[2009/02/20 00:21:37 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Tom Cuthbertson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/11/13 05:06:57 | 001,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll

[2008/11/13 05:06:57 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll

[2008/11/13 05:06:57 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll

[2008/11/13 05:06:54 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe

[2008/11/13 05:06:49 | 000,030,722 | ---- | C] () -- C:\WINDOWS\System32\asindis.dll

[2008/11/13 05:06:49 | 000,028,674 | ---- | C] () -- C:\WINDOWS\System32\elcp32i.dll

[2008/11/13 05:06:49 | 000,026,626 | ---- | C] () -- C:\WINDOWS\System32\iclldit.dll

[2008/11/13 05:05:53 | 000,001,195 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2008/11/13 03:30:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI

[2008/11/13 03:30:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008/11/13 03:20:46 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll

[2008/11/13 03:20:45 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll

[2008/11/13 03:20:45 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE

[2008/11/13 03:20:03 | 000,000,074 | RHS- | C] () -- C:\WINDOWS\CT4CET.bin

[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2008/04/25 15:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2008/04/25 15:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/04/25 15:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2008/04/25 10:16:35 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll

[2008/04/25 10:16:35 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll

[2008/04/25 10:16:35 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll

[2008/04/25 10:16:35 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll

[2008/04/25 10:16:35 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

[2008/04/25 10:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008/04/25 10:16:22 | 000,468,098 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2008/04/25 10:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008/04/25 10:16:22 | 000,080,956 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2008/04/25 10:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008/04/25 10:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2008/04/25 10:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2008/04/25 10:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2008/04/25 10:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008/04/25 10:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2008/04/25 10:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008/04/25 10:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/04/25 03:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008/04/25 03:21:52 | 000,152,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2007/12/21 16:46:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll

[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2005/07/22 21:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >

Here is the OTL extras logfile

The TDSSkiller scan was completed and no infections were found

OTL Extras logfile created on: 21/06/2011 7:03:59 PM - Run 1

OTL by OldTimer - Version 3.2.24.1     Folder = C:\Documents and Settings\Tom Cuthbertson\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 49.67% Memory free

4.83 Gb Paging File | 3.37 Gb Available in Paging File | 69.75% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 288.25 Gb Total Space | 252.06 Gb Free Space | 87.44% Space Free | Partition Type: NTFS

Computer Name: TOM | User Name: Tom Cuthbertson | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ ]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ \shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20

"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup

"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector

"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{8215AC14-BFC2-4ECC-96D6-1030202F8BDF}" = Visual C++ 8.0 x86 Runtime Setup Package

"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_BASICR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}" = KhalSetup

"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007

"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AA0D2D5F-612B-45D3-8759-DA87206E5CC9}" = QuickTax 2008

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support

"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup

"{D6BCB0B1-9AC8-407B-B679-F925A01F2B2C}" = Bonjour Print Services

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center

"{ECB9C58E-C565-4683-9599-B72290BD3B25}" = QuickTax 2009

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F44F0A3A-2110-4705-B5EC-D5B6371F53C1}" = Visual C++ 8.0 x86 Runtime Setup Package

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"Advanced Video FX Engine" = Advanced Video FX Engine

"BASICR" = Microsoft Office Basic 2007

"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility

"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Creative OEM013" = Laptop Integrated Webcam Driver (1.01.01.0529)  

"Dell Webcam Center" = Dell Webcam Center

"Dell Webcam Manager" = Dell Webcam Manager

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"Google Chrome" = Google Chrome

"Google Desktop" = Google Desktop

"Google Updater" = Google Updater

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"ie8" = Windows Internet Explorer 8

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MSC" = McAfee Total Protection

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"SearchAssist" = SearchAssist

"Spell Checker For OE 2.1" = Spell Checker For OE 2.1

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 19/06/2011 11:08:50 AM | Computer Name = TOM | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 11935938

Error - 19/06/2011 11:08:50 AM | Computer Name = TOM | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 11935938

Error - 19/06/2011 11:09:05 AM | Computer Name = TOM | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 19/06/2011 11:09:05 AM | Computer Name = TOM | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 11951563

Error - 19/06/2011 11:09:05 AM | Computer Name = TOM | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 11951563

Error - 19/06/2011 11:09:21 AM | Computer Name = TOM | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 19/06/2011 11:09:21 AM | Computer Name = TOM | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 11967188

Error - 19/06/2011 11:09:21 AM | Computer Name = TOM | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 11967188

Error - 19/06/2011 11:09:36 AM | Computer Name = TOM | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 19/06/2011 11:09:36 AM | Computer Name = TOM | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 11982813

[ System Events ]

Error - 22/05/2011 10:04:31 PM | Computer Name = TOM | Source = NetBT | ID = 4321

Description = The name "WORKGROUP      :1d" could not be registered on the Interface

with IP address 10.0.1.4.  The machine with the IP address 10.0.1.3 did not allow

the name to be claimed by  this machine.

Error - 24/05/2011 1:49:49 AM | Computer Name = TOM | Source = MRxSmb | ID = 8003

Description = The master browser has received a server announcement from the computer

MAC0023329643A4  that believes that it is the master browser for the domain on transport

NetBT_Tcpip_{5F5575A4-537.  The master browser is stopping or an election is being

forced.

Error - 08/06/2011 5:12:11 PM | Computer Name = TOM | Source = MRxSmb | ID = 8003

Description = The master browser has received a server announcement from the computer

MAC0023329643A4  that believes that it is the master browser for the domain on transport

NetBT_Tcpip_{5F5575A4-537.  The master browser is stopping or an election is being

forced.

Error - 10/06/2011 4:03:28 PM | Computer Name = TOM | Source = Service Control Manager | ID = 7000

Description = The McAfee SiteAdvisor Enterprise Service service failed to start

due to the following error:   %%2

Error - 10/06/2011 4:05:36 PM | Computer Name = TOM | Source = DCOM | ID = 10010

Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register

with DCOM within the required timeout.

Error - 16/06/2011 5:24:30 AM | Computer Name = TOM | Source = Service Control Manager | ID = 7000

Description = The McAfee SiteAdvisor Enterprise Service service failed to start

due to the following error:   %%2

Error - 19/06/2011 1:07:15 PM | Computer Name = TOM | Source = Service Control Manager | ID = 7000

Description = The McAfee SiteAdvisor Enterprise Service service failed to start

due to the following error:   %%2

Error - 19/06/2011 1:09:33 PM | Computer Name = TOM | Source = DCOM | ID = 10010

Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register

with DCOM within the required timeout.

Error - 20/06/2011 2:25:30 AM | Computer Name = TOM | Source = Service Control Manager | ID = 7000

Description = The McAfee SiteAdvisor Enterprise Service service failed to start

due to the following error:   %%2

Error - 20/06/2011 11:58:44 AM | Computer Name = TOM | Source = ACPIEC | ID = 327681

Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond

within the timeout period.  This may indicate an error in the EC hardware or firmware,

or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.  

The EC driver will retry the failed transaction if possible.

< End of report >

Hi Tootall99,

Can you tell me whether or not you are still experiencing the browser redirects? It's very important that you answer the questions that I ask. It will help the process greatly.

Could you please follow the instructions below.

Step 1
MBAM Logs 

I know that you said MBAM was ineffective, however, looking through the previous logs may give me an idea of what's going on with your machine. Within the MBAM interface can you please click the Logs tab and copy and paste your three most recent MBAM logs.

Step 2
ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

* Double click on combofix.exe & follow the prompts.

When finished, it will produce a logfile located at C:\ComboFix.txt.
*Post the contents of that log in your next reply with a new DDS log.

Note: ComboFix will open a window which will detail its progress. It may take several minutes to complete. Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

*Note: Combofix is an extremely powerful tool and should not be used unsupervised. If used inappropriately it can cause irreparable damage to your computer.*

Have the redirects stopped?                                                                                                                                                                                                          the previous MBAM logs

Combofix.txt

Are you still with us?  Let me know if you are having any difficulty with my last set of instructions.

George

Here is the second most recent MBAM log

04:17:05 Tom Cuthbertson MESSAGE IP Protection stopped

04:17:05 Tom Cuthbertson MESSAGE Scheduled update executed successfully

04:17:09 Tom Cuthbertson MESSAGE Database updated successfully

04:17:11 Tom Cuthbertson MESSAGE IP Protection started successfully

08:41:36 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

08:41:39 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

08:41:45 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

08:41:58 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

08:42:01 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

08:42:07 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

08:42:19 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

08:42:22 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

08:42:28 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

08:42:40 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

08:42:43 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

08:42:49 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

08:48:16 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

08:48:19 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

08:48:25 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

08:48:37 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

08:48:40 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

08:48:46 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

08:48:58 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

08:49:01 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

08:49:07 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

08:49:19 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

08:49:22 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

08:49:28 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

08:53:39 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

08:53:42 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

08:53:48 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

08:54:00 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

08:54:03 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

08:54:09 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

08:54:21 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

08:54:24 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

08:54:30 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

08:54:42 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

08:54:45 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

08:54:51 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

08:59:47 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

08:59:50 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

08:59:56 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

09:00:08 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

09:00:11 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

09:00:17 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

09:00:29 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

09:00:32 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

09:00:38 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

09:00:50 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

09:00:53 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

09:00:59 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

09:07:21 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

09:07:24 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

09:07:30 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

09:08:03 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

09:08:06 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

09:08:12 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

09:08:24 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

09:08:27 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

09:08:33 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

09:08:45 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

09:08:48 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

09:08:54 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

Here is the third most recent MBAM log

00:26:21 Tom Cuthbertson MESSAGE Protection started successfully

00:26:26 Tom Cuthbertson MESSAGE IP Protection started successfully

04:17:10 Tom Cuthbertson MESSAGE IP Protection stopped

04:17:10 Tom Cuthbertson MESSAGE Scheduled update executed successfully

04:17:13 Tom Cuthbertson MESSAGE Database updated successfully

04:17:14 Tom Cuthbertson MESSAGE IP Protection started successfully

18:04:01 Tom Cuthbertson IP-BLOCK 94.102.60.6 (Type: outgoing)

18:04:04 Tom Cuthbertson IP-BLOCK 94.102.60.6 (Type: outgoing)

18:04:29 Tom Cuthbertson IP-BLOCK 94.102.60.6 (Type: outgoing)

18:04:32 Tom Cuthbertson IP-BLOCK 94.102.60.6 (Type: outgoing)

18:04:38 Tom Cuthbertson IP-BLOCK 94.102.60.6 (Type: outgoing)

22:47:33 Tom Cuthbertson IP-BLOCK 94.102.60.6 (Type: outgoing)

22:47:36 Tom Cuthbertson IP-BLOCK 94.102.60.6 (Type: outgoing)

22:47:42 Tom Cuthbertson IP-BLOCK 94.102.60.6 (Type: outgoing)

22:52:52 Tom Cuthbertson IP-BLOCK 94.102.60.6 (Type: outgoing)

22:52:55 Tom Cuthbertson IP-BLOCK 94.102.60.6 (Type: outgoing)

22:53:01 Tom Cuthbertson IP-BLOCK 94.102.60.6 (Type: outgoing)

22:56:15 Tom Cuthbertson IP-BLOCK 94.102.60.6 (Type: outgoing)

22:56:18 Tom Cuthbertson IP-BLOCK 94.102.60.6 (Type: outgoing)

22:56:24 Tom Cuthbertson IP-BLOCK 94.102.60.6 (Type: outgoing)

22:56:28 Tom Cuthbertson MESSAGE Added 94.102.60.6 to ignore list

22:56:28 Tom Cuthbertson MESSAGE IP Protection stopped

22:56:29 Tom Cuthbertson MESSAGE IP Protection started successfully

Yes redirects are still occurring.

When I said that Malwarebytes was ineffective, in fact it is blocking the redirects, but that doesn't help me get to my intended search target. When I click on a Google search item, Malwarebytes pops up and says it has successfully blocked access to a malicious website. If I want to get to the actual website I wanted to see, I have to copy and paste the URL

Here is most recent MBAM log

04:17:05 Tom Cuthbertson MESSAGE Scheduled update executed successfully

04:17:05 Tom Cuthbertson MESSAGE IP Protection stopped

04:17:10 Tom Cuthbertson MESSAGE Database updated successfully

04:17:12 Tom Cuthbertson MESSAGE IP Protection started successfully

14:41:04 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

14:41:07 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

14:41:13 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

14:41:25 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

14:41:28 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

14:41:34 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

14:41:47 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

14:41:50 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

14:41:56 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

14:42:08 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

14:42:11 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

14:42:17 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

14:47:02 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

14:47:05 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

14:47:11 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

14:47:44 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

14:47:47 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

14:47:53 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

14:48:05 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

14:48:08 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

14:48:14 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

14:48:26 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

14:48:29 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

14:48:35 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

14:54:27 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

14:54:30 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

14:54:36 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

14:54:51 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

14:54:54 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

14:55:00 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

14:55:12 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

14:55:15 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

14:55:21 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

14:55:33 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

14:55:36 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

14:55:42 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:01:03 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:01:06 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:01:12 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:01:27 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:01:30 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:01:36 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:01:48 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:01:51 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:01:57 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:02:09 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:02:12 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:02:18 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:07:22 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:07:25 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:07:31 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:07:43 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:07:46 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:07:52 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:08:04 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:08:07 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:08:13 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:08:25 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:08:28 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:08:34 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:14:48 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:14:51 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:14:57 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:15:09 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:15:12 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:15:18 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:15:30 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:15:33 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:15:39 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:15:51 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:15:54 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:16:00 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:20:13 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:20:16 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:20:22 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:20:35 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:20:37 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:20:43 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:20:55 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:20:58 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:21:04 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:21:16 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:21:19 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:21:25 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:25:51 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:25:54 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:26:00 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:26:12 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:26:15 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:26:21 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:26:33 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:26:36 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:26:42 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:26:54 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:26:57 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:27:04 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:33:29 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:33:32 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:33:38 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:33:53 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:33:56 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:34:02 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:34:14 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:34:17 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:34:23 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:34:35 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:34:38 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:34:44 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

15:40:15 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:40:18 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:40:24 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:40:37 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:40:40 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:40:46 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:40:58 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:41:01 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:41:07 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:41:19 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:41:22 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:41:28 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:59:09 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:59:12 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:59:18 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:59:33 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:59:36 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:59:42 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:59:54 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

15:59:57 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:00:03 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:00:15 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:00:18 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:00:24 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:17:38 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:17:41 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:17:47 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:18:20 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:18:23 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:18:29 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:18:41 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:18:44 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:18:50 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:19:02 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:19:05 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:19:11 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:35:04 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:35:07 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:35:13 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:35:28 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:35:31 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:35:37 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:35:49 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:35:52 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:35:58 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:36:10 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:36:13 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:36:19 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:53:53 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:53:56 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:54:02 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:54:23 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:54:26 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:54:32 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:54:44 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:54:47 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:54:53 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:55:05 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:55:08 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

16:55:14 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

17:07:02 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

17:07:05 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

17:07:11 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

17:07:44 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

17:07:47 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

17:07:53 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

17:08:05 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

17:08:08 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

17:08:14 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

17:08:26 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

17:08:29 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

17:08:35 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

17:26:42 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

17:26:45 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

17:26:51 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

17:27:12 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

17:27:15 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

17:27:21 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

17:27:33 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

17:27:36 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

17:27:42 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

17:27:54 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

17:27:57 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

17:28:03 Tom Cuthbertson IP-BLOCK 94.75.207.74 (Type: outgoing)

17:47:34 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

17:47:37 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

17:47:43 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

17:47:55 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

17:47:58 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

17:48:04 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

17:48:16 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

17:48:19 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

17:48:25 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

17:48:37 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

17:48:40 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

17:48:46 Tom Cuthbertson IP-BLOCK 94.75.207.75 (Type: outgoing)

23:13:02 Tom Cuthbertson IP-BLOCK 208.73.210.125 (Type: outgoing)

23:13:05 Tom Cuthbertson IP-BLOCK 208.73.210.125 (Type: outgoing)

23:13:11 Tom Cuthbertson IP-BLOCK 208.73.210.125 (Type: outgoing)

Here is the Combofix log.

ComboFix 11-06-23.03 - Tom Cuthbertson 24/06/2011   0:03.1.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.2.1033.18.3062.2055 [GMT -6:00]

Running from: c:\documents and settings\Tom Cuthbertson\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

(((((((((((((((((((((((((   Files Created from 2011-05-24 to 2011-06-24  )))))))))))))))))))))))))))))))

.

.

2011-06-21 05:30 . 2011-06-21 05:30 388096 ----a-r- c:\documents and settings\Tom Cuthbertson\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-21 05:30 . 2011-06-21 05:30 -------- d-----w- c:\program files\Trend Micro

2011-06-20 13:07 . 2011-06-20 13:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-16 09:03 . 2011-06-16 09:23 -------- d-----w- c:\windows\SxsCaPendDel

2011-06-14 03:31 . 2011-06-24 06:03 -------- d-----w- c:\documents and settings\Tom Cuthbertson\Local Settings\Application Data\AskToolbar

2011-06-13 01:12 . 2011-06-16 10:01 -------- d-----w- c:\program files\Ask.com

2011-06-13 01:12 . 2011-06-13 01:12 -------- d-----w- C:\Firefox

2011-06-13 01:12 . 2011-06-19 17:13 -------- d-----w- c:\documents and settings\Tom Cuthbertson\Application Data\Sammsoft

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 15:11 . 2011-05-20 03:14 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 15:11 . 2011-05-20 03:14 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-02 15:31 . 2008-04-25 21:27 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19 . 2008-04-25 16:16 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11 . 2008-04-25 16:16 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2008-04-25 16:16 43520 ------w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2008-04-25 16:16 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-14 20:01 . 2010-07-25 04:24 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-04-14 20:01 . 2010-07-25 04:24 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-04-14 20:01 . 2010-07-25 04:24 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-04-14 20:01 . 2010-07-25 04:24 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-04-14 20:01 . 2010-07-25 04:24 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-04-14 20:01 . 2010-07-25 04:24 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-04-14 20:01 . 2010-06-01 02:32 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-04-14 20:01 . 2010-02-16 06:29 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-04-14 20:01 . 2010-02-16 06:29 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-04-14 20:01 . 2010-02-16 06:29 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2011-05-17 19:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]

@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"

[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]

2010-04-14 02:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]

@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"

[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]

2010-04-14 02:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]

@="{b4caf489-1eec-c617-49ad-8d7088598c06}"

[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]

2010-04-14 02:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-13 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-02-21 159744]

"RTHDCPL"="RTHDCPL.EXE" [2008-02-21 16855552]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]

"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-07-16 36864]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-30 2220032]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]

"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-06 30192]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]

"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-12 101136]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-12 101136]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2008-12-7 679936]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

.

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [24/07/2010 10:24 PM 84200]

R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [24/07/2010 10:25 PM 54776]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16/09/2008 3:02 PM 163840]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19/05/2011 9:14 PM 366640]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [24/07/2010 10:24 PM 271480]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [24/07/2010 10:24 PM 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [24/07/2010 10:24 PM 271480]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [24/07/2010 10:24 PM 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [24/07/2010 10:24 PM 141792]

R2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [13/04/2010 8:11 PM 229688]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [24/07/2010 10:24 PM 56064]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19/05/2011 9:14 PM 22712]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [24/07/2010 10:24 PM 314088]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [24/07/2010 10:24 PM 88736]

R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [13/11/2008 5:06 AM 51288]

R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [13/11/2008 5:06 AM 43608]

R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [13/11/2008 5:06 AM 141376]

R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [13/11/2008 5:06 AM 7424]

R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [13/11/2008 5:06 AM 235840]

S2 gupdate1c98bec61cc55b6;Google Update Service (gupdate1c98bec61cc55b6);c:\program files\Google\Update\GoogleUpdate.exe [10/02/2009 7:59 PM 133104]

S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;"c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe" --> c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [?]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [13/11/2008 3:25 AM 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/02/2009 7:59 PM 133104]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 6:49 AM 227232]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [24/07/2010 10:24 PM 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [24/07/2010 10:24 PM 84488]

S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [25/04/2008 10:16 AM 14336]

S4 McOobeSv;McAfee OOBE Service;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [24/07/2010 10:24 PM 271480]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ   nosGetPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]

.

2011-06-24 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-13 01:58]

.

2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 01:59]

.

2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 01:59]

.

2011-06-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2011-05-17 19:29]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.ca/

uInternet Settings,ProxyOverride = *.local

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 10.0.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

AddRemove-Canon_IJ_Network_UTILITY - c:\program files\Canon\Canon IJ Network Tool\CNMNUU.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-24 00:12

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...  

.

scanning hidden autostart entries ...

.

scanning hidden files ...  

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1904)

c:\windows\System32\BCMLogon.dll

.

- - - - - - - > 'explorer.exe'(5040)

c:\windows\system32\WININET.dll

c:\progra~1\mcafee\SITEAD~2\saHook.dll

c:\program files\SetPoint\lgscroll.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\program files\McAfee Online Backup\MOBKshell.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\windows\system32\rundll32.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\DRIVERS\o2flash.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\rundll32.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\windows\System32\vssvc.exe

c:\program files\DellTPad\ApMsgFwd.exe

c:\program files\DellTPad\Apntex.exe

c:\program files\DellTPad\HidFind.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

c:\progra~1\mcafee.com\agent\mcupdate.exe

c:\program files\Common Files\Java\Java Update\jucheck.exe

.

**************************************************************************

.

Completion time: 2011-06-24  00:17:41 - machine was rebooted

ComboFix-quarantined-files.txt  2011-06-24 06:17

.

Pre-Run: 274,572,673,024 bytes free

Post-Run: 275,185,229,824 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 35FCE5E80CEC294BA9AD41F7C3CE4222

Hi Tootall99,

I'd like you to run another tool that will search for deeply hidden rootkits. So far I can't see any evidence of what is causing your browser redirects.

Are you connected through a router? Do you have other devices in your house connected through the same router? If so are those also having browser redirects. <<-----Very important

Step 1
GMER

• Click NO
• In the right panel, you will see several of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
• Save it to where you can easily find it, such as your desktop.
  Post the contents of GMER.txt in your next reply.

•  

The answer to my initial questions

GMER.txt

Hi there

The computer is connected through a router, but the other devices on the router are not experiencing the problem. However, they are Apple based instead of IBM based,if that means anything.

Interestingly enough, after I ran the Combofix last night, the redirect doesn't seem to be there any more. Combofix seemed to make a few changes to the internet configuration, as I had to tell the computer afterwards to set Explorer as my default browser again. Is it possible that Combofix would have made changes that fixed the problem?

I have to go out of town tonight, so I  wont be able to run the Rootkit tool for about 36 hours from now (1:PM MST)

Here is the GMER scan

GMER 1.0.15.15640 - http://www.gmer.net

Rootkit scan 2011-06-25 22:49:24

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD32 rev.11.0

Running: gmer.exe; Driver: C:\DOCUME~1\TOMCUT~1\LOCALS~1\Temp\fxtdipow.sys

---- System - GMER 1.0.15 ----

Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                                       ZwCreateKey [0xB9DE8210]

Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                                       ZwDeleteKey [0xB9DE8224]

Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                                       ZwDeleteValueKey [0xB9DE8250]

Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                                       ZwMapViewOfSection [0xB9DE82A6]

Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                                       ZwOpenKey [0xB9DE81FC]

Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                                       ZwOpenProcess [0xB9DE81D4]

Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                                       ZwOpenThread [0xB9DE81E8]

Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                                       ZwRenameKey [0xB9DE823A]

Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                                       ZwSetSecurityObject [0xB9DE827C]

Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                                       ZwSetValueKey [0xB9DE8266]

Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                                       ZwTerminateProcess [0xB9DE82D0]

Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                                       ZwUnmapViewOfSection [0xB9DE82BC]

Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                                       ZwYieldExecution [0xB9DE8290]

Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                                       NtMapViewOfSection

Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                                       NtOpenProcess

Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                                       NtOpenThread

Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                                       NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwYieldExecution                                                                                                       80504B08 7 Bytes  JMP B9DE8294 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE            ntkrnlpa.exe!NtMapViewOfSection                                                                                                     805B203A 7 Bytes  JMP B9DE82AA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE            ntkrnlpa.exe!ZwUnmapViewOfSection                                                                                                   805B2E48 5 Bytes  JMP B9DE82C0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE            ntkrnlpa.exe!NtSetSecurityObject                                                                                                    805C062E 5 Bytes  JMP B9DE8280 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE            ntkrnlpa.exe!NtOpenProcess                                                                                                          805CB440 5 Bytes  JMP B9DE81D8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE            ntkrnlpa.exe!NtOpenThread                                                                                                           805CB6CC 5 Bytes  JMP B9DE81EC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE            ntkrnlpa.exe!ZwTerminateProcess                                                                                                     805D29E2 5 Bytes  JMP B9DE82D4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE            ntkrnlpa.exe!ZwSetValueKey                                                                                                          80622662 7 Bytes  JMP B9DE826A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE            ntkrnlpa.exe!ZwRenameKey                                                                                                            80623B12 7 Bytes  JMP B9DE823E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE            ntkrnlpa.exe!ZwCreateKey                                                                                                            806240F0 5 Bytes  JMP B9DE8214 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE            ntkrnlpa.exe!ZwDeleteKey                                                                                                            8062458C 7 Bytes  JMP B9DE8228 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE            ntkrnlpa.exe!ZwDeleteValueKey                                                                                                       8062475C 7 Bytes  JMP B9DE8254 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE            ntkrnlpa.exe!ZwOpenKey                                                                                                              806254CE 5 Bytes  JMP B9DE8200 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

?               Combo-Fix.sys                                                                                                                       The system cannot find the file specified. !

init            C:\WINDOWS\system32\Drivers\OEM13Afx.sys                                                                                            entry point in "init" section [0xA3DE4310]

?               C:\ComboFix\catchme.sys                                                                                                             The system cannot find the path specified. !

?               C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                                          The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\svchost.exe[272] ntdll.dll!NtCreateFile                                                                         7C90D0AE 5 Bytes  JMP 00FD0FE5

.text           C:\WINDOWS\system32\svchost.exe[272] ntdll.dll!NtCreateProcess                                                                      7C90D14E 5 Bytes  JMP 00FD0000

.text           C:\WINDOWS\system32\svchost.exe[272] ntdll.dll!NtProtectVirtualMemory                                                               7C90D6EE 5 Bytes  JMP 00FD0FD4

.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!CreateFileA                                                                       7C801A28 5 Bytes  JMP 00FC0FEF

.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!VirtualProtectEx                                                                  7C801A61 5 Bytes  JMP 00FC007D

.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!VirtualProtect                                                                    7C801AD4 5 Bytes  JMP 00FC0F88

.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!LoadLibraryExW                                                                    7C801AF5 5 Bytes  JMP 00FC006C

.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!LoadLibraryExA                                                                    7C801D53 5 Bytes  JMP 00FC005B

.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!LoadLibraryA                                                                      7C801D7B 5 Bytes  JMP 00FC002F

.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!GetStartupInfoW                                                                   7C801E54 5 Bytes  JMP 00FC00AB

.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!GetStartupInfoA                                                                   7C801EF2 5 Bytes  JMP 00FC008E

.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!CreateProcessW                                                                    7C802336 5 Bytes  JMP 00FC0F3E

.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!CreateProcessA                                                                    7C80236B 5 Bytes  JMP 00FC00D7

.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!GetProcAddress                                                                    7C80AE40 5 Bytes  JMP 00FC0F23

.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!LoadLibraryW                                                                      7C80AEEB 5 Bytes  JMP 00FC0040

.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!CreateFileW                                                                       7C810800 5 Bytes  JMP 00FC000A

.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!CreatePipe                                                                        7C81D83F 5 Bytes  JMP 00FC0F63

.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!CreateNamedPipeW                                                                  7C82F0DD 5 Bytes  JMP 00FC0FB9

.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!CreateNamedPipeA                                                                  7C860CDC 5 Bytes  JMP 00FC0FD4

.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!WinExec                                                                           7C86250D 5 Bytes  JMP 00FC00C6

.text           C:\WINDOWS\system32\svchost.exe[272] ADVAPI32.dll!RegOpenKeyExW                                                                     77DD6AAF 5 Bytes  JMP 02410FAF

.text           C:\WINDOWS\system32\svchost.exe[272] ADVAPI32.dll!RegCreateKeyExW                                                                   77DD776C 5 Bytes  JMP 02410F68

.text           C:\WINDOWS\system32\svchost.exe[272] ADVAPI32.dll!RegOpenKeyExA                                                                     77DD7852 5 Bytes  JMP 02410FC0

.text           C:\WINDOWS\system32\svchost.exe[272] ADVAPI32.dll!RegOpenKeyW                                                                       77DD7946 5 Bytes  JMP 02410FDB

.text           C:\WINDOWS\system32\svchost.exe[272] ADVAPI32.dll!RegCreateKeyExA                                                                   77DDE9F4 5 Bytes  JMP 02410F83

.text           C:\WINDOWS\system32\svchost.exe[272] ADVAPI32.dll!RegOpenKeyA                                                                       77DDEFC8 5 Bytes  JMP 02410000

.text           C:\WINDOWS\system32\svchost.exe[272] ADVAPI32.dll!RegCreateKeyW                                                                     77DFBA55 2 Bytes  JMP 02410F94

.text           C:\WINDOWS\system32\svchost.exe[272] ADVAPI32.dll!RegCreateKeyW + 3                                                                 77DFBA58 2 Bytes  [61, 8A]

.text           C:\WINDOWS\system32\svchost.exe[272] ADVAPI32.dll!RegCreateKeyA                                                                     77DFBCF3 5 Bytes  JMP 02410025

.text           C:\WINDOWS\system32\svchost.exe[272] msvcrt.dll!_wsystem                                                                            77C2931E 5 Bytes  JMP 00FF0FC8

.text           C:\WINDOWS\system32\svchost.exe[272] msvcrt.dll!system                                                                              77C293C7 5 Bytes  JMP 00FF0FE3

.text           C:\WINDOWS\system32\svchost.exe[272] msvcrt.dll!_creat                                                                              77C2D40F 5 Bytes  JMP 00FF002E

.text           C:\WINDOWS\system32\svchost.exe[272] msvcrt.dll!_open                                                                               77C2F566 5 Bytes  JMP 00FF0000

.text           C:\WINDOWS\system32\svchost.exe[272] msvcrt.dll!_wcreat                                                                             77C2FC9B 5 Bytes  JMP 00FF0053

.text           C:\WINDOWS\system32\svchost.exe[272] msvcrt.dll!_wopen                                                                              77C30055 5 Bytes  JMP 00FF001D

.text           C:\WINDOWS\system32\svchost.exe[272] WS2_32.dll!socket                                                                              71AB4211 5 Bytes  JMP 00FE0FEF

.text           C:\WINDOWS\system32\svchost.exe[376] ntdll.dll!NtCreateFile                                                                         7C90D0AE 5 Bytes  JMP 00D60FE5

.text           C:\WINDOWS\system32\svchost.exe[376] ntdll.dll!NtCreateProcess                                                                      7C90D14E 5 Bytes  JMP 00D60FCA

.text           C:\WINDOWS\system32\svchost.exe[376] ntdll.dll!NtProtectVirtualMemory                                                               7C90D6EE 5 Bytes  JMP 00D60000

.text           C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!CreateFileA                                                                       7C801A28 5 Bytes  JMP 00D50000

.text           C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!VirtualProtectEx                                                                  7C801A61 5 Bytes  JMP 00D500BA

.text           C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!VirtualProtect                                                                    7C801AD4 5 Bytes  JMP 00D500A9

.text           C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!LoadLibraryExW                                                                    7C801AF5 5 Bytes  JMP 00D5008E

.text           C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!LoadLibraryExA                                                                    7C801D53 5 Bytes  JMP 00D50FD1

.text           C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!LoadLibraryA                                                                      7C801D7B 5 Bytes  JMP 00D50062

.text           C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!GetStartupInfoW                                                                   7C801E54 5 Bytes  JMP 00D500FC

.text           C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!GetStartupInfoA                                                                   7C801EF2 5 Bytes  JMP 00D50FAA

.text           C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!CreateProcessW                                                                    7C802336 5 Bytes  JMP 00D50F74

.text           C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!CreateProcessA                                                                    7C80236B 5 Bytes  JMP 00D50117

.text           C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!GetProcAddress                                                                    7C80AE40 5 Bytes  JMP 00D50128

.text           C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!LoadLibraryW                                                                      7C80AEEB 5 Bytes  JMP 00D50073

.text           C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!CreateFileW                                                                       7C810800 5 Bytes  JMP 00D50025

.text           C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!CreatePipe                                                                        7C81D83F 5 Bytes  JMP 00D500D5

.text           C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!CreateNamedPipeW                                                                  7C82F0DD 5 Bytes  JMP 00D50051

.text           C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!CreateNamedPipeA                                                                  7C860CDC 5 Bytes  JMP 00D50040

.text           C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!WinExec                                                                           7C86250D 5 Bytes  JMP 00D50F99

.text           C:\WINDOWS\system32\svchost.exe[376] ADVAPI32.dll!RegOpenKeyExW                                                                     77DD6AAF 5 Bytes  JMP 00D90F9E

.text           C:\WINDOWS\system32\svchost.exe[376] ADVAPI32.dll!RegCreateKeyExW                                                                   77DD776C 5 Bytes  JMP 00D90F79

.text           C:\WINDOWS\system32\svchost.exe[376] ADVAPI32.dll!RegOpenKeyExA                                                                     77DD7852 5 Bytes  JMP 00D90FB9

.text           C:\WINDOWS\system32\svchost.exe[376] ADVAPI32.dll!RegOpenKeyW                                                                       77DD7946 5 Bytes  JMP 00D90FDE

.text           C:\WINDOWS\system32\svchost.exe[376] ADVAPI32.dll!RegCreateKeyExA                                                                   77DDE9F4 5 Bytes  JMP 00D90036

.text           C:\WINDOWS\system32\svchost.exe[376] ADVAPI32.dll!RegOpenKeyA                                                                       77DDEFC8 5 Bytes  JMP 00D90FEF

.text           C:\WINDOWS\system32\svchost.exe[376] ADVAPI32.dll!RegCreateKeyW                                                                     77DFBA55 5 Bytes  JMP 00D90025

.text           C:\WINDOWS\system32\svchost.exe[376] ADVAPI32.dll!RegCreateKeyA                                                                     77DFBCF3 5 Bytes  JMP 00D9000A

.text           C:\WINDOWS\system32\svchost.exe[376] msvcrt.dll!_wsystem                                                                            77C2931E 5 Bytes  JMP 00D80FBC

.text           C:\WINDOWS\system32\svchost.exe[376] msvcrt.dll!system                                                                              77C293C7 5 Bytes  JMP 00D80047

.text           C:\WINDOWS\system32\svchost.exe[376] msvcrt.dll!_creat                                                                              77C2D40F 5 Bytes  JMP 00D8001B

.text           C:\WINDOWS\system32\svchost.exe[376] msvcrt.dll!_open                                                                               77C2F566 5 Bytes  JMP 00D80000

.text           C:\WINDOWS\system32\svchost.exe[376] msvcrt.dll!_wcreat                                                                             77C2FC9B 5 Bytes  JMP 00D80036

.text           C:\WINDOWS\system32\svchost.exe[376] msvcrt.dll!_wopen                                                                              77C30055 5 Bytes  JMP 00D80FD7

.text           C:\WINDOWS\system32\svchost.exe[376] WS2_32.dll!socket                                                                              71AB4211 5 Bytes  JMP 00D70FEF

.text           C:\WINDOWS\System32\svchost.exe[412] ntdll.dll!NtCreateFile                                                                         7C90D0AE 5 Bytes  JMP 02780FEF

.text           C:\WINDOWS\System32\svchost.exe[412] ntdll.dll!NtCreateProcess                                                                      7C90D14E 5 Bytes  JMP 0278000A

.text           C:\WINDOWS\System32\svchost.exe[412] ntdll.dll!NtProtectVirtualMemory                                                               7C90D6EE 5 Bytes  JMP 02780FD4

.text           C:\WINDOWS\System32\svchost.exe[412] kernel32.dll!CreateFileA                                                                       7C801A28 5 Bytes  JMP 02770FEF

.text           C:\WINDOWS\System32\svchost.exe[412] kernel32.dll!VirtualProtectEx                                                                  7C801A61 5 Bytes  JMP 02770F39

.text           C:\WINDOWS\System32\svchost.exe[412] kernel32.dll!VirtualProtect                                                                    7C801AD4 5 Bytes  JMP 02770038

.text           C:\WINDOWS\System32\svchost.exe[412] kernel32.dll!LoadLibraryExW                                                                    7C801AF5 5 Bytes  JMP 02770F5E

.text           C:\WINDOWS\System32\svchost.exe[412] kernel32.dll!LoadLibraryExA                                                                    7C801D53 5 Bytes  JMP 02770F6F

.text           C:\WINDOWS\System32\svchost.exe[412] kernel32.dll!LoadLibraryA                                                                      7C801D7B 5 Bytes  JMP 02770FAF

.text           C:\WINDOWS\System32\svchost.exe[412] kernel32.dll!GetStartupInfoW                                                                   7C801E54 5 Bytes  JMP 02770064

.text           C:\WINDOWS\System32\svchost.exe[412] kernel32.dll!GetStartupInfoA                                                                   7C801EF2 5 Bytes  JMP 02770F28

.text           C:\WINDOWS\System32\svchost.exe[412] kernel32.dll!CreateProcessW                                                                    7C802336 5 Bytes  JMP 0277007F

.text           C:\WINDOWS\System32\svchost.exe[412] kernel32.dll!CreateProcessA                                                                    7C80236B 5 Bytes  JMP 02770EF0

.text           C:\WINDOWS\System32\svchost.exe[412] kernel32.dll!GetProcAddress                                                                    7C80AE40 5 Bytes  JMP 02770ECB

.text           C:\WINDOWS\System32\svchost.exe[412] kernel32.dll!LoadLibraryW                                                                      7C80AEEB 5 Bytes  JMP 02770F94

.text           C:\WINDOWS\System32\svchost.exe[412] kernel32.dll!CreateFileW                                                                       7C810800 5 Bytes  JMP 02770FD4

.text           C:\WINDOWS\System32\svchost.exe[412] kernel32.dll!CreatePipe                                                                        7C81D83F 5 Bytes  JMP 02770053

.text           C:\WINDOWS\System32\svchost.exe[412] kernel32.dll!CreateNamedPipeW                                                                  7C82F0DD 5 Bytes  JMP 0277001B

.text           C:\WINDOWS\System32\svchost.exe[412] kernel32.dll!CreateNamedPipeA                                                                  7C860CDC 5 Bytes  JMP 0277000A

.text           C:\WINDOWS\System32\svchost.exe[412] kernel32.dll!WinExec                                                                           7C86250D 5 Bytes  JMP 02770F01

.text           C:\WINDOWS\System32\svchost.exe[412] ADVAPI32.dll!RegOpenKeyExW                                                                     77DD6AAF 5 Bytes  JMP 0448002C

.text           C:\WINDOWS\System32\svchost.exe[412] ADVAPI32.dll!RegCreateKeyExW                                                                   77DD776C 5 Bytes  JMP 04480051

.text           C:\WINDOWS\System32\svchost.exe[412] ADVAPI32.dll!RegOpenKeyExA                                                                     77DD7852 5 Bytes  JMP 04480FE5

.text           C:\WINDOWS\System32\svchost.exe[412] ADVAPI32.dll!RegOpenKeyW                                                                       77DD7946 5 Bytes  JMP 0448001B

.text           C:\WINDOWS\System32\svchost.exe[412] ADVAPI32.dll!RegCreateKeyExA                                                                   77DDE9F4 5 Bytes  JMP 04480F94

.text           C:\WINDOWS\System32\svchost.exe[412] ADVAPI32.dll!RegOpenKeyA                                                                       77DDEFC8 5 Bytes  JMP 0448000A

.text           C:\WINDOWS\System32\svchost.exe[412] ADVAPI32.dll!RegCreateKeyW                                                                     77DFBA55 2 Bytes  JMP 04480FA5

.text           C:\WINDOWS\System32\svchost.exe[412] ADVAPI32.dll!RegCreateKeyW + 3                                                                 77DFBA58 2 Bytes  [68, 8C]

.text           C:\WINDOWS\System32\svchost.exe[412] ADVAPI32.dll!RegCreateKeyA                                                                     77DFBCF3 5 Bytes  JMP 04480FC0

.text           C:\WINDOWS\System32\svchost.exe[412] msvcrt.dll!_wsystem                                                                            77C2931E 5 Bytes  JMP 0447005A

.text           C:\WINDOWS\System32\svchost.exe[412] msvcrt.dll!system                                                                              77C293C7 5 Bytes  JMP 04470049

.text           C:\WINDOWS\System32\svchost.exe[412] msvcrt.dll!_creat                                                                              77C2D40F 5 Bytes  JMP 04470027

.text           C:\WINDOWS\System32\svchost.exe[412] msvcrt.dll!_open                                                                               77C2F566 5 Bytes  JMP 04470000

.text           C:\WINDOWS\System32\svchost.exe[412] msvcrt.dll!_wcreat                                                                             77C2FC9B 5 Bytes  JMP 04470038

.text           C:\WINDOWS\System32\svchost.exe[412] msvcrt.dll!_wopen                                                                              77C30055 5 Bytes  JMP 04470FE3

.text           C:\WINDOWS\System32\svchost.exe[412] WS2_32.dll!socket                                                                              71AB4211 5 Bytes  JMP 04460000

.text           C:\WINDOWS\System32\svchost.exe[412] WININET.dll!InternetOpenA                                                                      3D95D690 5 Bytes  JMP 04430000

.text           C:\WINDOWS\System32\svchost.exe[412] WININET.dll!InternetOpenW                                                                      3D95DB09 5 Bytes  JMP 04430FDB

.text           C:\WINDOWS\System32\svchost.exe[412] WININET.dll!InternetOpenUrlA                                                                   3D95F3A4 5 Bytes  JMP 0443001B

.text           C:\WINDOWS\System32\svchost.exe[412] WININET.dll!InternetOpenUrlW                                                                   3D9A6D5F 5 Bytes  JMP 04430036

.text           C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[596] kernel32.dll!LoadLibraryA                                          7C801D7B 5 Bytes  JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)

.text           C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[596] kernel32.dll!LoadLibraryW                                          7C80AEEB 5 Bytes  JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)

.text           C:\WINDOWS\system32\svchost.exe[680] ntdll.dll!NtCreateFile                                                                         7C90D0AE 5 Bytes  JMP 007E000A

.text           C:\WINDOWS\system32\svchost.exe[680] ntdll.dll!NtCreateProcess                                                                      7C90D14E 5 Bytes  JMP 007E002F

.text           C:\WINDOWS\system32\svchost.exe[680] ntdll.dll!NtProtectVirtualMemory                                                               7C90D6EE 5 Bytes  JMP 007E0FEF

.text           C:\WINDOWS\system32\svchost.exe[680] kernel32.dll!CreateFileA                                                                       7C801A28 5 Bytes  JMP 007D0FE5

.text           C:\WINDOWS\system32\svchost.exe[680] kernel32.dll!VirtualProtectEx                                                                  7C801A61 5 Bytes  JMP 007D0F7E

.text           C:\WINDOWS\system32\svchost.exe[680] kernel32.dll!VirtualProtect                                                                    7C801AD4 5 Bytes  JMP 007D0073

.text           C:\WINDOWS\system32\svchost.exe[680] kernel32.dll!LoadLibraryExW                                                                    7C801AF5 5 Bytes  JMP 007D0062

.text           C:\WINDOWS\system32\svchost.exe[680] kernel32.dll!LoadLibraryExA                                                                    7C801D53 5 Bytes  JMP 007D0051

.text           C:\WINDOWS\system32\svchost.exe[680] kernel32.dll!LoadLibraryA                                                                      7C801D7B 5 Bytes  JMP 007D001B

.text           C:\WINDOWS\system32\svchost.exe[680] kernel32.dll!GetStartupInfoW                                                                   7C801E54 5 Bytes  JMP 007D0F2B

.text           C:\WINDOWS\system32\svchost.exe[680] kernel32.dll!GetStartupInfoA                                                                   7C801EF2 5 Bytes  JMP 007D0F48

.text           C:\WINDOWS\system32\svchost.exe[680] kernel32.dll!CreateProcessW                                                                    7C802336 5 Bytes  JMP 007D0EFF

.text           C:\WINDOWS\system32\svchost.exe[680] kernel32.dll!CreateProcessA                                                                    7C80236B 5 Bytes  JMP 007D0F1A

.text           C:\WINDOWS\system32\svchost.exe[680] kernel32.dll!GetProcAddress                                                                    7C80AE40 5 Bytes  JMP 007D00BD

.text           C:\WINDOWS\system32\svchost.exe[680] kernel32.dll!LoadLibraryW                                                                      7C80AEEB 5 Bytes  JMP 007D0036

.text           C:\WINDOWS\system32\svchost.exe[680] kernel32.dll!CreateFileW                                                                       7C810800 5 Bytes  JMP 007D0FD4

.text           C:\WINDOWS\system32\svchost.exe[680] kernel32.dll!CreatePipe                                                                        7C81D83F 5 Bytes  JMP 007D0F63

.text           C:\WINDOWS\system32\svchost.exe[680] kernel32.dll!CreateNamedPipeW                                                                  7C82F0DD 5 Bytes  JMP 007D0FB9

.text           C:\WINDOWS\system32\svchost.exe[680] kernel32.dll!CreateNamedPipeA                                                                  7C860CDC 5 Bytes  JMP 007D000A

.text           C:\WINDOWS\system32\svchost.exe[680] kernel32.dll!WinExec                                                                           7C86250D 5 Bytes  JMP 007D0098

.text           C:\WINDOWS\system32\svchost.exe[680] ADVAPI32.dll!RegOpenKeyExW                                                                     77DD6AAF 5 Bytes  JMP 00810025

.text           C:\WINDOWS\system32\svchost.exe[680] ADVAPI32.dll!RegCreateKeyExW                                                                   77DD776C 5 Bytes  JMP 0081006C

.text           C:\WINDOWS\system32\svchost.exe[680] ADVAPI32.dll!RegOpenKeyExA                                                                     77DD7852 5 Bytes  JMP 00810FD4

.text           C:\WINDOWS\system32\svchost.exe[680] ADVAPI32.dll!RegOpenKeyW                                                                       77DD7946 5 Bytes  JMP 0081000A

.text           C:\WINDOWS\system32\svchost.exe[680] ADVAPI32.dll!RegCreateKeyExA                                                                   77DDE9F4 5 Bytes  JMP 00810051

.text           C:\WINDOWS\system32\svchost.exe[680] ADVAPI32.dll!RegOpenKeyA                                                                       77DDEFC8 5 Bytes  JMP 00810FE5

.text           C:\WINDOWS\system32\svchost.exe[680] ADVAPI32.dll!RegCreateKeyW                                                                     77DFBA55 5 Bytes  JMP 00810040

.text           C:\WINDOWS\system32\svchost.exe[680] ADVAPI32.dll!RegCreateKeyA                                                                     77DFBCF3 5 Bytes  JMP 00810FB9

.text           C:\WINDOWS\system32\svchost.exe[680] msvcrt.dll!_wsystem                                                                            77C2931E 5 Bytes  JMP 00800055

.text           C:\WINDOWS\system32\svchost.exe[680] msvcrt.dll!system                                                                              77C293C7 5 Bytes  JMP 00800044

.text           C:\WINDOWS\system32\svchost.exe[680] msvcrt.dll!_creat                                                                              77C2D40F 5 Bytes  JMP 00800022

.text           C:\WINDOWS\system32\svchost.exe[680] msvcrt.dll!_open                                                                               77C2F566 5 Bytes  JMP 00800000

.text           C:\WINDOWS\system32\svchost.exe[680] msvcrt.dll!_wcreat                                                                             77C2FC9B 5 Bytes  JMP 00800033

.text           C:\WINDOWS\system32\svchost.exe[680] msvcrt.dll!_wopen                                                                              77C30055 5 Bytes  JMP 00800011

.text           C:\WINDOWS\system32\svchost.exe[680] WS2_32.dll!socket                                                                              71AB4211 5 Bytes  JMP 007F0000

.text           C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtCreateFile                                                                         7C90D0AE 5 Bytes  JMP 009E0000

.text           C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtCreateProcess                                                                      7C90D14E 5 Bytes  JMP 009E0FE5

.text           C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtProtectVirtualMemory                                                               7C90D6EE 5 Bytes  JMP 009E001B

.text           C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!CreateFileA                                                                       7C801A28 5 Bytes  JMP 009D0000

.text           C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!VirtualProtectEx                                                                  7C801A61 5 Bytes  JMP 009D008B

.text           C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!VirtualProtect                                                                    7C801AD4 5 Bytes  JMP 009D007A

.text           C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!LoadLibraryExW                                                                    7C801AF5 5 Bytes  JMP 009D0069

.text           C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!LoadLibraryExA                                                                    7C801D53 5 Bytes  JMP 009D0FB6

.text           C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!LoadLibraryA                                                                      7C801D7B 5 Bytes  JMP 009D003D

.text           C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!GetStartupInfoW                                                                   7C801E54 5 Bytes  JMP 009D00B7

.text           C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!GetStartupInfoA                                                                   7C801EF2 5 Bytes  JMP 009D009C

.text           C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!CreateProcessW                                                                    7C802336 5 Bytes  JMP 009D00D2

.text           C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!CreateProcessA                                                                    7C80236B 5 Bytes  JMP 009D0F39

.text           C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!GetProcAddress                                                                    7C80AE40 5 Bytes  JMP 009D00E3

.text           C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!LoadLibraryW                                                                      7C80AEEB 5 Bytes  JMP 009D0058

.text           C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!CreateFileW                                                                       7C810800 5 Bytes  JMP 009D001B

.text           C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!CreatePipe                                                                        7C81D83F 5 Bytes  JMP 009D0F71

.text           C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!CreateNamedPipeW                                                                  7C82F0DD 5 Bytes  JMP 009D002C

.text           C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!CreateNamedPipeA                                                                  7C860CDC 5 Bytes  JMP 009D0FDB

.text           C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!WinExec                                                                           7C86250D 5 Bytes  JMP 009D0F4A

.text           C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegOpenKeyExW                                                                     77DD6AAF 5 Bytes  JMP 00A5002F

.text           C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegCreateKeyExW                                                                   77DD776C 5 Bytes  JMP 00A5005B

.text           C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegOpenKeyExA                                                                     77DD7852 5 Bytes  JMP 00A50FD4

.text           C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegOpenKeyW                                                                       77DD7946 5 Bytes  JMP 00A5000A

.text           C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegCreateKeyExA                                                                   77DDE9F4 5 Bytes  JMP 00A50F9E

.text           C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegOpenKeyA                                                                       77DDEFC8 5 Bytes  JMP 00A50FEF

.text           C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegCreateKeyW                                                                     77DFBA55 5 Bytes  JMP 00A5004A

.text           C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegCreateKeyA                                                                     77DFBCF3 5 Bytes  JMP 00A50FC3

.text           C:\WINDOWS\system32\svchost.exe[724] msvcrt.dll!_wsystem                                                                            77C2931E 5 Bytes  JMP 00A00FB9

.text           C:\WINDOWS\system32\svchost.exe[724] msvcrt.dll!system                                                                              77C293C7 5 Bytes  JMP 00A00FCA

.text           C:\WINDOWS\system32\svchost.exe[724] msvcrt.dll!_creat                                                                              77C2D40F 5 Bytes  JMP 00A0003A

.text           C:\WINDOWS\system32\svchost.exe[724] msvcrt.dll!_open                                                                               77C2F566 5 Bytes  JMP 00A0000C

.text           C:\WINDOWS\system32\svchost.exe[724] msvcrt.dll!_wcreat                                                                             77C2FC9B 5 Bytes  JMP 00A00FE5

.text           C:\WINDOWS\system32\svchost.exe[724] msvcrt.dll!_wopen                                                                              77C30055 5 Bytes  JMP 00A0001D

.text           C:\WINDOWS\system32\svchost.exe[724] WS2_32.dll!socket                                                                              71AB4211 5 Bytes  JMP 009F0FE5

.text           C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile                                                                         7C90D0AE 5 Bytes  JMP 00D00FE5

.text           C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateProcess                                                                      7C90D14E 5 Bytes  JMP 00D00011

.text           C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtProtectVirtualMemory                                                               7C90D6EE 5 Bytes  JMP 00D00000

.text           C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateFileA                                                                       7C801A28 5 Bytes  JMP 00CB0FEF

.text           C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!VirtualProtectEx                                                                  7C801A61 5 Bytes  JMP 00CB00A4

.text           C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!VirtualProtect                                                                    7C801AD4 5 Bytes  JMP 00CB0089

.text           C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!LoadLibraryExW                                                                    7C801AF5 5 Bytes  JMP 00CB006C

.text           C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!LoadLibraryExA                                                                    7C801D53 5 Bytes  JMP 00CB005B

.text           C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!LoadLibraryA                                                                      7C801D7B 5 Bytes  JMP 00CB0040

.text           C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!GetStartupInfoW                                                                   7C801E54 5 Bytes  JMP 00CB0F77

.text           C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!GetStartupInfoA                                                                   7C801EF2 5 Bytes  JMP 00CB0F94

.text           C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateProcessW                                                                    7C802336 1 Byte  [E9]

.text           C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateProcessW                                                                    7C802336 5 Bytes  JMP 00CB0F3A

.text           C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateProcessA                                                                    7C80236B 5 Bytes  JMP 00CB0F4B

.text           C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!GetProcAddress                                                                    7C80AE40 5 Bytes  JMP 00CB00EE

.text           C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!LoadLibraryW                                                                      7C80AEEB 5 Bytes  JMP 00CB0FB9

.text           C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateFileW                                                                       7C810800 5 Bytes  JMP 00CB0FD4

.text           C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreatePipe                                                                        7C81D83F 5 Bytes  JMP 00CB00B5

.text           C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateNamedPipeW                                                                  7C82F0DD 5 Bytes  JMP 00CB0025

.text           C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateNamedPipeA                                                                  7C860CDC 5 Bytes  JMP 00CB0014

.text           C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!WinExec                                                                           7C86250D 5 Bytes  JMP 00CB0F66

.text           C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!RegOpenKeyExW                                                                     77DD6AAF 5 Bytes  JMP 00FE0036

.text           C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!RegCreateKeyExW                                                                   77DD776C 5 Bytes  JMP 00FE005B

.text           C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!RegOpenKeyExA                                                                     77DD7852 5 Bytes  JMP 00FE001B

.text           C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!RegOpenKeyW                                                                       77DD7946 5 Bytes  JMP 00FE0000

.text           C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!RegCreateKeyExA                                                                   77DDE9F4 5 Bytes  JMP 00FE0F9E

.text           C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!RegOpenKeyA                                                                       77DDEFC8 5 Bytes  JMP 00FE0FE5

.text           C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!RegCreateKeyW                                                                     77DFBA55 2 Bytes  JMP 00FE0FB9

.text           C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!RegCreateKeyW + 3                                                                 77DFBA58 2 Bytes  [1E, 89]

.text           C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!RegCreateKeyA                                                                     77DFBCF3 5 Bytes  JMP 00FE0FCA

.text           C:\WINDOWS\system32\svchost.exe[848] msvcrt.dll!_wsystem                                                                            77C2931E 5 Bytes  JMP 00FD004B

.text           C:\WINDOWS\system32\svchost.exe[848] msvcrt.dll!system                                                                              77C293C7 5 Bytes  JMP 00FD0FC0

.text           C:\WINDOWS\system32\svchost.exe[848] msvcrt.dll!_creat                                                                              77C2D40F 5 Bytes  JMP 00FD0029

.text           C:\WINDOWS\system32\svchost.exe[848] msvcrt.dll!_open                                                                               77C2F566 5 Bytes  JMP 00FD000C

.text           C:\WINDOWS\system32\svchost.exe[848] msvcrt.dll!_wcreat                                                                             77C2FC9B 5 Bytes  JMP 00FD003A

.text           C:\WINDOWS\system32\svchost.exe[848] msvcrt.dll!_wopen                                                                              77C30055 5 Bytes  JMP 00FD0FEF

.text           C:\WINDOWS\system32\svchost.exe[848] WS2_32.dll!socket                                                                              71AB4211 5 Bytes  JMP 00FC0FE5

.text           C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!NtCreateFile                                                                        7C90D0AE 3 Bytes  JMP 0091000A

.text           C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!NtCreateFile + 4                                                                    7C90D0B2 1 Byte  [84]

.text           C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!NtCreateProcess                                                                     7C90D14E 3 Bytes  JMP 00910025

.text           C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!NtCreateProcess + 4                                                                 7C90D152 1 Byte  [84]

.text           C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!NtProtectVirtualMemory                                                              7C90D6EE 3 Bytes  JMP 00910FEF

.text           C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!NtProtectVirtualMemory + 4                                                          7C90D6F2 1 Byte  [84]

.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateFileA                                                                      7C801A28 5 Bytes  JMP 00900FEF

.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!VirtualProtectEx                                                                 7C801A61 5 Bytes  JMP 00900082

.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!VirtualProtect                                                                   7C801AD4 5 Bytes  JMP 00900F8D

.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryExW                                                                   7C801AF5 5 Bytes  JMP 00900F9E

.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryExA                                                                   7C801D53 5 Bytes  JMP 0090005B

.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryA                                                                     7C801D7B 5 Bytes  JMP 00900FB9

.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetStartupInfoW                                                                  7C801E54 5 Bytes  JMP 009000A4

.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetStartupInfoA                                                                  7C801EF2 5 Bytes  JMP 00900F68

.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateProcessW                                                                   7C802336 5 Bytes  JMP 009000F5

.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateProcessA                                                                   7C80236B 5 Bytes  JMP 009000E4

.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetProcAddress                                                                   7C80AE40 5 Bytes  JMP 00900F41

.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryW                                                                     7C80AEEB 5 Bytes  JMP 00900040

.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateFileW                                                                      7C810800 5 Bytes  JMP 00900000

.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreatePipe                                                                       7C81D83F 5 Bytes  JMP 00900093

.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateNamedPipeW                                                                 7C82F0DD 5 Bytes  JMP 00900025

.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateNamedPipeA                                                                 7C860CDC 5 Bytes  JMP 00900FD4

.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!WinExec                                                                          7C86250D 5 Bytes  JMP 009000C9

.text           C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyExW                                                                    77DD6AAF 5 Bytes  JMP 00BF002F

.text           C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyExW                                                                  77DD776C 5 Bytes  JMP 00BF0F83

.text           C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyExA                                                                    77DD7852 5 Bytes  JMP 00BF001E

.text           C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyW                                                                      77DD7946 5 Bytes  JMP 00BF0FDE

.text           C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyExA                                                                  77DDE9F4 5 Bytes  JMP 00BF0F9E

.text           C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyA                                                                      77DDEFC8 5 Bytes  JMP 00BF0FEF

.text           C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyW                                                                    77DFBA55 5 Bytes  JMP 00BF0040

.text           C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyA                                                                    77DFBCF3 5 Bytes  JMP 00BF0FC3

.text           C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!_wsystem                                                                           77C2931E 5 Bytes  JMP 00BE0FB7

.text           C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!system                                                                             77C293C7 5 Bytes  JMP 00BE0038

.text           C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!_creat                                                                             77C2D40F 5 Bytes  JMP 00BE0027

.text           C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!_open                                                                              77C2F566 5 Bytes  JMP 00BE0000

.text           C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!_wcreat                                                                            77C2FC9B 5 Bytes  JMP 00BE0FC8

.text           C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!_wopen                                                                             77C30055 5 Bytes  JMP 00BE0FE3

.text           C:\WINDOWS\system32\svchost.exe[1172] WININET.dll!InternetOpenA                                                                     3D95D690 5 Bytes  JMP 0092000A

.text           C:\WINDOWS\system32\svchost.exe[1172] WININET.dll!InternetOpenW                                                                     3D95DB09 5 Bytes  JMP 00920FEF

.text           C:\WINDOWS\system32\svchost.exe[1172] WININET.dll!InternetOpenUrlA                                                                  3D95F3A4 5 Bytes  JMP 00920FCA

.text           C:\WINDOWS\system32\svchost.exe[1172] WININET.dll!InternetOpenUrlW                                                                  3D9A6D5F 5 Bytes  JMP 0092001B

.text           C:\WINDOWS\system32\svchost.exe[1172] WS2_32.dll!socket                                                                             71AB4211 5 Bytes  JMP 00930000

.text           C:\WINDOWS\system32\SearchIndexer.exe[1268] kernel32.dll!WriteFile                                                                  7C810E27 7 Bytes  JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

.text           C:\WINDOWS\system32\services.exe[1948] ntdll.dll!NtCreateFile                                                                       7C90D0AE 5 Bytes  JMP 00050000

.text           C:\WINDOWS\system32\services.exe[1948] ntdll.dll!NtCreateProcess                                                                    7C90D14E 5 Bytes  JMP 0005002C

.text           C:\WINDOWS\system32\services.exe[1948] ntdll.dll!NtProtectVirtualMemory                                                             7C90D6EE 5 Bytes  JMP 0005001B

.text           C:\WINDOWS\system32\services.exe[1948] kernel32.dll!CreateFileA                                                                     7C801A28 5 Bytes  JMP 00040000

.text           C:\WINDOWS\system32\services.exe[1948] kernel32.dll!VirtualProtectEx                                                                7C801A61 5 Bytes  JMP 00040F6D

.text           C:\WINDOWS\system32\services.exe[1948] kernel32.dll!VirtualProtect                                                                  7C801AD4 5 Bytes  JMP 00040F7E

.text           C:\WINDOWS\system32\services.exe[1948] kernel32.dll!LoadLibraryExW                                                                  7C801AF5 5 Bytes  JMP 00040058

.text           C:\WINDOWS\system32\services.exe[1948] kernel32.dll!LoadLibraryExA                                                                  7C801D53 5 Bytes  JMP 00040F9B

.text           C:\WINDOWS\system32\services.exe[1948] kernel32.dll!LoadLibraryA                                                                    7C801D7B 5 Bytes  JMP 0004003D

.text           C:\WINDOWS\system32\services.exe[1948] kernel32.dll!GetStartupInfoW                                                                 7C801E54 5 Bytes  JMP 000400AB

.text           C:\WINDOWS\system32\services.exe[1948] kernel32.dll!GetStartupInfoA                                                                 7C801EF2 5 Bytes  JMP 0004009A

.text           C:\WINDOWS\system32\services.exe[1948] kernel32.dll!CreateProcessW                                                                  7C802336 5 Bytes  JMP 00040F1C

.text           C:\WINDOWS\system32\services.exe[1948] kernel32.dll!CreateProcessA                                                                  7C80236B 5 Bytes  JMP 00040F2D

.text           C:\WINDOWS\system32\services.exe[1948] kernel32.dll!GetProcAddress                                                                  7C80AE40 5 Bytes  JMP 00040F0B

.text           C:\WINDOWS\system32\services.exe[1948] kernel32.dll!LoadLibraryW                                                                    7C80AEEB 5 Bytes  JMP 00040FAC

.text           C:\WINDOWS\system32\services.exe[1948] kernel32.dll!CreateFileW                                                                     7C810800 5 Bytes  JMP 00040FE5

.text           C:\WINDOWS\system32\services.exe[1948] kernel32.dll!CreatePipe                                                                      7C81D83F 5 Bytes  JMP 0004007D

.text           C:\WINDOWS\system32\services.exe[1948] kernel32.dll!CreateNamedPipeW                                                                7C82F0DD 5 Bytes  JMP 0004002C

.text           C:\WINDOWS\system32\services.exe[1948] kernel32.dll!CreateNamedPipeA                                                                7C860CDC 5 Bytes  JMP 0004001B

.text           C:\WINDOWS\system32\services.exe[1948] kernel32.dll!WinExec                                                                         7C86250D 5 Bytes  JMP 00040F48

.text           C:\WINDOWS\system32\services.exe[1948] ADVAPI32.dll!RegOpenKeyExW                                                                   77DD6AAF 5 Bytes  JMP 00E20036

.text           C:\WINDOWS\system32\services.exe[1948] ADVAPI32.dll!RegCreateKeyExW                                                                 77DD776C 5 Bytes  JMP 00E20FA5

.text           C:\WINDOWS\system32\services.exe[1948] ADVAPI32.dll!RegOpenKeyExA                                                                   77DD7852 5 Bytes  JMP 00E20FDB

.text           C:\WINDOWS\system32\services.exe[1948] ADVAPI32.dll!RegOpenKeyW                                                                     77DD7946 5 Bytes  JMP 00E20011

.text           C:\WINDOWS\system32\services.exe[1948] ADVAPI32.dll!RegCreateKeyExA                                                                 77DDE9F4 5 Bytes  JMP 00E20FB6

.text           C:\WINDOWS\system32\services.exe[1948] ADVAPI32.dll!RegOpenKeyA                                                                     77DDEFC8 5 Bytes  JMP 00E20000

.text           C:\WINDOWS\system32\services.exe[1948] ADVAPI32.dll!RegCreateKeyW                                                                   77DFBA55 5 Bytes  JMP 00E20062

.text           C:\WINDOWS\system32\services.exe[1948] ADVAPI32.dll!RegCreateKeyA                                                                   77DFBCF3 5 Bytes  JMP 00E20051

.text           C:\WINDOWS\system32\services.exe[1948] msvcrt.dll!_wsystem                                                                          77C2931E 5 Bytes  JMP 00070F92

.text           C:\WINDOWS\system32\services.exe[1948] msvcrt.dll!system                                                                            77C293C7 5 Bytes  JMP 00070FB7

.text           C:\WINDOWS\system32\services.exe[1948] msvcrt.dll!_creat                                                                            77C2D40F 5 Bytes  JMP 00070FD2

.text           C:\WINDOWS\system32\services.exe[1948] msvcrt.dll!_open                                                                             77C2F566 5 Bytes  JMP 00070FEF

.text           C:\WINDOWS\system32\services.exe[1948] msvcrt.dll!_wcreat                                                                           77C2FC9B 5 Bytes  JMP 00070027

.text           C:\WINDOWS\system32\services.exe[1948] msvcrt.dll!_wopen                                                                            77C30055 5 Bytes  JMP 0007000C

.text           C:\WINDOWS\system32\services.exe[1948] WS2_32.dll!socket                                                                            71AB4211 5 Bytes  JMP 00060000

.text           C:\WINDOWS\system32\lsass.exe[1960] ntdll.dll!NtCreateFile                                                                          7C90D0AE 5 Bytes  JMP 00DC0000

.text           C:\WINDOWS\system32\lsass.exe[1960] ntdll.dll!NtCreateProcess                                                                       7C90D14E 5 Bytes  JMP 00DC0FCA

.text           C:\WINDOWS\system32\lsass.exe[1960] ntdll.dll!NtProtectVirtualMemory                                                                7C90D6EE 5 Bytes  JMP 00DC0FE5

.text           C:\WINDOWS\system32\lsass.exe[1960] kernel32.dll!CreateFileA                                                                        7C801A28 5 Bytes  JMP 00DB0FEF

.text           C:\WINDOWS\system32\lsass.exe[1960] kernel32.dll!VirtualProtectEx                                                                   7C801A61 5 Bytes  JMP 00DB0F83

.text           C:\WINDOWS\system32\lsass.exe[1960] kernel32.dll!VirtualProtect                                                                     7C801AD4 5 Bytes  JMP 00DB0078

.text           C:\WINDOWS\system32\lsass.exe[1960] kernel32.dll!LoadLibraryExW                                                                     7C801AF5 5 Bytes  JMP 00DB005B

.text           C:\WINDOWS\system32\lsass.exe[1960] kernel32.dll!LoadLibraryExA                                                                     7C801D53 5 Bytes  JMP 00DB0F9E

.text           C:\WINDOWS\system32\lsass.exe[1960] kernel32.dll!LoadLibraryA                                                                       7C801D7B 5 Bytes  JMP 00DB0025

.text           C:\WINDOWS\system32\lsass.exe[1960] kernel32.dll!GetStartupInfoW                                                                    7C801E54 5 Bytes  JMP 00DB0F41

.text           C:\WINDOWS\system32\lsass.exe[1960] kernel32.dll!GetStartupInfoA                                                                    7C801EF2 5 Bytes  JMP 00DB0F68

.text           C:\WINDOWS\system32\lsass.exe[1960] kernel32.dll!CreateProcessW                                                                     7C802336 5 Bytes  JMP 00DB0F15

.text           C:\WINDOWS\system32\lsass.exe[1960] kernel32.dll!CreateProcessA                                                                     7C80236B 5 Bytes  JMP 00DB00A4

.text           C:\WINDOWS\system32\lsass.exe[1960] kernel32.dll!GetProcAddress                                                                     7C80AE40 5 Bytes  JMP 00DB0F04

.text           C:\WINDOWS\system32\lsass.exe[1960] kernel32.dll!LoadLibraryW                                                                       7C80AEEB 5 Bytes  JMP 00DB0036

.text           C:\WINDOWS\system32\lsass.exe[1960] kernel32.dll!CreateFileW                                                                        7C810800 5 Bytes  JMP 00DB0FCA

.text           C:\WINDOWS\system32\lsass.exe[1960] kernel32.dll!CreatePipe                                                                         7C81D83F 5 Bytes  JMP 00DB0093

.text           C:\WINDOWS\system32\lsass.exe[1960] kernel32.dll!CreateNamedPipeW                                                                   7C82F0DD 5 Bytes  JMP 00DB0014

.text           C:\WINDOWS\system32\lsass.exe[1960] kernel32.dll!CreateNamedPipeA                                                                   7C860CDC 5 Bytes  JMP 00DB0FB9

.text           C:\WINDOWS\system32\lsass.exe[1960] kernel32.dll!WinExec                                                                            7C86250D 5 Bytes  JMP 00DB0F26

.text           C:\WINDOWS\system32\lsass.exe[1960] ADVAPI32.dll!RegOpenKeyExW                                                                      77DD6AAF 5 Bytes  JMP 00F90FCD

.text           C:\WINDOWS\system32\lsass.exe[1960] ADVAPI32.dll!RegCreateKeyExW                                                                    77DD776C 5 Bytes  JMP 00F90065

.text           C:\WINDOWS\system32\lsass.exe[1960] ADVAPI32.dll!RegOpenKeyExA                                                                      77DD7852 5 Bytes  JMP 00F90FDE

.text           C:\WINDOWS\system32\lsass.exe[1960] ADVAPI32.dll!RegOpenKeyW                                                                        77DD7946 5 Bytes  JMP 00F9000A

.text           C:\WINDOWS\system32\lsass.exe[1960] ADVAPI32.dll!RegCreateKeyExA                                                                    77DDE9F4 5 Bytes  JMP 00F90FA8

.text           C:\WINDOWS\system32\lsass.exe[1960] ADVAPI32.dll!RegOpenKeyA                                                                        77DDEFC8 5 Bytes  JMP 00F90FEF

.text           C:\WINDOWS\system32\lsass.exe[1960] ADVAPI32.dll!RegCreateKeyW                                                                      77DFBA55 5 Bytes  JMP 00F90054

.text           C:\WINDOWS\system32\lsass.exe[1960] ADVAPI32.dll!RegCreateKeyA                                                                      77DFBCF3 5 Bytes  JMP 00F90043

.text           C:\WINDOWS\system32\lsass.exe[1960] msvcrt.dll!_wsystem                                                                             77C2931E 5 Bytes  JMP 00DE0F8B

.text           C:\WINDOWS\system32\lsass.exe[1960] msvcrt.dll!system                                                                               77C293C7 5 Bytes  JMP 00DE0020

.text           C:\WINDOWS\system32\lsass.exe[1960] msvcrt.dll!_creat                                                                               77C2D40F 5 Bytes  JMP 00DE0FB7

.text           C:\WINDOWS\system32\lsass.exe[1960] msvcrt.dll!_open                                                                                77C2F566 5 Bytes  JMP 00DE0FE3

.text           C:\WINDOWS\system32\lsass.exe[1960] msvcrt.dll!_wcreat                                                                              77C2FC9B 5 Bytes  JMP 00DE0FA6

.text           C:\WINDOWS\system32\lsass.exe[1960] msvcrt.dll!_wopen                                                                               77C30055 5 Bytes  JMP 00DE0FD2

.text           C:\WINDOWS\system32\lsass.exe[1960] WS2_32.dll!socket                                                                               71AB4211 5 Bytes  JMP 00DD0FEF

.text           C:\WINDOWS\explorer.exe[5040] ntdll.dll!NtCreateFile                                                                                7C90D0AE 5 Bytes  JMP 00090000

.text           C:\WINDOWS\explorer.exe[5040] ntdll.dll!NtCreateProcess                                                                             7C90D14E 5 Bytes  JMP 0009001B

.text           C:\WINDOWS\explorer.exe[5040] ntdll.dll!NtProtectVirtualMemory                                                                      7C90D6EE 5 Bytes  JMP 00090FE5

.text           C:\WINDOWS\explorer.exe[5040] kernel32.dll!CreateFileA                                                                              7C801A28 5 Bytes  JMP 001B0FE5

.text           C:\WINDOWS\explorer.exe[5040] kernel32.dll!VirtualProtectEx                                                                         7C801A61 5 Bytes  JMP 001B0F7E

.text           C:\WINDOWS\explorer.exe[5040] kernel32.dll!VirtualProtect                                                                           7C801AD4 5 Bytes  JMP 001B0F8F

.text           C:\WINDOWS\explorer.exe[5040] kernel32.dll!LoadLibraryExW                                                                           7C801AF5 5 Bytes  JMP 001B0073

.text           C:\WINDOWS\explorer.exe[5040] kernel32.dll!LoadLibraryExA                                                                           7C801D53 5 Bytes  JMP 001B0062

.text           C:\WINDOWS\explorer.exe[5040] kernel32.dll!LoadLibraryA                                                                             7C801D7B 5 Bytes  JMP 001B002C

.text           C:\WINDOWS\explorer.exe[5040] kernel32.dll!GetStartupInfoW                                                                          7C801E54 5 Bytes  JMP 001B00A4

.text           C:\WINDOWS\explorer.exe[5040] kernel32.dll!GetStartupInfoA                                                                          7C801EF2 5 Bytes  JMP 001B0F52

.text           C:\WINDOWS\explorer.exe[5040] kernel32.dll!CreateProcessW                                                                           7C802336 5 Bytes  JMP 001B0F26

.text           C:\WINDOWS\explorer.exe[5040] kernel32.dll!CreateProcessA                                                                           7C80236B 5 Bytes  JMP 001B0F37

.text           C:\WINDOWS\explorer.exe[5040] kernel32.dll!GetProcAddress                                                                           7C80AE40 5 Bytes  JMP 001B00D0

.text           C:\WINDOWS\explorer.exe[5040] kernel32.dll!LoadLibraryW                                                                             7C80AEEB 5 Bytes  JMP 001B0047

.text           C:\WINDOWS\explorer.exe[5040] kernel32.dll!CreateFileW                                                                              7C810800 5 Bytes  JMP 001B0FCA

.text           C:\WINDOWS\explorer.exe[5040] kernel32.dll!CreatePipe                                                                               7C81D83F 5 Bytes  JMP 001B0F63

.text           C:\WINDOWS\explorer.exe[5040] kernel32.dll!CreateNamedPipeW                                                                         7C82F0DD 5 Bytes  JMP 001B001B

.text           C:\WINDOWS\explorer.exe[5040] kernel32.dll!CreateNamedPipeA                                                                         7C860CDC 5 Bytes  JMP 001B0000

.text           C:\WINDOWS\explorer.exe[5040] kernel32.dll!WinExec                                                                                  7C86250D 5 Bytes  JMP 001B00B5

.text           C:\WINDOWS\explorer.exe[5040] ADVAPI32.dll!RegOpenKeyExW                                                                            77DD6AAF 5 Bytes  JMP 002A0022

.text           C:\WINDOWS\explorer.exe[5040] ADVAPI32.dll!RegCreateKeyExW                                                                          77DD776C 5 Bytes  JMP 002A0F80

.text           C:\WINDOWS\explorer.exe[5040] ADVAPI32.dll!RegOpenKeyExA                                                                            77DD7852 5 Bytes  JMP 002A0011

.text           C:\WINDOWS\explorer.exe[5040] ADVAPI32.dll!RegOpenKeyW                                                                              77DD7946 5 Bytes  JMP 002A0FE5

.text           C:\WINDOWS\explorer.exe[5040] ADVAPI32.dll!RegCreateKeyExA                                                                          77DDE9F4 5 Bytes  JMP 002A003D

.text           C:\WINDOWS\explorer.exe[5040] ADVAPI32.dll!RegOpenKeyA                                                                              77DDEFC8 5 Bytes  JMP 002A0000

.text           C:\WINDOWS\explorer.exe[5040] ADVAPI32.dll!RegCreateKeyW                                                                            77DFBA55 2 Bytes  JMP 002A0FA5

.text           C:\WINDOWS\explorer.exe[5040] ADVAPI32.dll!RegCreateKeyW + 3                                                                        77DFBA58 2 Bytes  [4A, 88]

.text           C:\WINDOWS\explorer.exe[5040] ADVAPI32.dll!RegCreateKeyA                                                                            77DFBCF3 5 Bytes  JMP 002A0FC0

.text           C:\WINDOWS\explorer.exe[5040] msvcrt.dll!_wsystem                                                                                   77C2931E 5 Bytes  JMP 002B005D

.text           C:\WINDOWS\explorer.exe[5040] msvcrt.dll!system                                                                                     77C293C7 5 Bytes  JMP 002B0042

.text           C:\WINDOWS\explorer.exe[5040] msvcrt.dll!_creat                                                                                     77C2D40F 5 Bytes  JMP 002B0FD2

.text           C:\WINDOWS\explorer.exe[5040] msvcrt.dll!_open                                                                                      77C2F566 5 Bytes  JMP 002B0FE3

.text           C:\WINDOWS\explorer.exe[5040] msvcrt.dll!_wcreat                                                                                    77C2FC9B 5 Bytes  JMP 002B0027

.text           C:\WINDOWS\explorer.exe[5040] msvcrt.dll!_wopen                                                                                     77C30055 5 Bytes  JMP 002B0000

.text           C:\WINDOWS\explorer.exe[5040] WININET.dll!InternetOpenA                                                                             3D95D690 5 Bytes  JMP 002D0FEF

.text           C:\WINDOWS\explorer.exe[5040] WININET.dll!InternetOpenW                                                                             3D95DB09 5 Bytes  JMP 002D0000

.text           C:\WINDOWS\explorer.exe[5040] WININET.dll!InternetOpenUrlA                                                                          3D95F3A4 5 Bytes  JMP 002D0FCA

.text           C:\WINDOWS\explorer.exe[5040] WININET.dll!InternetOpenUrlW                                                                          3D9A6D5F 5 Bytes  JMP 002D0FAF

.text           C:\WINDOWS\explorer.exe[5040] WS2_32.dll!socket                                                                                     71AB4211 5 Bytes  JMP 00EB0FEF

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[660] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW]  [00407740] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

IAT             C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[660] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA]      [004077A0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                              mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                              MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                            mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                           mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                           mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                         mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                            MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed                                                        403

Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesSuccessful                                                       352

---- EOF - GMER 1.0.15 ----

By the way, it seemed like the redirects had stopped after the Combofix, but the most recent one I tried was redirected. so the problem still exists

Hi Tootall99,

It seems that your problem is very well hidden indeed. I'd like you next to run a CF script from a tool we have just used. Then another rootkit scanning tool. It is imperative that you tell me if the redirects have stopped at any point. As this will be a strong indication the bulk of the infection has been removed.

Let's see if MBAM will find anything. Combofix sometimes allows MBAM to run more effective by unhiding certain nasties.

As follows please.

Step 1
MBAM Quick Scan

1. Open MBAM and click on the Settings tab. Be sure there is a check at "Automatically save log file after scan completes."

2. Click on the Update tab and then on the "Check for Updates" button.
3. Click the Scanner tab and select "Perform quick scan," then click Scan.

4. Copy and paste the log here.

MBAM.txt

Combofix.txt
AswMBR.txt

Have the redirects stopped?