Mike.

Will do. Thanks for the help!

ComboFix 10-08-10.06 - midavenport 08/11/2010 7:04.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1687 [GMT -4:00] Running from: c:\documents and settings\midavenport\My Documents\Downloads\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Install.exe c:\windows\system32\ChilkatMail_v7_9.dll . ((((((((((((((((((((((((( Files Created from 2010-07-11 to 2010-08-11 ))))))))))))))))))))))))))))))) . 2010-08-11 11:03 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll 2010-08-11 11:00 . 2010-04-26 19:58 256512 ----a-w- C:\PEV.exe 2010-08-11 11:00 . 2009-10-25 10:11 77312 ----a-w- C:\MBR.exe 2010-08-11 11:00 . 2009-04-20 16:56 31232 ----a-w- C:\NIRCMD.exe 2010-08-11 11:00 . 2000-08-31 12:00 98816 ----a-w- C:\sed.exe 2010-08-11 11:00 . 2000-08-31 12:00 80412 ----a-w- C:\grep.exe 2010-08-11 11:00 . 2000-08-31 12:00 68096 ----a-w- C:\zip.exe 2010-08-11 11:00 . 2000-08-31 12:00 212480 ----a-w- C:\SWXCACLS.exe 2010-08-11 11:00 . 2000-08-31 12:00 161792 ----a-w- C:\SWREG.exe 2010-08-11 11:00 . 2000-08-31 12:00 136704 ----a-w- C:\SWSC.exe 2010-08-11 10:58 . 2010-08-11 10:58 -------- d-----w- C:\ERDNT 2010-08-11 10:58 . 2010-08-11 11:01 -------- d-----w- c:\documents and settings\slogic 2010-08-09 05:03 . 2010-08-09 05:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2010-08-09 05:03 . 2010-08-09 05:04 -------- d-----w- c:\documents and settings\midavenport\Local Settings\Application Data\Temp 2010-08-09 05:02 . 2010-08-09 05:07 -------- d-----w- c:\documents and settings\midavenport\Local Settings\Application Data\Google 2010-08-09 05:02 . 2010-08-09 05:06 -------- d-----w- c:\program files\Google 2010-08-04 06:06 . 2010-08-04 06:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-08-04 03:29 . 2010-08-04 03:30 -------- d-----w- c:\program files\Common Files\Adobe 2010-08-04 03:28 . 2010-08-04 03:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2010-07-31 23:48 . 2010-07-31 23:48 -------- d-----w- c:\program files\Microsoft Silverlight 2010-07-31 08:17 . 2010-07-31 08:17 -------- d-----w- c:\documents and settings\midavenport\Local Settings\Application Data\king.com 2010-07-31 08:16 . 2010-07-31 08:16 32608 ----a-w- c:\windows\king-uninstall.exe 2010-07-29 03:11 . 2010-07-29 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure 2010-07-27 22:44 . 2010-07-27 22:44 -------- d-----w- c:\program files\Common Files\Java 2010-07-27 22:44 . 2010-07-27 22:44 503808 ----a-w- c:\documents and settings\midavenport\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3cc10f39-n\msvcp71.dll 2010-07-27 22:44 . 2010-07-27 22:44 499712 ----a-w- c:\documents and settings\midavenport\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3cc10f39-n\jmc.dll 2010-07-27 22:44 . 2010-07-27 22:44 348160 ----a-w- c:\documents and settings\midavenport\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3cc10f39-n\msvcr71.dll 2010-07-27 22:44 . 2010-07-27 22:44 61440 ----a-w- c:\documents and settings\midavenport\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-36bd9a1e-n\decora-sse.dll 2010-07-27 22:44 . 2010-07-27 22:44 12800 ----a-w- c:\documents and settings\midavenport\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-36bd9a1e-n\decora-d3d.dll 2010-07-27 22:43 . 2010-07-17 09:00 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-27 22:40 . 2010-07-27 22:40 0 ----a-w- c:\windows\nsreg.dat 2010-07-27 22:40 . 2010-07-27 22:40 -------- d-----w- c:\documents and settings\midavenport\Local Settings\Application Data\Mozilla 2010-07-23 14:23 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-23 14:23 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-20 05:01 . 2010-07-20 05:01 -------- d-----w- c:\windows\system32\wbem\Repository 2010-07-19 23:46 . 2010-07-20 05:00 -------- d-----w- c:\program files\Windows Defender 2010-07-19 20:16 . 2010-07-19 20:16 -------- d-----w- c:\program files\IObit 2010-07-19 18:35 . 2010-07-19 18:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-07-19 15:15 . 2010-07-19 15:15 -------- d-----w- c:\documents and settings\midavenport\Application Data\Malwarebytes 2010-07-19 15:14 . 2010-07-19 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-07-19 15:14 . 2010-07-23 14:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-18 18:07 . 2010-07-20 05:00 -------- d-----w- c:\program files\Windows Live Safety Center 2010-07-17 19:08 . 2010-07-20 05:00 -------- d-----w- c:\program files\Garmin 2010-07-17 17:08 . 2010-07-17 17:08 -------- d-----w- c:\documents and settings\NetworkService\PrivacIE 2010-07-17 01:22 . 2010-08-11 10:43 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-07-17 01:19 . 2010-07-17 01:19 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-11 10:58 . 2010-01-10 14:45 -------- d-----w- c:\program files\Motorola Media Link 2010-08-11 10:30 . 2009-11-17 13:41 -------- d-----w- c:\program files\DesktopAuthority 2010-08-04 21:52 . 2009-11-17 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-08-04 06:19 . 2010-08-05 06:51 171002 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat 2010-08-04 03:28 . 2009-11-17 20:57 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-08-04 03:27 . 2009-11-17 20:56 77184 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe 2010-07-27 22:43 . 2009-11-17 20:19 -------- d-----w- c:\program files\Java 2010-07-20 05:00 . 2010-01-10 15:13 -------- d-----w- c:\program files\RealVNC 2010-07-20 04:42 . 2010-07-17 17:01 112 ----a-w- c:\documents and settings\All Users\Application Data\7KTMa26.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784] "DA Remote Management GUI"="c:\program files\DesktopAuthority\rmgui.exe" [2008-05-26 489392] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] c:\documents and settings\midavenport\Start Menu\Programs\Startup\ PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2010-1-14 411088] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceStartMenuLogOff"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\DAinit.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WebClient"=2 (0x2) "MotoConnect Service"=2 (0x2) "mnmsrvc"=3 (0x3) "idsvc"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\SonicWALL\\SonicWALL Global VPN Client\\SWGVpnClient.exe"= "c:\\Program Files\\Motorola Media Link\\MML.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4032:UDP"= 4032:UDP:Windows Media Format SDK (IEXPLORE.EXE) "4033:UDP"= 4033:UDP:Windows Media Format SDK (IEXPLORE.EXE) "4052:UDP"= 4052:UDP:Windows Media Format SDK (IEXPLORE.EXE) "4053:UDP"= 4053:UDP:Windows Media Format SDK (IEXPLORE.EXE) "4055:UDP"= 4055:UDP:Windows Media Format SDK (IEXPLORE.EXE) "4054:UDP"= 4054:UDP:Windows Media Format SDK (IEXPLORE.EXE) "4058:UDP"= 4058:UDP:Windows Media Format SDK (IEXPLORE.EXE) "4059:UDP"= 4059:UDP:Windows Media Format SDK (IEXPLORE.EXE) "4064:UDP"= 4064:UDP:Windows Media Format SDK (IEXPLORE.EXE) "4065:UDP"= 4065:UDP:Windows Media Format SDK (IEXPLORE.EXE) "4067:UDP"= 4067:UDP:Windows Media Format SDK (IEXPLORE.EXE) "4066:UDP"= 4066:UDP:Windows Media Format SDK (IEXPLORE.EXE) "4070:UDP"= 4070:UDP:Windows Media Format SDK (IEXPLORE.EXE) "4071:UDP"= 4071:UDP:Windows Media Format SDK (IEXPLORE.EXE) "4073:UDP"= 4073:UDP:Windows Media Format SDK (IEXPLORE.EXE) "4072:UDP"= 4072:UDP:Windows Media Format SDK (IEXPLORE.EXE) "4115:UDP"= 4115:UDP:Windows Media Format SDK (IEXPLORE.EXE) "4114:UDP"= 4114:UDP:Windows Media Format SDK (IEXPLORE.EXE) R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [11/17/2009 3:57 PM 95104] R2 DAInfo;DA Remote Management Kernel Information Provider;c:\program files\DesktopAuthority\DAInfo.sys [11/17/2009 9:41 AM 12080] R2 DAMaint;DA Remote Management Maintenance Service;c:\program files\DesktopAuthority\DaMaint.exe [11/17/2009 9:41 AM 63408] R2 DAtf;DA Remote Management Token Factory;c:\program files\DesktopAuthority\DAtf.sys [11/17/2009 9:41 AM 11184] R2 DesktopAuthority;DA Remote Management Service;c:\program files\DesktopAuthority\DesktopAuthority.exe [11/17/2009 9:41 AM 1324976] R2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\NServiceEntry.exe [10/19/2009 4:48 PM 87336] R2 SLClient;ScriptLogic Service;c:\windows\system32\slclient.exe [9/26/2008 9:35 AM 558496] R3 DAmirr;DAmirr;c:\windows\system32\drivers\DAmirr.sys [11/17/2009 9:41 AM 9264] R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [1/14/2010 7:20 PM 9472] R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [11/17/2009 3:56 PM 24876] S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/9/2010 1:02 AM 136176] S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [1/10/2010 10:44 AM 25856] S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 8:03 PM 32408] S4 HttpRouter;RM HTTP router;c:\program files\DesktopAuthority\gateway_svc.exe [11/17/2009 9:41 AM 28080] S4 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [1/10/2010 11:05 AM 91392] . Contents of the 'Scheduled Tasks' folder 2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-09 05:02] 2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-09 05:02] . . ------- Supplementary Scan ------- . FF - ProfilePath - c:\documents and settings\midavenport\Application Data\Mozilla\Firefox\Profiles\d95buiav.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmidas.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-11 07:08 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\ . Completion time: 2010-08-11 07:09:32 ComboFix-quarantined-files.txt 2010-08-11 11:09 Pre-Run: 147,354,591,232 bytes free Post-Run: 148,288,696,320 bytes free - - End Of File - - 3AE99AAC35B4A84459DF28484131D147

Thanks for helping me! My issue is the browser is redirected with no imput from me. Sometimes it just happens but most of the time it is when I click a link from Google. MB and Viper come up clean. Attached logs as error said post was to long. Attach_08_08_2010.zip

My issue is random websites loading when clicking a link from Google. Sometimes they will just show up but most of the time it is when I try to open a page from a search engine. I have run MB and Viper and come up clean. Thanks in advance for the help! Attach.zip