i'm on the internet checking email of just looking things up and i get redircted to the google can't find webpage. The page provides with a url i did not type. this occures frequently and at random with some pages but always with yahoo maps and hotmail. please help thank you

can you try this guide

http://www.geekstogo.com/forum/How-to-remo...40#entry1567240

i have tried the guided and it was working for a few minutes but it still does the same thing especillay on my email.

can you run combofix again and post the log

here is the Combo-fix log
ComboFix 09-07-06.A0 - Owner 07/07/2009 12:55.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1406.879 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\1324b.msi

.
((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 )))))))))))))))))))))))))))))))
.

2009-07-07 13:06 . 2009-07-07 13:06 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Search
2009-07-07 13:06 . 2009-07-07 13:06 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Windows Search
2009-07-07 13:06 . 2009-07-07 13:06 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-07 12:43 . 2009-07-07 12:43 -------- d-----w- c:\program files\Microsoft
2009-07-07 12:42 . 2008-07-08 12:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2009-07-07 12:39 . 2009-07-07 12:39 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-07 12:38 . 2009-07-07 12:38 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-07 12:38 . 2009-07-07 12:38 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-07 12:37 . 2009-07-07 12:37 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Desktop Search
2009-07-07 12:37 . 2009-07-07 12:37 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Windows Desktop Search
2009-07-07 12:36 . 2009-07-07 12:36 -------- d-----w- c:\program files\Windows Desktop Search
2009-07-07 12:36 . 2009-07-07 12:36 -------- d-----w- c:\windows\system32\GroupPolicy
2009-07-07 12:35 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-07-07 12:35 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-07-07 12:35 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-07-07 12:32 . 2009-07-07 12:32 -------- d-----w- c:\windows\system32\URTTEMP
2009-07-03 15:50 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 15:50 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 13:32 . 2009-07-03 13:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-07-03 13:32 . 2009-07-03 13:32 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Malwarebytes
2009-07-03 13:32 . 2009-07-03 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-23 20:04 . 2009-06-23 20:04 -------- d-----w- c:\program files\Roll 'm Up
2009-06-23 19:53 . 2009-06-23 19:53 83280 ----a-w- c:\windows\system\knps.dll
2009-06-23 19:53 . 2009-06-23 19:53 54976 ----a-w- c:\windows\system\knpg.dll
2009-06-23 19:53 . 2009-06-23 19:53 30544 ----a-w- c:\windows\system\dib.drv
2009-06-23 19:53 . 2009-06-23 19:53 -------- d-----w- c:\windows\GAMES
2009-06-23 18:57 . 2009-06-23 18:57 -------- d-----w- c:\program files\Marble Crazy
2009-06-23 14:45 . 2009-06-23 18:45 122 ----a-w- c:\windows\VBPong.dat
2009-06-23 14:41 . 1996-12-05 04:00 77824 ----a-w- c:\windows\system32\ODBCTL32.dll
2009-06-23 14:41 . 1996-12-05 04:00 403216 ----a-w- c:\windows\system32\MsRepl35.dll
2009-06-23 14:41 . 1996-12-05 04:00 251664 ----a-w- c:\windows\system32\MSRD2x35.dll
2009-06-23 14:41 . 1996-12-21 04:00 1039360 ----a-w- c:\windows\system32\MSJet35.dll
2009-06-23 14:41 . 1997-01-13 04:00 37136 ----a-w- c:\windows\system32\MSJInt35.dll
2009-06-23 14:41 . 1996-12-05 04:00 24336 ----a-w- c:\windows\system32\MSJtEr35.dll
2009-06-23 14:41 . 1997-01-16 04:00 71680 ----a-w- c:\windows\ST5UNST.EXE
2009-06-23 14:23 . 1996-11-08 04:17 721168 ----a-w- c:\windows\system32\VB40032.DLL
2009-06-23 14:23 . 2009-07-07 12:52 -------- d-----w- c:\program files\Cosmi
2009-06-23 14:23 . 2009-06-23 14:41 -------- d-----w- C:\1kbestgames
2009-06-23 14:23 . 2009-06-23 14:23 -------- d-----w- c:\program files\Common Files\Cosmi
2009-06-23 14:03 . 2009-06-23 14:03 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Help
2009-06-23 13:45 . 1996-01-01 06:01 398416 ----a-w- c:\windows\system32\VBRUN300.DLL
2009-06-23 13:45 . 1994-01-16 05:00 4608 ----a-w- c:\windows\MTNEWS.DLL
2009-06-23 13:45 . 1980-01-01 04:00 356992 ----a-w- c:\windows\system32\VBRUN200.DLL
2009-06-23 13:45 . 1980-01-01 04:00 271264 ----a-w- c:\windows\system32\VBRUN100.DLL
2009-06-23 13:45 . 2009-06-23 20:18 -------- d-----w- C:\300_Arcade
2009-06-23 13:45 . 2009-06-23 13:45 -------- d-----w- c:\program files\Common Files\Borland Shared
2009-06-12 14:38 . 2009-06-12 14:38 -------- d-----w- c:\program files\Common Files\Intuit
2009-06-12 14:38 . 2009-06-23 13:53 -------- d-----w- c:\windows\Downloaded Installations
2009-06-12 14:38 . 2009-06-12 14:38 -------- d-----w- c:\program files\Royal
2009-06-12 11:47 . 2009-06-12 11:47 -------- d-----w- c:\documents and settings\Owner\Tracing
2009-06-11 23:09 . 2009-06-11 23:09 1915520 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-06-11 22:11 . 2009-06-11 22:11 -------- d-sha-w- c:\windows\Repair
2009-06-11 22:01 . 2009-06-11 22:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Microsoft Help
2009-06-11 22:01 . 2009-06-11 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-11 21:53 . 2009-06-11 21:53 -------- d-----w- c:\program files\Microsoft Office Communicator
2009-06-10 20:10 . 2009-06-11 22:24 -------- d-----w- c:\windows\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-07 16:36 . 2009-02-04 19:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-07 12:03 . 2009-02-05 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-06 16:19 . 2009-04-10 22:00 -------- d-----w- c:\documents and settings\Owner\Application Data\gtk-2.0
2009-07-06 16:19 . 2009-04-10 22:00 -------- d-----w- c:\docume~1\Owner\APPLIC~1\gtk-2.0
2009-07-03 22:00 . 2009-02-04 20:12 -------- d-----w- c:\program files\Norton Security Scan
2009-07-03 16:05 . 2009-02-03 23:25 -------- d-----w- c:\program files\Microsoft Works
2009-06-27 11:05 . 2009-05-30 19:49 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2009-06-27 11:05 . 2009-05-30 19:49 -------- d-----w- c:\docume~1\Owner\APPLIC~1\uTorrent
2009-06-22 19:51 . 2009-02-03 23:15 -------- d-----w- c:\program files\CyberLink
2009-06-22 19:51 . 2009-02-03 23:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-22 19:48 . 2009-03-25 21:17 -------- d-----w- c:\program files\Coupons
2009-06-12 11:40 . 2009-02-04 14:37 38176 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-10 20:02 . 2009-02-03 23:27 -------- d-----w- c:\program files\Common Files\Real
2009-06-06 15:40 . 2009-06-06 15:40 -------- d-----w- c:\program files\iTunes
2009-06-06 15:40 . 2009-06-06 15:40 -------- d-----w- c:\program files\iPod
2009-06-06 15:40 . 2009-05-10 23:03 -------- d-----w- c:\program files\Common Files\Apple
2009-06-06 15:38 . 2009-06-06 15:38 -------- d-----w- c:\program files\QuickTime
2009-06-06 15:32 . 2009-06-06 15:32 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-04 21:53 . 2009-06-04 21:53 -------- d-----w- c:\documents and settings\Owner\Application Data\CyberLink
2009-06-04 21:53 . 2009-06-04 21:53 -------- d-----w- c:\docume~1\Owner\APPLIC~1\CyberLink
2009-06-04 21:52 . 2009-06-04 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-05-31 19:57 . 2009-05-31 19:57 -------- d-----w- c:\program files\KingsIsle Entertainment
2009-05-31 18:36 . 2003-08-13 01:17 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-30 19:49 . 2009-05-30 19:49 -------- d-----w- c:\program files\uTorrent
2009-05-30 17:07 . 2009-02-03 23:15 -------- d-----w- c:\program files\Google
2009-05-30 17:06 . 2009-02-03 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-05-29 20:54 . 2009-05-10 23:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-05-29 20:54 . 2009-05-10 23:10 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Apple Computer
2009-05-29 20:33 . 2009-05-29 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Musicnotes
2009-05-29 20:32 . 2009-05-29 20:32 -------- d-----w- c:\program files\Musicnotes
2009-05-29 19:26 . 2009-03-16 21:15 164 ----a-w- c:\windows\install.dat
2009-05-24 20:48 . 2009-05-24 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-05-23 20:37 . 2009-05-10 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-17 20:27 . 2009-05-17 20:24 -------- d-----w- c:\documents and settings\Owner\Application Data\U3
2009-05-17 20:27 . 2009-05-17 20:24 -------- d-----w- c:\docume~1\Owner\APPLIC~1\U3
2009-05-13 19:39 . 2009-02-04 20:51 1563008 ----a-w- c:\windows\WRSetup.dll
2009-05-13 05:15 . 2006-10-03 00:46 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 21:55 . 2009-05-12 21:55 -------- d-----w- c:\program files\Safari
2009-05-12 21:46 . 2009-02-04 14:34 -------- d-----w- c:\program files\Ares
2009-05-10 23:09 . 2009-05-10 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-10 23:07 . 2009-05-10 23:07 -------- d-----w- c:\program files\Bonjour
2009-05-10 23:04 . 2009-05-10 23:04 -------- d-----w- c:\program files\Apple Software Update
2009-05-10 23:03 . 2009-05-10 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-05-07 15:32 . 2006-10-03 00:44 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 22:27 . 2008-12-08 05:26 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-04-21 22:27 . 2008-12-08 05:26 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-04-21 22:27 . 2008-12-08 05:26 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-04-17 12:26 . 2006-10-03 00:46 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2006-10-03 00:45 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-05 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="c:\windows\SOUNDMAN.EXE" [2005-09-26 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"nwiz"="c:\windows\system32\nwiz.exe" [2008-09-18 1657376]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-05-13 6345840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [12/8/2008 1:26 AM 29808]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 3:37 PM 149352]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [3/30/2009 4:28 PM 1533808]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2/4/2009 4:51 PM 1205760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/26/2009 12:26 PM 101936]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-07-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-05 20:17]

2009-07-03 c:\windows\Tasks\Norton Security Scan for Owner.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 12:18]

2009-07-07 c:\windows\Tasks\User_Feed_Synchronization-{7BA1DF02-6D7D-467F-998A-2C87232C75EB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 13:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-07 13:01
ComboFix-quarantined-files.txt 2009-07-07 17:01

Pre-Run: 69,055,213,568 bytes free
Post-Run: 69,051,379,712 bytes free

212 --- E O F --- 2009-07-03 16:09

post the log normally

sorry

ComboFix 09-07-06.A0 - Owner 07/07/2009 12:55.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1406.879 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\1324b.msi

.
((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 )))))))))))))))))))))))))))))))
.

2009-07-07 13:06 . 2009-07-07 13:06 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Search
2009-07-07 13:06 . 2009-07-07 13:06 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Windows Search
2009-07-07 13:06 . 2009-07-07 13:06 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-07 12:43 . 2009-07-07 12:43 -------- d-----w- c:\program files\Microsoft
2009-07-07 12:42 . 2008-07-08 12:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2009-07-07 12:39 . 2009-07-07 12:39 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-07 12:38 . 2009-07-07 12:38 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-07 12:38 . 2009-07-07 12:38 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-07 12:37 . 2009-07-07 12:37 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Desktop Search
2009-07-07 12:37 . 2009-07-07 12:37 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Windows Desktop Search
2009-07-07 12:36 . 2009-07-07 12:36 -------- d-----w- c:\program files\Windows Desktop Search
2009-07-07 12:36 . 2009-07-07 12:36 -------- d-----w- c:\windows\system32\GroupPolicy
2009-07-07 12:35 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-07-07 12:35 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-07-07 12:35 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-07-07 12:32 . 2009-07-07 12:32 -------- d-----w- c:\windows\system32\URTTEMP
2009-07-03 15:50 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 15:50 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 13:32 . 2009-07-03 13:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-07-03 13:32 . 2009-07-03 13:32 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Malwarebytes
2009-07-03 13:32 . 2009-07-03 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-23 20:04 . 2009-06-23 20:04 -------- d-----w- c:\program files\Roll 'm Up
2009-06-23 19:53 . 2009-06-23 19:53 83280 ----a-w- c:\windows\system\knps.dll
2009-06-23 19:53 . 2009-06-23 19:53 54976 ----a-w- c:\windows\system\knpg.dll
2009-06-23 19:53 . 2009-06-23 19:53 30544 ----a-w- c:\windows\system\dib.drv
2009-06-23 19:53 . 2009-06-23 19:53 -------- d-----w- c:\windows\GAMES
2009-06-23 18:57 . 2009-06-23 18:57 -------- d-----w- c:\program files\Marble Crazy
2009-06-23 14:45 . 2009-06-23 18:45 122 ----a-w- c:\windows\VBPong.dat
2009-06-23 14:41 . 1996-12-05 04:00 77824 ----a-w- c:\windows\system32\ODBCTL32.dll
2009-06-23 14:41 . 1996-12-05 04:00 403216 ----a-w- c:\windows\system32\MsRepl35.dll
2009-06-23 14:41 . 1996-12-05 04:00 251664 ----a-w- c:\windows\system32\MSRD2x35.dll
2009-06-23 14:41 . 1996-12-21 04:00 1039360 ----a-w- c:\windows\system32\MSJet35.dll
2009-06-23 14:41 . 1997-01-13 04:00 37136 ----a-w- c:\windows\system32\MSJInt35.dll
2009-06-23 14:41 . 1996-12-05 04:00 24336 ----a-w- c:\windows\system32\MSJtEr35.dll
2009-06-23 14:41 . 1997-01-16 04:00 71680 ----a-w- c:\windows\ST5UNST.EXE
2009-06-23 14:23 . 1996-11-08 04:17 721168 ----a-w- c:\windows\system32\VB40032.DLL
2009-06-23 14:23 . 2009-07-07 12:52 -------- d-----w- c:\program files\Cosmi
2009-06-23 14:23 . 2009-06-23 14:41 -------- d-----w- C:\1kbestgames
2009-06-23 14:23 . 2009-06-23 14:23 -------- d-----w- c:\program files\Common Files\Cosmi
2009-06-23 14:03 . 2009-06-23 14:03 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Help
2009-06-23 13:45 . 1996-01-01 06:01 398416 ----a-w- c:\windows\system32\VBRUN300.DLL
2009-06-23 13:45 . 1994-01-16 05:00 4608 ----a-w- c:\windows\MTNEWS.DLL
2009-06-23 13:45 . 1980-01-01 04:00 356992 ----a-w- c:\windows\system32\VBRUN200.DLL
2009-06-23 13:45 . 1980-01-01 04:00 271264 ----a-w- c:\windows\system32\VBRUN100.DLL
2009-06-23 13:45 . 2009-06-23 20:18 -------- d-----w- C:\300_Arcade
2009-06-23 13:45 . 2009-06-23 13:45 -------- d-----w- c:\program files\Common Files\Borland Shared
2009-06-12 14:38 . 2009-06-12 14:38 -------- d-----w- c:\program files\Common Files\Intuit
2009-06-12 14:38 . 2009-06-23 13:53 -------- d-----w- c:\windows\Downloaded Installations
2009-06-12 14:38 . 2009-06-12 14:38 -------- d-----w- c:\program files\Royal
2009-06-12 11:47 . 2009-06-12 11:47 -------- d-----w- c:\documents and settings\Owner\Tracing
2009-06-11 23:09 . 2009-06-11 23:09 1915520 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-06-11 22:11 . 2009-06-11 22:11 -------- d-sha-w- c:\windows\Repair
2009-06-11 22:01 . 2009-06-11 22:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Microsoft Help
2009-06-11 22:01 . 2009-06-11 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-11 21:53 . 2009-06-11 21:53 -------- d-----w- c:\program files\Microsoft Office Communicator
2009-06-10 20:10 . 2009-06-11 22:24 -------- d-----w- c:\windows\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-07 16:36 . 2009-02-04 19:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-07 12:03 . 2009-02-05 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-06 16:19 . 2009-04-10 22:00 -------- d-----w- c:\documents and settings\Owner\Application Data\gtk-2.0
2009-07-06 16:19 . 2009-04-10 22:00 -------- d-----w- c:\docume~1\Owner\APPLIC~1\gtk-2.0
2009-07-03 22:00 . 2009-02-04 20:12 -------- d-----w- c:\program files\Norton Security Scan
2009-07-03 16:05 . 2009-02-03 23:25 -------- d-----w- c:\program files\Microsoft Works
2009-06-27 11:05 . 2009-05-30 19:49 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2009-06-27 11:05 . 2009-05-30 19:49 -------- d-----w- c:\docume~1\Owner\APPLIC~1\uTorrent
2009-06-22 19:51 . 2009-02-03 23:15 -------- d-----w- c:\program files\CyberLink
2009-06-22 19:51 . 2009-02-03 23:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-22 19:48 . 2009-03-25 21:17 -------- d-----w- c:\program files\Coupons
2009-06-12 11:40 . 2009-02-04 14:37 38176 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-10 20:02 . 2009-02-03 23:27 -------- d-----w- c:\program files\Common Files\Real
2009-06-06 15:40 . 2009-06-06 15:40 -------- d-----w- c:\program files\iTunes
2009-06-06 15:40 . 2009-06-06 15:40 -------- d-----w- c:\program files\iPod
2009-06-06 15:40 . 2009-05-10 23:03 -------- d-----w- c:\program files\Common Files\Apple
2009-06-06 15:38 . 2009-06-06 15:38 -------- d-----w- c:\program files\QuickTime
2009-06-06 15:32 . 2009-06-06 15:32 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-04 21:53 . 2009-06-04 21:53 -------- d-----w- c:\documents and settings\Owner\Application Data\CyberLink
2009-06-04 21:53 . 2009-06-04 21:53 -------- d-----w- c:\docume~1\Owner\APPLIC~1\CyberLink
2009-06-04 21:52 . 2009-06-04 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-05-31 19:57 . 2009-05-31 19:57 -------- d-----w- c:\program files\KingsIsle Entertainment
2009-05-31 18:36 . 2003-08-13 01:17 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-30 19:49 . 2009-05-30 19:49 -------- d-----w- c:\program files\uTorrent
2009-05-30 17:07 . 2009-02-03 23:15 -------- d-----w- c:\program files\Google
2009-05-30 17:06 . 2009-02-03 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-05-29 20:54 . 2009-05-10 23:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-05-29 20:54 . 2009-05-10 23:10 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Apple Computer
2009-05-29 20:33 . 2009-05-29 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Musicnotes
2009-05-29 20:32 . 2009-05-29 20:32 -------- d-----w- c:\program files\Musicnotes
2009-05-29 19:26 . 2009-03-16 21:15 164 ----a-w- c:\windows\install.dat
2009-05-24 20:48 . 2009-05-24 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-05-23 20:37 . 2009-05-10 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-17 20:27 . 2009-05-17 20:24 -------- d-----w- c:\documents and settings\Owner\Application Data\U3
2009-05-17 20:27 . 2009-05-17 20:24 -------- d-----w- c:\docume~1\Owner\APPLIC~1\U3
2009-05-13 19:39 . 2009-02-04 20:51 1563008 ----a-w- c:\windows\WRSetup.dll
2009-05-13 05:15 . 2006-10-03 00:46 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 21:55 . 2009-05-12 21:55 -------- d-----w- c:\program files\Safari
2009-05-12 21:46 . 2009-02-04 14:34 -------- d-----w- c:\program files\Ares
2009-05-10 23:09 . 2009-05-10 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-10 23:07 . 2009-05-10 23:07 -------- d-----w- c:\program files\Bonjour
2009-05-10 23:04 . 2009-05-10 23:04 -------- d-----w- c:\program files\Apple Software Update
2009-05-10 23:03 . 2009-05-10 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-05-07 15:32 . 2006-10-03 00:44 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 22:27 . 2008-12-08 05:26 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-04-21 22:27 . 2008-12-08 05:26 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-04-21 22:27 . 2008-12-08 05:26 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-04-17 12:26 . 2006-10-03 00:46 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2006-10-03 00:45 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-05 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="c:\windows\SOUNDMAN.EXE" [2005-09-26 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"nwiz"="c:\windows\system32\nwiz.exe" [2008-09-18 1657376]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-05-13 6345840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [12/8/2008 1:26 AM 29808]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 3:37 PM 149352]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [3/30/2009 4:28 PM 1533808]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2/4/2009 4:51 PM 1205760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/26/2009 12:26 PM 101936]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-07-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-05 20:17]

2009-07-03 c:\windows\Tasks\Norton Security Scan for Owner.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 12:18]

2009-07-07 c:\windows\Tasks\User_Feed_Synchronization-{7BA1DF02-6D7D-467F-998A-2C87232C75EB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 13:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-07 13:01
ComboFix-quarantined-files.txt 2009-07-07 17:01

Pre-Run: 69,055,213,568 bytes free
Post-Run: 69,051,379,712 bytes free

212 --- E O F --- 2009-07-03 16:09

hi

Please download OTM

• Save it to your desktop.
• Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  CODE
  :Processes
  
  :Services
  
  :Reg
  
  :Files
  c:\windows\system32\drivers\nvphy.bin
  c:\program files\Coupons
  :Commands
  [purity]
  [emptytemp]
  [Reboot]
  
  
• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.