[FrustratedInFargo]

Sister-In-Laws PC. Running XP, SP3. I think it's a DELL. I am doing this through a LogMeIn Free account to her pc in MD.
She originally asked for help when she kept getting Antivirus 2010 warnings. She was trying to watch tv shows on shady websites.

All searches on IE8, Safari, and later Chrome (I installed it in frustration) went to seemingly random sites. Opening a link from Favorites worked, but entering addresses in search bars or Start-Run always redirected. Any attempt to use existing McAfee hung the program and required Ctl+Alt+Del to regain control. I found and followed 3 of the 4 guides here: Malware Removal Guides/Removal Instructions for Antivirus Studio 2010, How to fix Google redirects, and Malware removal tools won't download or run. I used all of the tools in each of the tutorials, downloading them on my pc and transferring them to her pc via my live.com account. I could not get to any of the web pages listed in the tutorials as the browsers would not let me get to them. Once I could get MBAM to run, it found 28 virus', rootkits, blah blah blah. What a mess. After deleting those, I had to find a program on the McAfee website that forcefully deleted all McAfee programs from her pc, as I could not delete anything McAfee, nor would the program start.
I installed Microsoft Security Essentials. It found 4 viruses. I found one BHO and removed it. Found malicious toolbars and deleted. I used CCleaner and deleted all temp files and caches, all cookies, temporary internet files and histories, reset the HOSTS file, and rebooted at least a couple dozen times. I thought it was cleaned.

Where I am now is that I have tried every free antivirus program, Ad-Aware, Etc.. They all report NO virus found. I reset IE8. Downloaded all MS updates. However, I am still getting redirected when entering website addresses into the address bar, Start-Run, but with a twist. It only does it when I try to get to Antivirus/Anti Malware websites. Lavasoft. Malwarebytes. McAfee. Norton. Windows Security websites. It lets me do most websites fine, but seems to know when I am searching for ways to kill it.
Please help.
Thank you





OTL logfile created on: 11/5/2010 2:09:11 AM - Run 3
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\Nancy\My Documents\Remove
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 369.83 Gb Free Space | 79.41% Space Free | Partition Type: NTFS

Computer Name: CARTERNANCY | User Name: Nancy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/05 01:44:47 | 000,928,496 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/11/05 01:44:46 | 001,375,992 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/11/04 18:23:40 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nancy\My Documents\Remove\OTL.exe
PRC - [2010/09/27 14:49:10 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/09/27 14:47:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/05 01:58:16 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/07/24 19:46:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/07/24 19:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/14 15:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/04/15 05:18:38 | 000,053,248 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
PRC - [2004/04/15 04:32:22 | 000,270,336 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe


========== Modules (SafeList) ==========

MOD - [2010/11/04 18:23:40 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nancy\My Documents\Remove\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\TEMP\014374~1.EXE -- (0143741236769456mcinstcleanup) McAfee Application Installer Cleanup (0143741236769456)
SRV - [2010/11/05 01:44:46 | 001,375,992 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/09/27 14:49:10 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/09/27 14:47:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/09/03 11:51:46 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2008/07/24 19:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2006/01/05 01:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)


========== Driver Services (SafeList) ==========

DRV - [2010/11/05 01:44:59 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/11/05 01:44:56 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/09/27 14:50:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/09/23 03:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/07/24 19:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/24 19:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/05 02:00:26 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/11/04 19:25:08 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell AIO Printer A920] C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe (Dell Computer Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Elf%20Bowling%20-%20Hawaiian%20Vacation/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://software-dl.r...ip/RdxIE601.cab (RdxIE Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1230233976484 (WUWebControl Class)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook....ls/contactx.dll (ContactExtractor Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1230234337953 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Elf%20Bowling%20-%20Hawaiian%20Vacation/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.255.176.37 207.255.176.40
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\setcell: DllName - setcell.dll - C:\WINDOWS\System32\setcell.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Nancy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nancy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/25 14:10:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/04 21:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/11/04 20:19:45 | 000,027,944 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2010/11/04 20:19:32 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2010/11/04 20:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nancy\My Documents\Remove
[2010/11/04 19:24:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/04 18:48:54 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/11/04 18:45:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/04 18:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/04 08:40:40 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/11/04 08:31:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/11/04 08:31:04 | 006,238,016 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Nancy\My Documents\HitmanPro35.exe
[2010/11/02 23:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nancy\My Documents\My Received Files
[2010/11/02 22:38:17 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/11/02 22:38:13 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/11/02 22:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nancy\Local Settings\Application Data\Sunbelt Software
[2010/11/02 22:32:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/11/02 22:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/11/02 22:22:10 | 133,432,520 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Nancy\My Documents\Ad-AwareInstall.exe
[2010/11/02 21:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/11/02 21:09:01 | 003,137,976 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Nancy\My Documents\DMSetup.exe
[2010/11/02 20:58:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/02 20:36:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/11/02 18:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\WhatsRunning
[2010/11/01 21:41:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/01 21:41:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/01 21:02:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Nancy\Recent
[2010/11/01 20:57:22 | 002,810,112 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Nancy\My Documents\ccsetup300.exe
[2010/11/01 20:21:32 | 000,000,000 | ---D | C] -- C:\skins
[2010/11/01 20:21:32 | 000,000,000 | ---D | C] -- C:\Favorites
[2010/11/01 20:21:31 | 000,000,000 | ---D | C] -- C:\Temp
[2010/11/01 20:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/11/01 19:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nancy\Application Data\Malwarebytes
[2010/11/01 19:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/01 19:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/01 19:44:59 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Nancy\My Documents\mbam-setup-1.46.exe
[2010/11/01 19:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nancy\Local Settings\Application Data\RcIncidents
[2010/11/01 18:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/11/01 09:40:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/11/01 01:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2010/11/01 00:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/11/01 00:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/10/31 11:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Identities
[2010/10/31 11:35:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nancy\Application Data\Registry Mechanic
[2010/10/31 11:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/10/31 11:31:56 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2010/10/31 10:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/10/31 10:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/10/31 09:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/31 09:37:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/10/31 09:26:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[2010/10/10 19:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

========== Files - Modified Within 30 Days ==========

[2010/11/05 02:07:59 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/05 02:04:48 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/05 02:03:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/11/05 02:02:59 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/05 02:02:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/05 01:49:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/05 01:44:59 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/11/04 21:46:31 | 000,439,004 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/04 21:46:31 | 000,076,118 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/04 19:25:08 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/11/04 19:00:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2010/11/04 08:32:48 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/11/04 08:31:38 | 006,238,016 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Nancy\My Documents\HitmanPro35.exe
[2010/11/03 19:05:49 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/03 02:10:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/02 22:32:47 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Nancy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/11/02 22:30:08 | 133,432,520 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Nancy\My Documents\Ad-AwareInstall.exe
[2010/11/02 21:49:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/02 21:25:51 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/11/02 21:09:07 | 003,137,976 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Nancy\My Documents\DMSetup.exe
[2010/11/02 20:27:06 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/11/02 20:24:43 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ibmgr.sys
[2010/11/02 19:49:19 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/02 18:52:50 | 000,003,542 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/11/01 20:57:37 | 002,810,112 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Nancy\My Documents\ccsetup300.exe
[2010/11/01 19:48:37 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Nancy\My Documents\rkill.exe
[2010/11/01 19:46:59 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Nancy\My Documents\mbam-setup-1.46.exe
[2010/11/01 19:17:29 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Nancy\My Documents\RAInvitation.msrcincident
[2010/11/01 09:00:30 | 000,010,756 | ---- | M] () -- C:\WINDOWS\System32\setcell.dll
[2010/10/31 16:52:40 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Nancy\Application Data\completescan
[2010/10/31 12:47:33 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Nancy\Application Data\start
[2010/10/31 12:34:06 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Nancy\Application Data\install
[2010/10/26 22:12:55 | 000,000,441 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2010/10/25 20:00:47 | 000,000,030 | ---- | M] () -- C:\Documents and Settings\Nancy\My Documents\www.wpd
[2010/10/25 19:56:40 | 000,008,573 | ---- | M] () -- C:\Documents and Settings\Nancy\My Documents\centers.wpd
[2010/10/25 12:00:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/18 06:15:32 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2010/10/16 08:30:16 | 000,014,641 | ---- | M] () -- C:\Documents and Settings\Nancy\My Documents\100 words.wpd
[2010/10/14 02:22:29 | 000,196,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/11 03:38:31 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job

========== Files Created - No Company Name ==========

[2010/11/04 08:32:48 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/11/03 17:44:47 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/11/02 22:39:27 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/02 22:32:47 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Nancy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/11/02 21:31:03 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/02 21:25:51 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/11/02 20:24:43 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ibmgr.sys
[2010/11/02 18:49:10 | 000,003,542 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/11/01 19:48:34 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\Nancy\My Documents\rkill.exe
[2010/11/01 19:26:35 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/01 19:17:29 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Nancy\My Documents\RAInvitation.msrcincident
[2010/11/01 09:00:30 | 000,010,756 | ---- | C] () -- C:\WINDOWS\System32\setcell.dll
[2010/10/31 12:47:33 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Nancy\Application Data\start
[2010/10/31 12:46:06 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Nancy\Application Data\completescan
[2010/10/31 12:34:06 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Nancy\Application Data\install
[2010/10/31 11:33:07 | 000,000,254 | ---- | C] () -- C:\WINDOWS\tasks\RMSchedule.job
[2010/10/15 20:16:35 | 000,014,641 | ---- | C] () -- C:\Documents and Settings\Nancy\My Documents\100 words.wpd
[2009/06/01 18:33:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/31 17:26:38 | 000,000,050 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2009/01/31 13:19:07 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/12/29 16:55:48 | 000,000,441 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/12/27 00:09:53 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Nancy\Application Data\PFP120JPR.{PB
[2008/12/27 00:09:53 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Nancy\Application Data\PFP120JCM.{PB
[2008/12/26 23:47:48 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Nancy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/25 18:21:44 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/12/25 09:00:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/11/21 17:47:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/21 17:44:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/08/06 13:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2003/01/07 17:15:26 | 000,000,255 | ---- | C] () -- C:\WINDOWS\System32\dlbkcoin.ini
[2002/11/13 15:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbkvs.dll
[1999/01/22 14:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008/12/29 16:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/11/04 08:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2008/12/25 23:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/02/01 11:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2008/12/29 12:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/10/31 11:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/19 22:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/07/12 15:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/27 02:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/11/02 22:32:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2009/04/28 06:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Crayon Physics Deluxe
[2009/04/19 09:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\GetRightToGo
[2008/12/27 03:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\MSNInstaller
[2010/10/31 11:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Registry Mechanic
[2009/07/10 01:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Smart Defender PRO
[2008/12/25 22:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Windows Search
[2010/11/01 06:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\WinPatrol
[2010/11/05 02:04:48 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/10/18 06:15:32 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job
[2010/10/11 03:38:31 | 000,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/10/04 03:00:02 | 000,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/11/05 02:07:59 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/11/04 19:00:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:36E6A05E
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95DE6783
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

[Advertisements]

IE was pretty much unusable. Couldn't wait any longer. I saw many references to combo fix, and the associated warnings to avoid using it without express directions. Ran it anyway. Seems to be ok now. Haven't had a redirect yet. I'll post the log.
I have bolded that which I believe was the issue and what combofix appears to have addressed. If anyone sees anything else I should do, let me know please.

ComboFix 10-11-05.05 - Nancy 11/05/2010 21:31:17.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1319 [GMT -4:00]
Running from: c:\documents and settings\Nancy\My Documents\Remove\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Nancy\Application Data\completescan
c:\documents and settings\Nancy\Application Data\install
c:\windows\assembly\GAC\__AssemblyInfo__.ini
c:\windows\Downloaded Program Files\RdxIE.dll
c:\windows\system32\config\stmodqqj
c:\windows\system32\Drivers\ibmgr.sys
c:\windows\system32\setcell.dll
c:\windows\system32\tmp.reg

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_SSHNAS


((((((((((((((((((((((((( Files Created from 2010-10-06 to 2010-11-06 )))))))))))))))))))))))))))))))
.

2010-11-05 06:13 . 2010-10-07 20:21 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72A7A5CD-C876-4EC9-9406-E4AE00102927}\mpengine.dll
2010-11-05 01:58 . 2010-11-05 02:00 -------- d-----w- c:\program files\Windows Live Safety Center
2010-11-05 00:19 . 2009-09-07 18:02 27944 ----a-w- c:\windows\system32\sbbd.exe
2010-11-05 00:19 . 2010-11-05 01:17 -------- d-----w- C:\VIPRERESCUE
2010-11-04 23:24 . 2010-11-04 23:24 -------- d-----w- C:\_OTL
2010-11-04 22:48 . 2010-11-04 22:48 -------- d-----w- C:\_OTM
2010-11-04 22:44 . 2010-11-04 22:44 -------- d-----w- c:\program files\ERUNT
2010-11-04 12:40 . 2010-11-05 05:30 -------- d-----w- c:\program files\Panda Security
2010-11-04 12:32 . 2010-11-04 12:32 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-04 12:31 . 2010-11-04 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-11-04 03:04 . 2010-10-07 20:21 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-11-03 21:44 . 2010-09-23 07:46 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-11-03 02:38 . 2010-09-23 07:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-11-03 02:38 . 2010-11-05 05:44 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-03 02:34 . 2010-11-03 02:34 -------- d-----w- c:\documents and settings\Nancy\Local Settings\Application Data\Sunbelt Software
2010-11-03 02:32 . 2010-11-03 02:32 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-11-03 02:32 . 2010-11-03 02:32 -------- d-----w- c:\program files\Lavasoft
2010-11-03 01:25 . 2010-11-03 01:26 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-11-03 00:58 . 2010-11-03 00:58 -------- d-----w- c:\program files\CCleaner
2010-11-03 00:36 . 2010-11-03 00:36 -------- d--h--w- c:\windows\PIF
2010-11-02 22:05 . 2010-11-03 00:52 -------- d-----w- c:\program files\WhatsRunning
2010-11-02 01:41 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-02 01:41 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-02 00:21 . 2010-11-02 00:21 -------- d-----w- C:\skins
2010-11-02 00:21 . 2010-11-02 00:21 -------- d-----w- C:\Favorites
2010-11-02 00:21 . 2010-11-02 00:21 -------- d-----w- C:\Temp
2010-11-01 23:57 . 2010-11-01 23:57 -------- d-----w- c:\documents and settings\Nancy\Application Data\Malwarebytes
2010-11-01 23:57 . 2010-11-03 00:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-01 23:57 . 2010-11-01 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-01 23:22 . 2010-11-02 23:25 -------- d-----w- c:\documents and settings\HelpAssistant
2010-11-01 23:16 . 2010-11-02 22:57 -------- d-----w- c:\documents and settings\Nancy\Local Settings\Application Data\RcIncidents
2010-11-01 22:50 . 2010-11-01 22:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-11-01 05:39 . 2010-11-01 05:39 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2010-11-01 04:00 . 2010-11-02 10:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-10-31 15:35 . 2010-10-31 15:35 -------- d-----w- c:\documents and settings\Nancy\Application Data\Registry Mechanic
2010-10-31 15:31 . 2010-10-31 16:35 -------- d-----w- c:\program files\Common Files\PC Tools
2010-10-13 22:29 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 22:29 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 22:29 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-10 23:56 . 2010-10-10 23:56 -------- d-----w- c:\program files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2009-10-02 17:13 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-27 18:50 . 2009-02-01 15:22 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-09-27 18:49 . 2009-02-01 15:22 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-09-27 18:49 . 2009-02-01 15:22 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-09-27 18:49 . 2009-02-01 15:22 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-09-18 16:23 . 2004-08-12 13:59 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-12 13:59 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-12 13:59 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-12 13:59 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-12 14:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-12 13:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-12 13:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2004-08-12 13:55 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-12 14:09 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-12 14:07 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-12 14:06 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-12 14:06 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-15 04:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-12 13:56 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-12 14:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-12 14:04 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Delay Skype Start"="c:\program files\Skype\Phone\Skype.exe" [2009-05-26 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"DVDLauncher"="c:\program files\CYBERLINK\PowerDVD\DVDLAUNCHER.EXE" [2004-08-23 57344]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2004-04-15 270336]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-05 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\ITUNESHELPER.EXE" [2010-09-24 421160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-26 136600]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-09-27 18:49 87424 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\PROGRAM FILES\\SKYPE\\PHONE\\SKYPE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/2/2010 10:38 PM 64288]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [11/2/2010 10:38 PM 98392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/23/2010 3:46 AM 1375992]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [11/1/2010 6:58 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 7:46 PM 12856]
S2 gupdate1c96aeaf2103fd4;Google Update Service (gupdate1c96aeaf2103fd4);c:\program files\Google\Update\GoogleUpdate.exe [12/30/2008 9:56 PM 133104]
S3 vbma1173;Virtual Bus for Microsoft ACPI-Compliant System; [x]
S4 0143741236769456mcinstcleanup;McAfee Application Installer Cleanup (0143741236769456);c:\windows\TEMP\014374~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\014374~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 17:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-11-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 05:44]

2010-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-10-18 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-12 00:12]

2010-11-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-25 12:13]

2010-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-31 10:54]

2010-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-31 10:54]

2010-11-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {25220146-E16F-46B1-B253-8E2420F6A56E} = 8.8.8.8,8.8.4.4
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-05 21:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(608)
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(1108)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Dell AIO Printer A920\dlbkbmon.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-11-05 21:39:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-06 01:39

Pre-Run: 396,474,265,600 bytes free
Post-Run: 396,529,000,448 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 9B4F1498B3FF40B240BE78D253061B2F

[FrustratedInFargo]

IE was pretty much unusable. Couldn't wait any longer. I saw many references to combo fix, and the associated warnings to avoid using it without express directions. Ran it anyway. Seems to be ok now. Haven't had a redirect yet. I'll post the log.
I have bolded that which I believe was the issue and what combofix appears to have addressed. If anyone sees anything else I should do, let me know please.

ComboFix 10-11-05.05 - Nancy 11/05/2010 21:31:17.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1319 [GMT -4:00]
Running from: c:\documents and settings\Nancy\My Documents\Remove\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Nancy\Application Data\completescan
c:\documents and settings\Nancy\Application Data\install
c:\windows\assembly\GAC\__AssemblyInfo__.ini
c:\windows\Downloaded Program Files\RdxIE.dll
c:\windows\system32\config\stmodqqj
c:\windows\system32\Drivers\ibmgr.sys
c:\windows\system32\setcell.dll
c:\windows\system32\tmp.reg

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_SSHNAS


((((((((((((((((((((((((( Files Created from 2010-10-06 to 2010-11-06 )))))))))))))))))))))))))))))))
.

2010-11-05 06:13 . 2010-10-07 20:21 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72A7A5CD-C876-4EC9-9406-E4AE00102927}\mpengine.dll
2010-11-05 01:58 . 2010-11-05 02:00 -------- d-----w- c:\program files\Windows Live Safety Center
2010-11-05 00:19 . 2009-09-07 18:02 27944 ----a-w- c:\windows\system32\sbbd.exe
2010-11-05 00:19 . 2010-11-05 01:17 -------- d-----w- C:\VIPRERESCUE
2010-11-04 23:24 . 2010-11-04 23:24 -------- d-----w- C:\_OTL
2010-11-04 22:48 . 2010-11-04 22:48 -------- d-----w- C:\_OTM
2010-11-04 22:44 . 2010-11-04 22:44 -------- d-----w- c:\program files\ERUNT
2010-11-04 12:40 . 2010-11-05 05:30 -------- d-----w- c:\program files\Panda Security
2010-11-04 12:32 . 2010-11-04 12:32 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-04 12:31 . 2010-11-04 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-11-04 03:04 . 2010-10-07 20:21 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-11-03 21:44 . 2010-09-23 07:46 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-11-03 02:38 . 2010-09-23 07:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-11-03 02:38 . 2010-11-05 05:44 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-03 02:34 . 2010-11-03 02:34 -------- d-----w- c:\documents and settings\Nancy\Local Settings\Application Data\Sunbelt Software
2010-11-03 02:32 . 2010-11-03 02:32 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-11-03 02:32 . 2010-11-03 02:32 -------- d-----w- c:\program files\Lavasoft
2010-11-03 01:25 . 2010-11-03 01:26 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-11-03 00:58 . 2010-11-03 00:58 -------- d-----w- c:\program files\CCleaner
2010-11-03 00:36 . 2010-11-03 00:36 -------- d--h--w- c:\windows\PIF
2010-11-02 22:05 . 2010-11-03 00:52 -------- d-----w- c:\program files\WhatsRunning
2010-11-02 01:41 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-02 01:41 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-02 00:21 . 2010-11-02 00:21 -------- d-----w- C:\skins
2010-11-02 00:21 . 2010-11-02 00:21 -------- d-----w- C:\Favorites
2010-11-02 00:21 . 2010-11-02 00:21 -------- d-----w- C:\Temp
2010-11-01 23:57 . 2010-11-01 23:57 -------- d-----w- c:\documents and settings\Nancy\Application Data\Malwarebytes
2010-11-01 23:57 . 2010-11-03 00:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-01 23:57 . 2010-11-01 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-01 23:22 . 2010-11-02 23:25 -------- d-----w- c:\documents and settings\HelpAssistant
2010-11-01 23:16 . 2010-11-02 22:57 -------- d-----w- c:\documents and settings\Nancy\Local Settings\Application Data\RcIncidents
2010-11-01 22:50 . 2010-11-01 22:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-11-01 05:39 . 2010-11-01 05:39 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2010-11-01 04:00 . 2010-11-02 10:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-10-31 15:35 . 2010-10-31 15:35 -------- d-----w- c:\documents and settings\Nancy\Application Data\Registry Mechanic
2010-10-31 15:31 . 2010-10-31 16:35 -------- d-----w- c:\program files\Common Files\PC Tools
2010-10-13 22:29 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 22:29 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 22:29 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-10 23:56 . 2010-10-10 23:56 -------- d-----w- c:\program files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2009-10-02 17:13 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-27 18:50 . 2009-02-01 15:22 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-09-27 18:49 . 2009-02-01 15:22 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-09-27 18:49 . 2009-02-01 15:22 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-09-27 18:49 . 2009-02-01 15:22 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-09-18 16:23 . 2004-08-12 13:59 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-12 13:59 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-12 13:59 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-12 13:59 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-12 14:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-12 13:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-12 13:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2004-08-12 13:55 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-12 14:09 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-12 14:07 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-12 14:06 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-12 14:06 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-15 04:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-12 13:56 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-12 14:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-12 14:04 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Delay Skype Start"="c:\program files\Skype\Phone\Skype.exe" [2009-05-26 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"DVDLauncher"="c:\program files\CYBERLINK\PowerDVD\DVDLAUNCHER.EXE" [2004-08-23 57344]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2004-04-15 270336]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-05 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\ITUNESHELPER.EXE" [2010-09-24 421160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-26 136600]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-09-27 18:49 87424 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\PROGRAM FILES\\SKYPE\\PHONE\\SKYPE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/2/2010 10:38 PM 64288]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [11/2/2010 10:38 PM 98392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/23/2010 3:46 AM 1375992]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [11/1/2010 6:58 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 7:46 PM 12856]
S2 gupdate1c96aeaf2103fd4;Google Update Service (gupdate1c96aeaf2103fd4);c:\program files\Google\Update\GoogleUpdate.exe [12/30/2008 9:56 PM 133104]
S3 vbma1173;Virtual Bus for Microsoft ACPI-Compliant System; [x]
S4 0143741236769456mcinstcleanup;McAfee Application Installer Cleanup (0143741236769456);c:\windows\TEMP\014374~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\014374~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 17:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-11-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 05:44]

2010-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-10-18 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-12 00:12]

2010-11-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-25 12:13]

2010-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-31 10:54]

2010-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-31 10:54]

2010-11-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {25220146-E16F-46B1-B253-8E2420F6A56E} = 8.8.8.8,8.8.4.4
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-05 21:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(608)
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(1108)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Dell AIO Printer A920\dlbkbmon.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-11-05 21:39:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-06 01:39

Pre-Run: 396,474,265,600 bytes free
Post-Run: 396,529,000,448 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 9B4F1498B3FF40B240BE78D253061B2F