Solved google redirect and general slowling down

[Resolved] google redirect and general slowling down

sorry for any silly mistakes I make but im quite a beginner when it comes to this. So recently I noticed a slow down in my systems performance most notably the 'welcome' blue screen takes a considerable while longer to load than it did previously(it was normally a second or two) and also some google links redirect me to random nonsense sites which attempt to download a media player or other nonsense.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Jakhu at 23:43:19.43 on 07/05/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1007.335 [GMT 1:00]

AV: BullGuard Antivirus *On-access scanning disabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: BullGuard Firewall *disabled*
FW: ZoneAlarm Security Suite Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\BullGuard Software\BullGuard 5.0\BullGuardUpdate.exe
"C:\WINDOWS\System32\svchost.exe" -k bg5
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\1160843343\ee\AOLSoftware.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\aol\1160843343\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1160843343\ee\aolsoftware.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Documents and Settings\Jakhu\Desktop\dds.scr
C:\WINDOWS\system32\ZoneLabs\UpdClient.exe

============== Pseudo HJT Report ===============

BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [BullGuard 5.0] "c:\program files\bullguard software\bullguard 5.0\bullguard.exe "
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [EA Core] c:\program files\electronic arts\eadm\Core.exe -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe "
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy media creator 7\drag to disc\DrgToDsc.exe "
mRun: [Disk Monitor] c:\program files\ic\card reader driver v1.9e2\Disk_Monitor.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [GSICONEXE] GSICON.EXE
mRun: [DSLAGENTEXE] dslagent.exe USB
mRun: [%FP%Friendly fts.exe] "c:\program files\voyagertest\fts.exe "
mRun: [HostManager] c:\program files\common files\aol\1160843343\ee\AOLSoftware.exe
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe" -s
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe "
StartupFolder: c:\docume~1\jakhu\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aol90t~1.lnk - c:\program files\aol 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sonicc~1.lnk - c:\program files\common files\sonic shared\CineTray.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {DB6CFD5A-7C38-43E9-8BA9-BB46C1D9933C} = 92.31.242.20 92.31.242.21
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jakhu\applic~1\mozilla\firefox\profiles\0rnlvoum.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-3 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-3 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-3 108552]
R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\cinemsup.sys [2003-12-19 6656]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-5-7 150544]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-4-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 72944]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-5-5 353672]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-3 298776]
R2 BsFileSpy;BullGuard File Monitoring; "c:\windows\system32\svchost.exe" -k bg5 [2005-8-16 14336]
R2 BsFirewall;BullGuard Firewall; "c:\windows\system32\svchost.exe" -k bg5 [2005-8-16 14336]
R2 BsMailProxy;BullGuard Email Monitoring; "c:\windows\system32\svchost.exe" -k bg5 [2005-8-16 14336]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 glausb;GlobeSpan USB ADSL LAN Modem;c:\windows\system32\drivers\glausb.sys [2006-9-29 244419]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-4-28 7408]
S2 gafwload;GlobeSpan USB ADSL Loader;c:\windows\system32\drivers\gafwload.sys [2006-9-29 27147]
S3 FileSpy5;BullGuard File Monitor;c:\program files\bullguard software\bullguard 5.0\filespy5.sys [2004-10-29 13824]
S3 Reconn;BullGuard Mail Monitor;c:\program files\bullguard software\bullguard 5.0\reconn.sys [2004-9-28 6528]

=============== Created Last 30 ================

2009-05-07 23:35 <DIR> --d----- c:\program files\Trend Micro
2009-05-07 23:18 <DIR> --d----- C:\ComboFix
2009-05-07 18:20 <DIR> a-dshr-- C:\cmdcons
2009-05-06 16:10 <DIR> --d----- c:\program files\SpywareBlaster
2009-05-06 08:08 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-05-05 20:37 <DIR> --d----- c:\docume~1\jakhu\applic~1\MailFrontier
2009-05-05 20:34 29,630,496 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-05-05 20:34 89,732 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-05-05 20:21 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-05-05 20:20 72,584 a------- c:\windows\zllsputility.exe
2009-05-05 20:20 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-05-05 20:20 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-05-05 20:20 <DIR> --d----- c:\program files\Zone Labs
2009-05-05 20:20 351,218 a------- c:\windows\system32\vsconfig.xml
2009-05-05 20:19 <DIR> --d----- c:\windows\Internet Logs
2009-05-05 19:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-05 19:48 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-05-05 19:48 <DIR> --d----- c:\docume~1\jakhu\applic~1\SUPERAntiSpyware.com
2009-05-05 19:48 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-05-05 19:06 <DIR> --d----- c:\documents and settings\jakhu\.SunDownloadManager
2009-05-03 21:09 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-03 21:09 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-03 21:08 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-03 21:08 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-05-03 21:08 <DIR> --d----- c:\docume~1\jakhu\applic~1\AVGTOOLBAR
2009-05-03 21:08 <DIR> --d----- c:\program files\AVG
2009-05-03 21:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-05-03 14:41 <DIR> --d----- c:\windows\ERUNT
2009-05-01 09:59 61,440 a------- c:\windows\system32\drivers\sdyxke.sys
2009-04-30 22:41 <DIR> --d----- c:\docume~1\jakhu\applic~1\Malwarebytes
2009-04-30 22:41 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-30 22:41 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-30 22:41 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-30 22:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-24 19:55 38,016 ac------ c:\windows\system32\dllcache\bthmodem.sys
2009-04-24 19:55 38,016 a------- c:\windows\system32\drivers\bthmodem.sys
2009-04-24 19:52 100,992 ac------ c:\windows\system32\dllcache\bthpan.sys
2009-04-24 19:52 100,992 a------- c:\windows\system32\drivers\bthpan.sys
2009-04-24 19:52 59,648 ac------ c:\windows\system32\dllcache\rfcomm.sys
2009-04-24 19:52 17,024 ac------ c:\windows\system32\dllcache\bthenum.sys
2009-04-24 19:52 59,648 a------- c:\windows\system32\drivers\rfcomm.sys
2009-04-24 19:52 17,024 a------- c:\windows\system32\drivers\BthEnum.sys
2009-04-24 19:52 152,576 ac------ c:\windows\system32\dllcache\irftp.exe
2009-04-24 19:52 27,136 ac------ c:\windows\system32\dllcache\irmon.dll
2009-04-24 19:52 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-04-24 19:52 152,576 a------- c:\windows\system32\irftp.exe
2009-04-24 19:52 27,136 a------- c:\windows\system32\irmon.dll
2009-04-24 19:52 8,192 a------- c:\windows\system32\wshirda.dll
2009-04-24 19:51 18,944 ac------ c:\windows\system32\dllcache\bthusb.sys
2009-04-24 19:51 18,944 a------- c:\windows\system32\drivers\BTHUSB.SYS

==================== Find3M ====================

2009-03-06 15:00 284,160 a------- c:\windows\system32\pdh.dll
2009-03-03 01:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 19:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 11:20 1,847,424 a------- c:\windows\system32\win32k.sys
2009-02-09 11:01 728,576 a------- c:\windows\system32\lsasrv.dll
2009-02-09 11:01 617,984 a------- c:\windows\system32\advapi32.dll
2009-02-09 11:01 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 11:01 715,264 a------- c:\windows\system32\ntdll.dll
2007-03-28 17:40 42 a------- c:\docume~1\jakhu\applic~1\wklnhst.dat

============= FINISH: 23:44:16.59 ===============


------------------------------------------------------------------------------

After a bit of asking I got instructed to do a HiJackThis scan, so if its any use:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:46:39, on 07/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\BullGuard Software\BullGuard 5.0\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\1160843343\ee\AOLSoftware.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\aol\1160843343\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1160843343\ee\aolsoftware.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe "
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe "
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1160843343\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKCU\..\Run: [BullGuard 5.0] "C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe "
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe "
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB6CFD5A-7C38-43E9-8BA9-BB46C1D9933C}: NameServer = 92.31.242.20 92.31.242.21
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard, Ltd. - C:\Program Files\BullGuard Software\BullGuard 5.0\BullGuardUpdate.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9967 bytes

Any help would be greatly appreciated thankyou

 

Hi and welcome

Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.


***********
Please download [color= "#FF0000"] GooredFix[/color] from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Double-click GooredFix.exe to run it.
• Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
• A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

Note: Do not run Option #2 yet.



NEXT**

Please download RegQuery by Noviciate to your desktop

• Copy the following registry keypath by highlighting the text and pressing CTRL and C at the same time
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
• Double click RegQuery.exe to run the program
• Paste the text you have copied using CRTL and V, into the textbox
• Click the Query button
• A Notepad file will open. Please paste the contents in your next reply
• You may now close the RegQuery program

*********************
I can see in your logs you have run ComboFix....I need to see the log it created,


C:\qoobox\quarantined_files.txt <-- is this file present? If so -- please post its contents.
How about c:\Combofix\combofix.txt <-- is it here?





In your next reply post:
GooredLog.txt
RegQuery log
ComboFix.txt


You may need several replies to post the requested logs, otherwise they might get cut off.

 

Thanks for your help

GooredFix v1.92 by jpshortstuff
Log created at 18:46 on 14/05/2009 running Option #1 (Jakhu)
Firefox version 3.0.10 (en-GB)

=====Suspect Goored Entries=====

C:\Program Files\Mozilla Firefox\extensions\{9F7C43BC-4CDB-4C91-8CD1-15998AAFE1CE}

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins "= "C:\Program Files\Mozilla Firefox\plugins "

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components "= "C:\Program Files\Mozilla Firefox\components "

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com "= "C:\Program Files\Java\jre6\lib\deploy\jqs\ff "

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{1d5287d1-8a92-0001-1f31-1cec198018d8} "= "C:\Program Files\AVG\AVG8\ToolbarFF "

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71} "= "C:\Program Files\AVG\AVG8\Firefox "

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758} "= "C:\Program Files\Real\RealPlayer\browserrecord "

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3112ca9c-de6d-4884-a869-9855de68056c} "= "C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} "

---------------------------------------------------------------------------

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midimapper "= "midimap.dll "
"msacm.imaadpcm "= "imaadp32.acm "
"msacm.msadpcm "= "msadp32.acm "
"msacm.msg711 "= "msg711.acm "
"msacm.msgsm610 "= "msgsm32.acm "
"msacm.trspch "= "tssoft32.acm "
"vidc.cvid "= "iccvid.dll "
"vidc.I420 "= "msh263.drv "
"vidc.iv31 "= "ir32_32.dll "
"vidc.iv32 "= "ir32_32.dll "
"vidc.iv41 "= "ir41_32.ax "
"vidc.iyuv "= "iyuv_32.dll "
"vidc.mrle "= "msrle32.dll "
"vidc.msvc "= "msvidc32.dll "
"vidc.uyvy "= "msyuv.dll "
"vidc.yuy2 "= "msyuv.dll "
"vidc.yvu9 "= "tsbyuv.dll "
"vidc.yvyu "= "msyuv.dll "
"wavemapper "= "msacm32.drv "
"wave1 "= "serwvdrv.dll "
"msacm.msg723 "= "msg723.acm "
"vidc.M263 "= "msh263.drv "
"vidc.M261 "= "msh261.drv "
"msacm.msaudio1 "= "msaud32.acm "
"msacm.sl_anet "= "sl_anet.acm "
"msacm.iac2 "= "C:\\WINDOWS\\system32\\iac25_32.ax "
"vidc.iv50 "= "ir50_32.dll "
"msacm.l3acm "= "C:\\WINDOWS\\system32\\l3codeca.acm "
"wave "= "wdmaud.drv "
"midi "= "wdmaud.drv "
"mixer "= "wdmaud.drv "
"msacm.siren "= "sirenacm.dll "
"VIDC.DIVX "= "divx.dll "
"VIDC.XVID "= "xvidvfw.dll "
"vidc.yv12 "= "yv12vfw.dll "
"msacm.ac3acm "= "ac3acm.acm "
"VIDC.wmv3 "= "wmv9vcm.dll "
"VIDC.FFDS "= "ff_vfw.dll "
"vidc.mpng "= "C:\\Program Files\\t@b\\0.958\\686\\tabdec.dll "
"vidc.mvjp "= "C:\\Program Files\\t@b\\0.958\\686\\tabdec.dll "
"vidc.444p "= "C:\\Program Files\\t@b\\0.958\\686\\tabdec.dll "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server\RDP]
"wave "= "rdpsnd.dll "
"mixer "= "rdpsnd.dll "
"MaxBandwidth "=dword:000056b9
"wavemapper "= "msacm32.drv "
"EnableMP3Codec "=dword:00000001
"midimapper "= "midimap.dll "

----------------------------------------------------------------------------

 

ComboFix 09-05-07.03 - Jakhu 07/05/2009 18:54.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1007.424 [GMT 1:00]
Running from: c:\documents and settings\Jakhu\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jakhu\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: BullGuard Antivirus *On-access scanning disabled* (Updated)
FW: BullGuard Firewall *disabled*
FW: ZoneAlarm Security Suite Firewall *enabled*

FILE ::
C:\Install
C:\Program Filesxpantiviruspro.exe.tmp
.

((((((((((((((((((((((((( Files Created from 2009-04-07 to 2009-05-07 )))))))))))))))))))))))))))))))
.

2009-05-06 15:10 . 2009-05-06 15:10 -------- d-----w c:\documents and settings\All Users\Application Data\TEMP
2009-05-06 15:10 . 2009-05-06 15:10 -------- d-----w c:\program files\SpywareBlaster
2009-05-06 07:08 . 2009-05-07 17:11 -------- d--h--w C:\$AVG8.VAULT$
2009-05-05 19:37 . 2009-05-05 19:37 -------- d-----w c:\documents and settings\Jakhu\Application Data\MailFrontier
2009-05-05 19:34 . 2009-05-07 17:29 29630496 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-05 19:21 . 2009-05-07 14:58 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-05-05 19:20 . 2009-03-31 18:20 72584 ----a-w c:\windows\zllsputility.exe
2009-05-05 19:20 . 2009-03-31 18:20 1221512 ----a-w c:\windows\system32\zpeng25.dll
2009-05-05 19:20 . 2009-05-07 17:41 -------- d-----w c:\windows\system32\ZoneLabs
2009-05-05 19:20 . 2009-05-05 19:20 -------- d-----w c:\program files\Zone Labs
2009-05-05 19:19 . 2009-05-07 17:48 -------- d-----w c:\windows\Internet Logs
2009-05-05 18:49 . 2009-05-05 18:49 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-05 18:48 . 2009-05-05 18:48 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-05 18:48 . 2009-05-05 18:48 -------- d-----w c:\documents and settings\Jakhu\Application Data\SUPERAntiSpyware.com
2009-05-05 18:48 . 2009-05-05 18:48 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-05 18:06 . 2009-05-05 18:08 -------- d-----w c:\documents and settings\Jakhu\.SunDownloadManager
2009-05-03 20:09 . 2009-05-03 20:09 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-03 20:09 . 2009-05-03 20:09 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-03 20:08 . 2009-05-03 20:08 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-03 20:08 . 2009-05-07 08:10 -------- d-----w c:\windows\system32\drivers\Avg
2009-05-03 20:08 . 2009-05-03 20:08 -------- d-----w c:\documents and settings\Jakhu\Application Data\AVGTOOLBAR
2009-05-03 20:08 . 2009-05-03 20:08 -------- d-----w c:\program files\AVG
2009-05-03 20:08 . 2009-05-03 20:08 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-03 13:41 . 2009-05-03 13:42 -------- d-----w c:\windows\ERUNT
2009-05-03 13:35 . 2009-05-03 14:37 -------- d-----w C:\SDFix
2009-05-01 08:59 . 2009-05-01 08:59 61440 ----a-w c:\windows\system32\drivers\sdyxke.sys
2009-04-30 21:41 . 2009-04-30 21:41 -------- d-----w c:\documents and settings\Jakhu\Application Data\Malwarebytes
2009-04-30 21:41 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-30 21:41 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-30 21:41 . 2009-04-30 21:41 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-30 21:41 . 2009-04-30 21:41 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-24 18:55 . 2004-08-03 22:10 38016 -c--a-w c:\windows\system32\dllcache\bthmodem.sys
2009-04-24 18:55 . 2004-08-03 22:10 38016 ----a-w c:\windows\system32\drivers\bthmodem.sys
2009-04-24 18:52 . 2004-08-03 21:58 100992 -c--a-w c:\windows\system32\dllcache\bthpan.sys
2009-04-24 18:52 . 2004-08-03 21:58 100992 ----a-w c:\windows\system32\drivers\bthpan.sys
2009-04-24 18:52 . 2004-08-03 22:10 59648 -c--a-w c:\windows\system32\dllcache\rfcomm.sys
2009-04-24 18:52 . 2004-08-03 22:10 59648 ----a-w c:\windows\system32\drivers\rfcomm.sys
2009-04-24 18:52 . 2004-08-03 22:10 17024 -c--a-w c:\windows\system32\dllcache\bthenum.sys
2009-04-24 18:52 . 2004-08-03 22:10 17024 ----a-w c:\windows\system32\drivers\BthEnum.sys
2009-04-24 18:52 . 2004-08-03 23:56 27136 -c--a-w c:\windows\system32\dllcache\irmon.dll
2009-04-24 18:52 . 2004-08-03 23:56 27136 ----a-w c:\windows\system32\irmon.dll
2009-04-24 18:52 . 2004-08-03 23:56 152576 -c--a-w c:\windows\system32\dllcache\irftp.exe
2009-04-24 18:52 . 2004-08-03 23:56 152576 ----a-w c:\windows\system32\irftp.exe
2009-04-24 18:52 . 2004-08-03 23:56 8192 -c--a-w c:\windows\system32\dllcache\wshirda.dll
2009-04-24 18:52 . 2004-08-03 23:56 8192 ----a-w c:\windows\system32\wshirda.dll
2009-04-24 18:51 . 2004-08-03 22:10 18944 -c--a-w c:\windows\system32\dllcache\bthusb.sys
2009-04-24 18:51 . 2004-08-03 22:10 18944 ----a-w c:\windows\system32\drivers\BTHUSB.SYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-07 17:29 . 2009-05-07 17:32 2925568 ----a-w c:\windows\Internet Logs\xDB1.tmp
2009-05-07 14:57 . 2009-05-05 19:34 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-05 20:07 . 2006-09-29 11:11 -------- d-----w c:\program files\AOL Toolbar
2009-05-05 19:32 . 2009-01-29 22:41 -------- d-----w c:\program files\AskBarDis
2009-05-05 18:08 . 2006-09-05 18:35 -------- d-----w c:\program files\Java
2009-05-01 09:05 . 2007-08-26 20:14 -------- d-----w c:\program files\RzRose
2009-05-01 09:04 . 2008-06-17 22:05 -------- d-----w c:\program files\Electronic Arts
2009-05-01 09:03 . 2008-11-30 19:19 -------- d-----w c:\program files\PersonalWebKit3
2009-04-02 19:04 . 2006-04-03 12:15 50272 ----a-w c:\documents and settings\Jakhu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-18 22:17 . 2009-03-18 22:17 -------- d-----w c:\program files\ASGvis
2009-03-18 22:17 . 2005-08-16 09:25 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-17 11:36 . 2006-06-28 09:52 -------- d-----w c:\program files\Google
2009-03-09 14:24 . 2009-03-09 14:09 -------- d-----w c:\program files\Kerkythea Rendering System
2009-03-06 14:00 . 2005-08-16 16:43 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2005-08-16 16:44 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2005-08-16 16:43 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:20 . 2005-08-16 16:44 1847424 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:01 . 2005-08-16 16:43 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:01 . 2005-08-16 16:43 728576 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:01 . 2005-08-16 16:43 617984 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:01 . 2005-08-16 16:43 715264 ----a-w c:\windows\system32\ntdll.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-07_17.34.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-05 19:54 . 2009-05-07 17:41 11576520 c:\windows\system32\ZoneLabs\spyware0.dat
- 2009-05-05 19:54 . 2009-05-05 19:54 11576520 c:\windows\system32\ZoneLabs\spyware0.dat
+ 2009-05-07 14:53 . 2009-05-07 17:41 12088616 c:\windows\system32\ZoneLabs\spyware.dat
- 2009-05-07 14:53 . 2009-05-07 14:40 12088616 c:\windows\system32\ZoneLabs\spyware.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 17:22 333192 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98} "= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98} "= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BullGuard 5.0 "= "c:\program files\BullGuard Software\BullGuard 5.0\bullguard.exe" [2006-04-03 98304]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Veoh "= "c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"kdx "= "c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"EA Core "= "c:\program files\Electronic Arts\EADM\Core.exe" [2008-05-16 2732032]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"VeohPlugin "= "c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-03-07 3558136]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-28 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2005-08-16 155648]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2005-08-16 126976]
"RoxioDragToDisc "= "c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-03-01 1695744]
"Disk Monitor "= "c:\program files\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe" [2003-06-18 466944]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-11-06 136600]
"AOLDialer "= "c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]
"%FP%Friendly fts.exe "= "c:\program files\VoyagerTest\fts.exe" [2003-05-06 72192]
"HostManager "= "c:\program files\Common Files\AOL\1160843343\ee\AOLSoftware.exe" [2006-11-17 50736]
"DAEMON Tools "= "c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"TomTomHOME.exe "= "c:\program files\TomTom HOME 2\HOMERunner.exe" [2007-08-15 374688]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-03 185896]
"4oD "= "c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-03 1947928]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-03-31 982408]
"SoundMan "= "SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-08-16 77824]
"GSICONEXE "= "GSICON.EXE" - c:\windows\system32\gsicon.exe [2002-04-24 90112]
"DSLAGENTEXE "= "dslagent.exe" - c:\windows\system32\dslagent.exe [2002-05-02 16384]
"BluetoothAuthenticationAgent "= "bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]

c:\documents and settings\Jakhu\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2006-9-29 156784]
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2005-8-16 1742384]
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2005-3-30 114688]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop "= 1 (0x1)
"NoActiveDesktopChanges "= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-03 20:09 11952 ----a-w c:\windows\system32\avgrsstx.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1 "= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\AOL 7.0\\waol.exe "=
"c:\\StubInstaller.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\AOL 9.0\\waol.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\BitLord\\BitLord.exe "=
"c:\\Program Files\\Common Files\\AOL\\1160843343\\ee\\aolsoftware.exe "=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe "=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\Kontiki\\KService.exe "=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe "=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/05/2009 21:08 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/05/2009 21:09 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28/04/2009 11:33 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/04/2009 11:33 72944]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/05/2009 21:08 298776]
R3 glausb;GlobeSpan USB ADSL LAN Modem;c:\windows\system32\drivers\glausb.sys [29/09/2006 12:22 244419]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/04/2009 11:33 7408]
S2 BsFileSpy;BullGuard File Monitoring; "c:\windows\System32\svchost.exe" -k bg5 [16/08/2005 17:43 14336]
S2 BsFirewall;BullGuard Firewall; "c:\windows\System32\svchost.exe" -k bg5 [16/08/2005 17:43 14336]
S2 BsMailProxy;BullGuard Email Monitoring; "c:\windows\System32\svchost.exe" -k bg5 [16/08/2005 17:43 14336]
S2 gafwload;GlobeSpan USB ADSL Loader;c:\windows\system32\drivers\gafwload.sys [29/09/2006 12:22 27147]
S3 FileSpy5;BullGuard File Monitor;c:\program files\BullGuard Software\BullGuard 5.0\filespy5.sys [29/10/2004 16:00 13824]
S3 Reconn;BullGuard Mail Monitor;c:\program files\BullGuard Software\BullGuard 5.0\reconn.sys [28/09/2004 17:50 6528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bg5 REG_MULTI_SZ BGMainSvc BsFileSpy BsMailProxy BsFirewall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65f7b534-5c88-11dc-a413-0090963be589}]
\Shell\AutoRun\command - J:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bd0d8f4-9141-11db-a2c5-0090963be589}]
\Shell\AutoRun\command - autorun.exe
\Shell\Open\command - autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96872edc-bb40-11da-86c9-00e04ce51146}]
\Shell\AutoRun\command - I:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {DB6CFD5A-7C38-43E9-8BA9-BB46C1D9933C} = 92.31.242.20 92.31.242.21
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jakhu\Application Data\Mozilla\Firefox\Profiles\0rnlvoum.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-07 18:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(948)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(5648)
c:\program files\Zone Labs\ZoneAlarm\MailFrontier\mlfhook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-07 19:01
ComboFix-quarantined-files.txt 2009-05-07 18:01
ComboFix2.txt 2009-05-07 17:41

Pre-Run: 104,861,077,504 bytes free
Post-Run: 104,842,784,768 bytes free

252 --- E O F --- 2009-04-29 23:06

 

Welcome back

Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.


Please double-click GooredFix.exe on your Desktop to run it.
Select 2. Fix Goored by typing 2 and pressing Enter.
Make sure all instances of Firefox are closed at this point.
Type y at the prompt and press Enter again.
A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).





Go to My Computer->Tools->Folder Options->View tab:

• Under the Hidden files and folders heading:
• Select - Show hidden files and folders.
• Uncheck- Hide protected operating system files (recommended) option.
• Also, make sure there is no checkmark beside Hide file extensions for known file types.
• Click OK. (Remember to Hide files and folders once done)

Please go to: VirusTotal

• 
  
  
  
  
  
• Click the Browse button and search for the following file: c:\windows\system32\drivers\sdyxke.sys
• Click Open
• Then click Send File
• Please be patient while the file is scanned.
• Once the scan results appear, please provide them in your next reply.

If it says already scanned -- click "reanalyze now "


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Download Flash_Disinfector.exe by sUBs from >here<
or from >here< and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Your desktop will vanish for a while, and then reappear. This is normal.
  
• Wait until it has finished scanning and then exit the program. If you use more than 1 flash drive, run the tool with each plugged in.
• Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.


Please leave the flash drive plugged in while completing the following.


NEXT****

You have an outdated version of ComboFix.

We'll get an updated copy.

Locate the ComboFix on your desktop, right click and select delete.

Download Combofix from any of the links below.

Save it to your desktop.

Link 1
Link 2
Link 3


Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Code:

File:: 
I:\autorun.exe
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{6bd0d8f4-9141-11db-a2c5-0090963be589}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{96872edc-bb40-11da-86c9-00e04ce51146}]

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


In your next reply post:
GooredLog.txt
File requested scanned
ComboFix.txt
new HJT log



How's your computer now?

 

again thanks for your help, im on this step:

Please go to: VirusTotal

* http://i204.photobucket.com/albums/b...total2-SWI.png


* Click the Browse button and search for the following file: c:\windows\system32\drivers\sdyxke.sys
* Click Open
* Then click Send File
* Please be patient while the file is scanned.
* Once the scan results appear, please provide them in your next reply.

If it says already scanned -- click "reanalyze now "

-------------------------------------------------------------------------------
however i dont seem to have this file sdyxke.sys

 

See if you can locate it this way:

Go to My Computer->Tools->Folder Options->View tab:

• Under the Hidden files and folders heading:
• Select - Show hidden files and folders.
• Uncheck- Hide protected operating system files (recommended) option.
• Also, make sure there is no checkmark beside Hide file extensions for known file types.
• Click OK. (Remember to Hide files and folders once done)

Use Windows Search (Go to > Start > Search > For Files or Folders), to search for the following file: sdyxke.sys

go to VirusTotal and submit the file for a scan and post the results in your next reply.


If it still can't be found please continue with the rest of the fix.

 

GooredFix v1.92 by jpshortstuff
Log created at 23:05 on 14/05/2009 running Option #2 (Jakhu)
Firefox version 3.0.10 (en-GB)

=====Goored Deletions=====
C:\Program Files\Mozilla Firefox\extensions\{9F7C43BC-4CDB-4C91-8CD1-15998AAFE1CE}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins "= "C:\Program Files\Mozilla Firefox\plugins "

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components "= "C:\Program Files\Mozilla Firefox\components "

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com "= "C:\Program Files\Java\jre6\lib\deploy\jqs\ff "

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{1d5287d1-8a92-0001-1f31-1cec198018d8} "= "C:\Program Files\AVG\AVG8\ToolbarFF "

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71} "= "C:\Program Files\AVG\AVG8\Firefox "

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758} "= "C:\Program Files\Real\RealPlayer\browserrecord "

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3112ca9c-de6d-4884-a869-9855de68056c} "= "C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} "

-----------------------------------------------------------------------------

ComboFix 09-05-14.05 - Jakhu 15/05/2009 9:59.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1007.456 [GMT 1:00]
Running from: c:\documents and settings\Jakhu\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jakhu\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: BullGuard Antivirus *On-access scanning disabled* (Updated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
FW: BullGuard Firewall *disabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
I:\autorun.exe
.

((((((((((((((((((((((((( Files Created from 2009-04-15 to 2009-05-15 )))))))))))))))))))))))))))))))
.

2009-05-14 12:16 . 2009-05-14 11:48 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-05-14 11:48 . 2009-05-14 11:47 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-05-14 11:44 . 2009-05-14 11:44 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-14 11:44 . 2009-05-14 11:44 -------- d-----w c:\program files\Lavasoft
2009-05-14 11:44 . 2009-05-14 11:48 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-09 08:16 . 2009-05-09 08:16 -------- d-----w c:\windows\system32\scripting
2009-05-09 08:16 . 2009-05-09 08:16 -------- d-----w c:\windows\l2schemas
2009-05-09 08:16 . 2009-05-09 08:16 -------- d-----w c:\windows\system32\en
2009-05-09 08:16 . 2009-05-09 08:16 -------- d-----w c:\windows\system32\bits
2009-05-09 08:11 . 2009-05-09 08:16 -------- d-----w c:\windows\ServicePackFiles
2009-05-09 08:03 . 2009-05-09 08:03 -------- d-----w c:\windows\EHome
2009-05-08 13:49 . 2009-05-08 13:49 -------- d-----w c:\documents and settings\Administrator.YOUR-716640A966\Application Data\Malwarebytes
2009-05-08 13:48 . 2009-05-08 13:48 -------- d-----w c:\documents and settings\Administrator.YOUR-716640A966\Application Data\SUPERAntiSpyware.com
2009-05-08 13:12 . 2009-05-08 13:13 -------- d-----w c:\program files\CCleaner
2009-05-07 22:35 . 2009-05-07 22:35 -------- d-----w c:\program files\Trend Micro
2009-05-06 15:10 . 2009-05-14 11:35 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-06 15:10 . 2009-05-06 15:10 -------- d-----w c:\program files\SpywareBlaster
2009-05-06 07:08 . 2009-05-13 15:30 -------- d--h--w C:\$AVG8.VAULT$
2009-05-05 19:37 . 2009-05-05 19:37 -------- d-----w c:\documents and settings\Jakhu\Application Data\MailFrontier
2009-05-05 19:34 . 2009-05-15 09:02 189301536 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-05 19:21 . 2009-05-09 09:08 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-05-05 19:20 . 2009-03-31 18:20 72584 ----a-w c:\windows\zllsputility.exe
2009-05-05 19:20 . 2009-03-31 18:20 1221512 ----a-w c:\windows\system32\zpeng25.dll
2009-05-05 19:20 . 2009-05-14 14:42 -------- d-----w c:\windows\system32\ZoneLabs
2009-05-05 19:20 . 2009-05-05 19:20 -------- d-----w c:\program files\Zone Labs
2009-05-05 19:19 . 2009-05-15 08:56 -------- d-----w c:\windows\Internet Logs
2009-05-05 18:49 . 2009-05-05 18:49 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-05 18:48 . 2009-05-05 18:48 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-05 18:48 . 2009-05-05 18:48 -------- d-----w c:\documents and settings\Jakhu\Application Data\SUPERAntiSpyware.com
2009-05-05 18:48 . 2009-05-05 18:48 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-05 18:06 . 2009-05-05 18:08 -------- d-----w c:\documents and settings\Jakhu\.SunDownloadManager
2009-05-03 20:09 . 2009-05-03 20:09 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-03 20:09 . 2009-05-03 20:09 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-03 20:08 . 2009-05-03 20:08 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-03 20:08 . 2009-05-14 16:00 -------- d-----w c:\windows\system32\drivers\Avg
2009-05-03 20:08 . 2009-05-03 20:08 -------- d-----w c:\documents and settings\Jakhu\Application Data\AVGTOOLBAR
2009-05-03 20:08 . 2009-05-03 20:08 -------- d-----w c:\program files\AVG
2009-05-03 20:08 . 2009-05-03 20:08 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-03 13:41 . 2009-05-03 13:42 -------- d-----w c:\windows\ERUNT
2009-04-30 21:41 . 2009-04-30 21:41 -------- d-----w c:\documents and settings\Jakhu\Application Data\Malwarebytes
2009-04-30 21:41 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-30 21:41 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-30 21:41 . 2009-04-30 21:41 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-30 21:41 . 2009-04-30 21:41 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-24 18:55 . 2008-04-13 18:46 37888 ----a-w c:\windows\system32\drivers\bthmodem.sys
2009-04-24 18:52 . 2008-04-13 18:51 101120 ----a-w c:\windows\system32\drivers\bthpan.sys
2009-04-24 18:52 . 2008-04-13 18:46 59136 ----a-w c:\windows\system32\drivers\rfcomm.sys
2009-04-24 18:52 . 2008-04-13 18:46 17024 ----a-w c:\windows\system32\drivers\bthenum.sys
2009-04-24 18:52 . 2008-04-14 00:11 28160 ----a-w c:\windows\system32\irmon.dll
2009-04-24 18:52 . 2008-04-14 00:12 151552 ----a-w c:\windows\system32\irftp.exe
2009-04-24 18:52 . 2008-04-14 00:12 8192 ----a-w c:\windows\system32\wshirda.dll
2009-04-24 18:51 . 2008-04-13 18:46 18944 ----a-w c:\windows\system32\drivers\bthusb.sys
2009-04-17 09:57 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-17 09:57 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 09:57 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-17 09:57 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 09:57 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 09:57 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 09:57 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 09:57 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 09:57 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 09:57 . 2009-02-06 11:06 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-17 09:57 . 2009-02-06 11:08 2189056 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-17 09:57 . 2009-02-06 10:32 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-16 22:41 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-16 22:41 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-14 22:53 . 2009-05-05 19:34 2500676 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-09 09:03 . 2007-08-23 14:28 96384 ----a-w c:\windows\system32\drivers\sptd9501.sys
2009-05-08 08:50 . 2008-11-06 23:13 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-05 20:07 . 2006-09-29 11:11 -------- d-----w c:\program files\AOL Toolbar
2009-05-05 19:32 . 2009-01-29 22:41 -------- d-----w c:\program files\AskBarDis
2009-05-05 18:08 . 2006-09-05 18:35 -------- d-----w c:\program files\Java
2009-05-01 09:05 . 2007-08-26 20:14 -------- d-----w c:\program files\RzRose
2009-05-01 09:04 . 2008-06-17 22:05 -------- d-----w c:\program files\Electronic Arts
2009-05-01 09:03 . 2008-11-30 19:19 -------- d-----w c:\program files\PersonalWebKit3
2009-04-02 19:04 . 2006-04-03 12:15 50272 ----a-w c:\documents and settings\Jakhu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-18 22:17 . 2009-03-18 22:17 -------- d-----w c:\program files\ASGvis
2009-03-18 22:17 . 2005-08-16 09:25 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-17 11:36 . 2006-06-28 09:52 -------- d-----w c:\program files\Google
2009-03-06 14:22 . 2005-08-16 16:43 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2005-08-16 16:44 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2005-08-16 16:43 78336 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 17:22 333192 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98} "= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98} "= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BullGuard 5.0 "= "c:\program files\BullGuard Software\BullGuard 5.0\bullguard.exe" [2006-04-03 98304]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Veoh "= "c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"kdx "= "c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"EA Core "= "c:\program files\Electronic Arts\EADM\Core.exe" [2008-05-16 2732032]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"VeohPlugin "= "c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-03-07 3558136]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-28 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2005-08-16 155648]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2005-08-16 126976]
"RoxioDragToDisc "= "c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-03-01 1695744]
"Disk Monitor "= "c:\program files\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe" [2003-06-18 466944]
"AOLDialer "= "c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]
"%FP%Friendly fts.exe "= "c:\program files\VoyagerTest\fts.exe" [2003-05-06 72192]
"HostManager "= "c:\program files\Common Files\AOL\1160843343\ee\AOLSoftware.exe" [2006-11-17 50736]
"DAEMON Tools "= "c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"TomTomHOME.exe "= "c:\program files\TomTom HOME 2\HOMERunner.exe" [2007-08-15 374688]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-03 185896]
"4oD "= "c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-03 1947928]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-03-31 982408]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-05-08 148888]
"Ad-Watch "= "c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-14 516440]
"SoundMan "= "SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-08-16 77824]
"GSICONEXE "= "GSICON.EXE" - c:\windows\system32\gsicon.exe [2002-04-24 90112]
"DSLAGENTEXE "= "dslagent.exe" - c:\windows\system32\dslagent.exe [2002-05-02 16384]
"BluetoothAuthenticationAgent "= "bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

c:\documents and settings\Jakhu\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2006-9-29 156784]
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2005-8-16 1742384]
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2005-3-30 114688]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop "= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-03 20:09 11952 ----a-w c:\windows\system32\avgrsstx.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1 "= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\AOL 7.0\\waol.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\AOL 9.0\\waol.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\BitLord\\BitLord.exe "=
"c:\\Program Files\\Common Files\\AOL\\1160843343\\ee\\aolsoftware.exe "=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe "=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe "=
"c:\\Program Files\\Kontiki\\KService.exe "=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [14/05/2009 12:48 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/05/2009 21:08 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/05/2009 21:09 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28/04/2009 11:33 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/04/2009 11:33 72944]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/05/2009 21:08 298776]
R3 glausb;GlobeSpan USB ADSL LAN Modem;c:\windows\system32\drivers\glausb.sys [29/09/2006 12:22 244419]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/04/2009 11:33 7408]
S2 BsFileSpy;BullGuard File Monitoring; "c:\windows\System32\svchost.exe" -k bg5 [16/08/2005 17:43 14336]
S2 BsFirewall;BullGuard Firewall; "c:\windows\System32\svchost.exe" -k bg5 [16/08/2005 17:43 14336]
S2 BsMailProxy;BullGuard Email Monitoring; "c:\windows\System32\svchost.exe" -k bg5 [16/08/2005 17:43 14336]
S2 gafwload;GlobeSpan USB ADSL Loader;c:\windows\system32\drivers\gafwload.sys [29/09/2006 12:22 27147]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 20:06 953168]
S3 FileSpy5;BullGuard File Monitor;c:\program files\BullGuard Software\BullGuard 5.0\filespy5.sys [29/10/2004 16:00 13824]
S3 Reconn;BullGuard Mail Monitor;c:\program files\BullGuard Software\BullGuard 5.0\reconn.sys [28/09/2004 17:50 6528]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - LBD

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bg5 REG_MULTI_SZ BGMainSvc BsFileSpy BsMailProxy BsFirewall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65f7b534-5c88-11dc-a413-0090963be589}]
\Shell\AutoRun\command - J:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bd0d8f4-9141-11db-a2c5-0090963be589}]
\Shell\AutoRun\command - autorun.exe
\Shell\Open\command - autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96872edc-bb40-11da-86c9-00e04ce51146}]
\Shell\AutoRun\command - I:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 11:47]

2009-05-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {DB6CFD5A-7C38-43E9-8BA9-BB46C1D9933C} = 92.31.242.20 92.31.242.21
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jakhu\Application Data\Mozilla\Firefox\Profiles\0rnlvoum.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-15 10:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(980)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(2936)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-15 10:04
ComboFix-quarantined-files.txt 2009-05-15 09:04
ComboFix2.txt 2009-05-07 18:01

Pre-Run: 101,208,973,312 bytes free
Post-Run: 101,408,096,256 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
267 --- E O F --- 2009-05-13 22:30

---------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:36, on 15/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\BullGuard Software\BullGuard 5.0\BullGuardUpdate.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\1160843343\ee\aolsoftware.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
c:\program files\common files\aol\1160843343\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1160843343\ee\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe "
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe "
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1160843343\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [BullGuard 5.0] "C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe "
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe "
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB6CFD5A-7C38-43E9-8BA9-BB46C1D9933C}: NameServer = 92.31.242.20 92.31.242.21
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard, Ltd. - C:\Program Files\BullGuard Software\BullGuard 5.0\BullGuardUpdate.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10388 bytes

-----------------------------------------------------------------------

just done a quick google check and the redirect seems to be completely gone

howver after the scan my spyware poped up with a bifrost trojan...hadn't popped up before. But apart fromt hat everything seems running much better. Thanks again

 

Good deal

Don't worry about that just yet, usually those are an easy fix.


AVG8 Antivirus
Bullguard antivirus and firewall

Are both on this computer. Running two Antivirus at the same time on a computer is actually a bad idea. It's very possible this will hinder fixes we attempt and cause a huge waste of system resources, and actually gives no extra protections.

What I need to ask is you make a decision which to keep and which to uninstall.

I also suggest you uninstall AskJeeves (Ask Toolbar), since they have a questionable reputation.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Let's continue


Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.




Please download ATF Cleaner by Atribune From Here and save it to your Desktop.
Follow the instructions for the browser you use.
Read the instructions about the cookies. Delete what you do not need.

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache
The rest are optional - if you want to remove the lot, check "Select All ".
Finally click Empty Selected. When you get the "Done Cleaning " message, click OK.
If you use the Firefox or Opera browsers, you can use this program
as a quick way to tidy those up as well.
When you have finished, click on the Exit button in the Main menu.
========================



NEXT**
I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, please be patient.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.


Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Other available links
Kaspersky Online Scanner or from here
http://www.kaspersky.com/virusscanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition
  files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run. (At times it may appear to stall)
  * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  
• Once the scan is complete, click on View scan report To obtain the report:

Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in
your reply.

Animated tutorial
http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif

(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin
https://addons.mozilla.org/en-US/firefox/addon/1419


In your next reply post:
Kaspersky log
New HJT log taken after the above scans have run


You may need several replies to post the requested logs, otherwise they might get cut off.


How's the computer now?

 

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, May 15, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, May 15, 2009 12:18:39
Records in database: 2179210
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 116486
Threat name: 3
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 03:03:24


File name / Threat name / Threats count
C:\Documents and Settings\Jakhu\Incomplete\CORRUPT-0-parteners in rhyme kasam se Share Accelerator.zip Infected: not-a-virus:AdWare.Win32.Shopper.k 1
C:\Documents and Settings\Jakhu\Incomplete\T-3545427-_we are together_ agape.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Documents and Settings\Jakhu\Incomplete\T-3870556-_we are together_ agape MTV.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1

The selected area was scanned.

----------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:54:28, on 15/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\1160843343\ee\AOLSoftware.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
c:\program files\common files\aol\1160843343\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1160843343\ee\aolsoftware.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe "
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe "
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1160843343\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [BullGuard 5.0] "C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe "
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe "
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB6CFD5A-7C38-43E9-8BA9-BB46C1D9933C}: NameServer = 92.31.242.20 92.31.242.21
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9893 bytes

thanks again

 

Welcome back


Careful what you download, as you can see those MP3's were infected.


Please print or copy these instructions to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.



Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
(Description: Intel hotkey applet. Unnecessary. Removing this will free up a small amount of system resources.)

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
(Description: System Tray icon for the Realtek AC97 Audio Sound Manager for AC97 onboard audio. Available via Start -> Settings-> Control Panel. Removing this entry will free up a small amount of system resources. )

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe "
(Part of Roxio EasyCD Creator 6.0 - places the Roxio Drag-to-Disc icon in you system tray. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically ". Not required for Roxio to work properly)

O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
(Description: ADSL modem monitor from Eicon Networks (as used by BT for its Broadband internet service for example). Can safely be disabled without affecting the connection - all this does is give an indication of connectivity and access to the diagnostic facilities. Removing this entry will free up some system resources.)

O4 - HKLM\..\Run: [TkBellExe] \ "C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot
(Description: RealPlayer scheduler. Completely unnecessary. Removing this entry will free up a small amount of system resources.)

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
(Not necessary)

O4 - HKLM\..\Run: [SunJavaUpdateSched] \ "C:\Program Files\Java\jre6\bin\jusched.exe\ "
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
(Can be started manually, will free up resources)

O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
(Description: AOL system tray icon. Not necessary. Removing this entry will free up a small amount of system resources.)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`


NEXT**
Please download OTMoveIt3 by OldTimer and save it to your desktop

• Double-click OTMoveIt3.exe to run it.
• Copy the lines in the codebox below. ( Make sure you include rocesses )

Code:

:Processes
explorer.exe
:Files
C:\Documents and Settings\Jakhu\Incomplete\CORRUPT-0-parteners in rhyme kasam se Share Accelerator.zip
C:\Documents and Settings\Jakhu\Incomplete\T-3545427-_we are together_ agape.mp3
C:\Documents and Settings\Jakhu\Incomplete\T-3870556-_we are together_ agape MTV.mp3
:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]

• Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

• - Close ALL open windows (especially Internet Explorer!)-
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


NEXT**
Click Start >> Run and then copy/paste the following into the box and hit Enter:

"%userprofile%\Desktop\GooredFix.exe" /uninstall

If any of your security programs query a new Registry/AutoStart value being added please allow the changes.



In your next reply please post:
OTMoveIt log
New HJT log


How's your computer now?

 

Process explorer.exe killed successfully.
========== FILES ==========
C:\Documents and Settings\Jakhu\Incomplete\CORRUPT-0-parteners in rhyme kasam se Share Accelerator.zip moved successfully.
C:\Documents and Settings\Jakhu\Incomplete\T-3545427-_we are together_ agape.mp3 moved successfully.
C:\Documents and Settings\Jakhu\Incomplete\T-3870556-_we are together_ agape MTV.mp3 moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Jakhu\LOCALS~1\Temp\Perflib_Perfdata_e9c.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jakhu\LOCALS~1\Temp\Perflib_Perfdata_ef0.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jakhu\LOCALS~1\Temp\~DF6500.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jakhu\LOCALS~1\Temp\~DFB779.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Jakhu\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_38c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_3ac.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT07f78.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05162009_212701

Files moved on Reboot...
File C:\DOCUME~1\Jakhu\LOCALS~1\Temp\Perflib_Perfdata_e9c.dat not found!
File C:\DOCUME~1\Jakhu\LOCALS~1\Temp\Perflib_Perfdata_ef0.dat not found!
C:\DOCUME~1\Jakhu\LOCALS~1\Temp\~DF6500.tmp moved successfully.
C:\DOCUME~1\Jakhu\LOCALS~1\Temp\~DFB779.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_38c.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_3ac.dat not found!
File C:\WINDOWS\temp\ZLT07f78.TMP not found!

-----------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:36:17, on 16/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\1160843343\ee\AOLSoftware.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BigFix\BigFix.exe
c:\program files\common files\aol\1160843343\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
c:\program files\common files\aol\1160843343\ee\aolsoftware.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe "
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1160843343\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\RunOnce: [GooredFixCleanup] C:\WINDOWS\system32\cmd.exe /Q /C "del C:\DOCUME~1\Jakhu\LOCALS~1\Temp\_gooredcleanup.bat "
O4 - HKCU\..\Run: [BullGuard 5.0] "C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe "
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe "
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB6CFD5A-7C38-43E9-8BA9-BB46C1D9933C}: NameServer = 92.31.242.20 92.31.242.21
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9136 bytes


-------------------------------------------------------------------------

systems seems to be running a lot smoother, google redirect seems to have completely disappeared.

Thank you for your help

 

Good deal and your welcome.

I want to remind you that your still using two antivirus programs on your computer.


Click Start >> Run and then copy/paste the following into the box and hit Enter:
"%userprofile%\Desktop\GooredFix.exe" /uninstall
If any of your security programs query a new Registry/AutoStart value being added please allow the changes.





RegQuery by Noviciate <--delete
RegQuery txt <--delete





Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)



Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.

Example below






NEXT**
Next open OTMoveIt, then click on "CleanUp! ". If you receive a warning from your Firewall please allow...In the left pane, it will display a list of tools and other related files which you may have downloaded/used during our cleanup + backup folders that were created with the bad files present. They are not needed anymore, so OTMoveIt will delete them.

Do not edit anything in that Window!
Don't worry if it displays some tools you didn't download/use.
Click Yes when it asks to Begin cleanup process.
Then reboot your computer. <--Required.



You are good to go, good job!!


Please take the time to read over a few of my preventive tips.


Please navigate to Microsoft Windows Updates and download all the "Critical Updates " for Windows.


Firefox 3
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 2, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

How to prevent Malware: Created by Miekiemoes

Here are some additional utilities that will further enhance your safety.
# http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)


Read this article 'Safe Computing Practices'.
So how did I get infected in the first place.

Secure My Computer: A Layered Approach

Strong passwords: How to create and use them

Free Antivirus-AntiSpyware-Firewall Software
Slow Computer May Not Be Malware Related, Help! My computer is slow!
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html


PC Safety and Security--What Do I Need?
http://www.techsupportforum.com/sec...115548-pc-safety-security-what-do-i-need.html

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
This site offers people who have been (or are) victims of malware the opportunity to document their story.

Extra note:
Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/

 

Glad we could help.

Since this issue appears resolved ... this Topic is closed.