Another Redirected Search Problem

xlilhammx · Joined: Jun 29, 2009 Posts: 6

Another one. A while back I somehow had this problem but only with google chrome. Now it's only on Firefox (haven't tried IE.) I got rid of it by using Malwarebytes' Anti-Malware but that hasn't worked this time. I've scanned with Ad-Aware, AVG, Malwarebytes' Anti-Malware, Spybot - Search & Destroy, SUPERAntiSpyware. Even in Safe mode; but no luck.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:04:01 AM, on 6/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_U...mp;c=Q1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN...&c=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN...&c=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN...&c=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.facebook.com/home.php?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN...&c=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN...&c=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7CB69A25-5B07-43C6-9FA9-47CFA21779E3} - C:\WINDOWS\system32\hgGxUKbc.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Gaia Online Toolbar - {B3535C18-0E70-4D4B-B36B-BBFE139BB144} - C:\Program Files\Gaia Online Toolbar\Toolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: FBmini Toolbar powered by Ask.com - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5716] command.com /c del "C:\WINDOWS\system32\sdra64.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3229] cmd.exe /c del "C:\WINDOWS\system32\sdra64.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Compaq_Owner] C:\Documents and Settings\Compaq_Owner\Compaq_Owner.exe /i
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [] C:\Documents and Settings\LocalService\.exe /i (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] C:\Documents and Settings\LocalService\.exe /i (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5888E710-0C1D-4CC8-BCBF-3971B959BB5C} (DM_activex_installer Control) - http://www.iple.com/cache/ActiveX/axau.cab
O16 - DPF: {BCA9A936-F557-408E-8301-D5B2B302EFD6} (SiUpdaterCtrl Class) - http://web.spaceillusion.com/help/iDanceUpdater1034.cab
O16 - DPF: {E4E22CA7-4BD7-424C-ADBF-3832919AA6BE} (IpleUploader Control) - http://messenger.iple.com/download/IpleImageUploader.cab
O16 - DPF: {ED1DE51C-2677-450A-8BC1-764218137696} (Install Class) - http://www.iple.com/cache/cab/DMAU.cab
O18 - Protocol: groovelocalgws - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: hwqzzn.dllemqsys.dll,C:\WINDOWS\system32\kazeluru.dll,C:\WINDOWS\system32\ligikupe.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: byXRlLCv - byXRlLCv.dll (file missing)
O20 - Winlogon Notify: nnnllLBq - nnnllLBq.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service (lavasoft ad-aware service) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Windows Installer MSIServerERSvc (msiserverersvc) - Unknown owner - C:\WINDOWS\system32\1054u.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14150 bytes

greyknight17 · Joined: Feb 03, 2003 Posts: 5674 Location: Brooklyn, NY

Welcome to Lockergnome.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. Also if you have any programs that may prevent system changes (like Spybot's TeaTimer program, Ad-aware's Ad-Watch, and others), make sure you disable them before doing any of the fixes (or accept the changes for the fix we give you when asked by the programs).

Go to My Computer->Tools (or View)->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders (it's Show all files for Windows 9 Cool

.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.
** You may change the above options back after your log is clean. If we ask you to fix something that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Restart your computer and boot into Safe Mode (if you don't know how, go to http://www.bleepingcomputer.com/forums/index.php?showtutorial=61 ). Make sure to close any internet browsers that may still be open.

Uninstall the following via the Add/Remove Panel (Start->Settings->Control Panel->Add/Remove Programs) if found:

Viewpoint

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)
O2 - BHO: (no name) - {7CB69A25-5B07-43C6-9FA9-47CFA21779E3} - C:\WINDOWS\system32\hgGxUKbc.dll (file missing)
O4 - HKLM\..\RunOnce: [SpybotDeletingA5716] command.com /c del "C:\WINDOWS\system32\sdra64.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3229] cmd.exe /c del "C:\WINDOWS\system32\sdra64.exe"
O4 - HKCU\..\Run: [Compaq_Owner] C:\Documents and Settings\Compaq_Owner\Compaq_Owner.exe /i
O4 - HKUS\S-1-5-18\..\Run: [] C:\Documents and Settings\LocalService\.exe /i (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] C:\Documents and Settings\LocalService\.exe /i (User 'Default user')
O20 - AppInit_DLLs: hwqzzn.dllemqsys.dll,C:\WINDOWS\system32\kazeluru.dll,C:\WINDOWS\system32\ligikupe.dll
O20 - Winlogon Notify: byXRlLCv - byXRlLCv.dll (file missing)
O20 - Winlogon Notify: nnnllLBq - nnnllLBq.dll (file missing)
O23 - Service: Windows Installer MSIServerERSvc (msiserverersvc) - Unknown owner - C:\WINDOWS\system32\1054u.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\WINDOWS\system32\sdra64.exe
C:\WINDOWS\system32\hwqzzn.dll
C:\WINDOWS\system32\emqsys.dll
C:\Documents and Settings\Compaq_Owner\Compaq_Owner.exe
C:\Documents and Settings\LocalService\.exe - see if you can find a file in the LocalService folder that has no name
C:\WINDOWS\system32\kazeluru.dll
C:\WINDOWS\system32\ligikupe.dll
C:\Program Files\Viewpoint\

Go to http://www.bleepingcomputer.com/combofix/how-to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.

Download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.

xlilhammx · Joined: Jun 29, 2009 Posts: 6

None of the files/folders were there when trying to delete them. Dunno if that's good or bad.

ComboFix
ComboFix 09-07-05.04 - Compaq_Owner 07/06/2009 11:33.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1470.1005 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Compaq_Owner\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\IA
c:\windows\Installer\104ded68.msp
c:\windows\system32\cbKUxGgh.ini
c:\windows\system32\drivers\hjgruifxikqpgk.sys
c:\windows\system32\hjgruidhpobstd.dll
c:\windows\system32\hjgruiggmbmiee.dll
c:\windows\system32\hjgruikahxmfbs.dat
c:\windows\system32\hjgruituemevvt.dat
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\tb.dr
c:\windows\wiaserviv.log
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hjgruioagigpuw
-------\Legacy_msiserverersvc
-------\Service_msiserverersvc

((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.

2009-06-30 01:48 . 2009-07-06 15:48 117760 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-30 01:48 . 2009-06-30 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-30 01:48 . 2009-06-30 01:48 65024 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2009-06-30 01:48 . 2009-06-30 01:48 18944 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2009-06-30 01:48 . 2009-06-30 01:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-30 01:48 . 2009-06-30 01:48 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2009-06-30 01:47 . 2009-06-30 01:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-29 21:41 . 2009-06-29 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-29 21:41 . 2009-06-29 21:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-29 13:30 . 2009-06-29 13:30 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-06-28 00:41 . 2009-06-28 00:41 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-25 20:05 . 2009-06-25 20:05 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\AskToolbar
2009-06-25 20:05 . 2009-06-24 20:16 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\AskToolbar
2009-06-25 17:58 . 2009-06-25 18:29 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\WMTools Downloaded Files
2009-06-23 16:28 . 2009-06-23 16:28 152576 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-23 15:50 . 2009-06-29 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-06-23 15:25 . 2009-06-23 15:25 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-23 05:38 . 2009-06-23 05:38 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-06-23 05:33 . 2009-06-23 05:33 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\WinBatch
2009-06-22 04:48 . 2009-06-22 04:48 -------- d-----w- C:\ProgramData
2009-06-22 04:48 . 2009-06-22 04:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-06-22 04:40 . 2009-06-22 04:40 -------- d-----w- c:\program files\Ask.com
2009-06-21 04:32 . 2009-06-21 04:32 10134 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-21 04:32 . 2008-09-04 20:11 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2009-06-21 04:32 . 2009-06-21 04:32 -------- d-----w- c:\program files\Microsoft WSE
2009-06-21 04:27 . 2006-09-28 20:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-06-21 04:27 . 2009-06-21 04:27 -------- d-----w- c:\windows\Logs
2009-06-21 04:13 . 2009-06-21 12:37 -------- d-----w- c:\program files\Electronic Arts
2009-06-21 03:23 . 2009-06-21 04:03 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-06-21 03:00 . 2009-06-21 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-06-21 02:55 . 2009-06-21 03:10 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-21 02:53 . 2009-06-21 04:05 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\DAEMON Tools Pro
2009-06-21 02:12 . 2009-06-21 02:12 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Sonic
2009-06-21 02:09 . 2009-06-21 02:09 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Leadertech
2009-06-20 12:58 . 2009-06-20 12:58 -------- d-----w- c:\program files\HashTab Shell Extension
2009-06-12 20:02 . 2009-06-12 20:02 -------- d-----w- C:\Westwood
2009-06-09 10:17 . 2009-06-09 10:17 -------- d-----w- c:\program files\iPod
2009-06-09 10:17 . 2009-06-09 10:18 -------- d-----w- c:\program files\iTunes
2009-06-09 10:14 . 2009-06-09 10:15 -------- d-----w- c:\program files\QuickTime
2009-06-09 10:08 . 2009-06-09 10:08 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 10:01 . 2008-01-26 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-07-01 12:32 . 2008-12-14 21:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-01 12:32 . 2008-12-14 21:01 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-01 12:32 . 2008-12-14 21:01 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-23 16:30 . 2006-02-22 10:30 -------- d-----w- c:\program files\Java
2009-06-23 15:51 . 2008-01-26 21:35 353504 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-23 15:35 . 2006-02-22 10:58 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-23 05:38 . 2006-02-22 10:45 -------- d-----w- c:\program files\HP
2009-06-23 05:38 . 2006-02-22 10:57 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-21 04:13 . 2006-02-22 10:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-09 10:17 . 2009-05-26 22:42 -------- d-----w- c:\program files\Common Files\Apple
2009-06-06 18:56 . 2008-12-26 17:55 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\U3
2009-05-26 22:46 . 2009-05-26 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-26 22:45 . 2009-05-26 22:45 -------- d-----w- c:\program files\Bonjour
2009-05-26 22:43 . 2009-05-26 22:43 -------- d-----w- c:\program files\Apple Software Update
2009-05-26 19:02 . 2009-05-26 19:02 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-26 19:02 . 2009-05-19 21:34 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-21 15:33 . 2008-12-24 03:24 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-19 22:38 . 2009-05-19 22:38 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2009-05-19 22:38 . 2009-05-19 22:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-19 22:38 . 2009-05-19 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-19 22:18 . 2009-05-19 22:18 -------- d-----w- c:\program files\Enigma Software Group
2009-05-19 19:01 . 2009-05-19 19:03 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-19 19:01 . 2009-05-19 19:01 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-19 18:45 . 2009-05-19 18:45 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-19 18:45 . 2009-05-19 18:45 -------- d-----w- c:\program files\Lavasoft
2009-05-19 18:45 . 2008-03-21 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-17 18:54 . 2009-05-17 18:54 606848 ----a-w- c:\windows\flashax.exe
2009-05-17 18:54 . 2009-05-17 18:54 12288 ----a-w- c:\windows\impborl.dll
2009-05-17 04:12 . 2008-01-27 03:01 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-14 16:01 . 2009-05-06 19:18 100 --s-a-w- c:\windows\system32\3895192241.dat
2009-05-11 02:46 . 2009-05-11 02:42 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Mp3tag
2009-05-11 02:35 . 2009-05-11 02:35 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\ABF software
2009-05-11 01:33 . 2008-12-26 05:13 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Xilisoft Corporation
2009-05-09 20:56 . 2009-05-09 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-05-07 22:58 . 2008-12-14 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-05-03 16:01 . 2009-05-03 16:01 18718 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{FEBD8252-B3B4-48AF-8DAC-64A1B47403DD}\_4ae13d6c.exe
2009-05-03 16:01 . 2009-05-03 16:01 18718 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{FEBD8252-B3B4-48AF-8DAC-64A1B47403DD}\_2cd672ae.exe
2009-05-03 16:01 . 2009-05-03 16:01 18718 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{FEBD8252-B3B4-48AF-8DAC-64A1B47403DD}\_294823.exe
2009-05-03 16:01 . 2009-05-03 16:01 1078 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{FEBD8252-B3B4-48AF-8DAC-64A1B47403DD}\_18be6784.exe
2009-04-11 18:11 . 2009-04-11 18:11 152576 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-05-22 14:08 1168264 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-19 133104]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-04-09 228808]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-01 7311360]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-01 1948440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-30 520024]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-01-12 15961088]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-12-01 1519616]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-22 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-5-8 113664]
hp psc 1000 series.lnk - c:\program files\HP\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\HP\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-01 12:32 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lavasoft ad-aware service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Nexon\\MapleStory\\MapleStory.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\WINDOWS\\system32\\fscagent.exe"=
"c:\\WINDOWS\\system32\\clubbox.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\HPZipm12.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56066:TCP"= 56066:TCP:Pando Media Booster
"56066:UDP"= 56066:UDP:Pando Media Booster

R0 lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/19/2009 3:03 PM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/14/2008 5:01 PM 327688]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/14/2008 5:01 PM 298776]
R2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:02]

2009-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2008-10-08 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8215383282.job
- c:\program files\HP\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 04:52]

2009-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3457968227-1696198946-2310776188-1009Core.job
- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-19 02:22]

2009-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3457968227-1696198946-2310776188-1009UA.job
- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-19 02:22]

2009-07-06 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-05-22 14:08]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Rainlendar2 - c:\program files\Rainlendar2\Rainlendar2.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-PCDrProfiler - (no file)
Notify-byXRlLCv - (no file)
Notify-nnnllLBq - (no file)

.
------- Supplementary Scan -------
.
uStart Page = www.facebook.com/home.php?
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN...&c=
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN...&c=
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {5888E710-0C1D-4CC8-BCBF-3971B959BB5C} - hxxp://www.iple.com/cache/ActiveX/axau.cab
DPF: {BCA9A936-F557-408E-8301-D5B2B302EFD6} - hxxp://web.spaceillusion.com/help/iDanceUpdater1034.cab
DPF: {E4E22CA7-4BD7-424C-ADBF-3832919AA6BE} - hxxp://messenger.iple.com/download/IpleImageUploader.cab
DPF: {ED1DE51C-2677-450A-8BC1-764218137696} - hxxp://www.iple.com/cache/cab/DMAU.cab
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\19eh7x3l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type...8&e
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 11:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(940)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(2924)
c:\progra~1\WINDOW~1\wmpband.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-07-06 11:59 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-06 15:58

Pre-Run: 44,859,506,688 bytes free
Post-Run: 52,486,402,048 bytes free

291 --- E O F --- 2008-12-11 11:23

GooredFix

GooredFix by jpshortstuff (03.07.09)
Log created at 12:04 on 06/07/2009 (Compaq_Owner)
Firefox version 3.0.11 (en-US)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [23:11 19/05/2009]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [16:30 23/06/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox" [21:01 14/12/2008]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [03:24 24/12/2008]

-=E.O.F=-

greyknight17 · Joined: Feb 03, 2003 Posts: 5674 Location: Brooklyn, NY

Delete this folder if found:

c:\documents and settings\All Users\Application Data\Viewpoint

Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.

xlilhammx · Joined: Jun 29, 2009 Posts: 6

Deleted & uninstalled, thanks so much for your help!