Solve : Befuddled... Mozilla hijacks and something else?

1.	Solve : Befuddled... Mozilla hijacks and something else?
Answer» Delete ComboFix and download a new copy. If you already have ComboFix be sure to delete it and download a new copy. Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 Note: It is important that it is saved directly to your Desktop DO NOT run it yet! Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: File:: C:\WINDOWS\Tasks\YNQPXOGR.job Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\RunOnce] "Uninstall Adobe Download Manager"=- 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze*Okay, I let combofix do it's job... But I forgot to turn off anti-virus so it had a problem downloading at first but after realizing my mistake it didn't take log... Here is that log from combofix... ComboFix 09-12-20.08 - St. Asmodeus 12/21/2009 15:13:37.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1902.1315 [GMT -6:00] Running from: c:\documents and settings\St. Asmodeus\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\St. Asmodeus\Desktop\CFScript.txt AV: McAfee VirusScan On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall enabled {94894B63-8C7F-4050-BDA4-813CA00DA3E8} FILE :: "c:\windows\Tasks\YNQPXOGR.job" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Tasks\YNQPXOGR.job c:\windows\Temp\0218441261345893mcinst.exe . ((((((((((((((((((((((((( Files Created from 2009-11-21 to 2009-12-21 ))))))))))))))))))))))))))))))) . 2009-12-21 10:27 . 2009-12-21 10:29 141526 ----a-w- C:\MGlogs.zip 2009-12-21 10:27 . 2009-12-21 10:29 -------- d-----w- C:\MGtools 2009-12-20 14:58 . 2009-12-20 14:58 -------- d-sh--w- c:\documents and settings\St. Asmodeus\IECompatCache 2009-12-20 01:58 . 2009-12-20 02:21 -------- d-----w- c:\documents and settings\St. Asmodeus\Application Data\Vso 2009-12-20 01:57 . 2009-12-20 01:57 -------- d-----w- c:\program files\VSO 2009-12-18 02:19 . 2009-12-21 21:19 52224 ----a-w- c:\documents and settings\St. Asmodeus\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2009-12-16 21:23 . 2009-12-16 21:23 -------- d-----w- c:\program files\ESET 2009-12-16 01:26 . 2009-12-16 01:26 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-MALWARE\mbam-setup.exe 2009-12-16 01:14 . 2009-12-16 01:14 -------- d-----w- c:\program files\Trend Micro 2009-12-16 00:44 . 2009-12-16 00:44 1 ----a-w- c:\documents and settings\St. Asmodeus\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-12-16 00:43 . 2009-12-16 00:43 -------- d-----w- c:\documents and settings\St. Asmodeus\Application Data\OpenOffice.org 2009-12-16 00:31 . 2009-12-16 00:31 -------- d-----w- c:\program files\JRE 2009-12-16 00:31 . 2009-12-16 00:31 -------- d-----w- c:\program files\OpenOffice.org 3 2009-12-16 00:30 . 2009-12-16 00:29 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-16 00:29 . 2009-12-16 00:29 -------- d-----w- c:\program files\Java 2009-12-16 00:25 . 2009-12-16 00:25 -------- d-sh--w- c:\documents and settings\St. Asmodeus\PrivacIE 2009-12-14 21:53 . 2002-12-17 22:23 33340 ------w- c:\windows\system32\dbmsqlgc.dll 2009-12-14 21:53 . 2002-10-20 20:05 24576 ------w- c:\windows\system32\dbmsgnet.dll 2009-12-14 21:53 . 1998-10-29 21:45 306688 ----a-w- c:\windows\IsUninst.exe 2009-12-14 21:53 . 2009-12-14 21:53 -------- d-----w- c:\program files\Microsoft SQL Server 2009-12-14 21:52 . 2009-12-14 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony 2009-12-14 21:09 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys 2009-12-14 21:08 . 2009-12-14 21:08 -------- d-----w- c:\documents and settings\St. Asmodeus\ErrorLogs 2009-12-14 03:21 . 2009-12-21 21:18 139056 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-12-13 22:45 . 2009-12-13 23:07 -------- d-----w- c:\program files\Easy CD-DA Extractor 2009-12-13 22:45 . 1998-02-07 03:37 299520 ----a-w- c:\windows\uninst.exe 2009-12-13 22:44 . 2009-12-13 22:44 -------- d-----w- c:\documents and settings\St. Asmodeus\WINDOWS 2009-12-13 20:19 . 2008-10-26 04:48 2651951 -c--a-w- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe 2009-12-13 20:18 . 2006-12-01 23:26 57856 -c--a-w- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\Windows\winsxs\7z1v718o.6n8\mfcm80u.dll 2009-12-13 19:18 . 2009-12-13 19:18 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-12-13 19:17 . 2009-12-13 19:17 -------- d-----w- c:\program files\ACW 2009-12-13 18:45 . 2009-12-13 18:45 -------- d-----w- c:\documents and settings\St. Asmodeus\DoctorWeb 2009-12-13 18:17 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-12-13 18:17 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-12-13 18:17 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-12-13 18:17 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-12-13 18:17 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-12-13 18:17 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-12-13 17:59 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-12-13 17:55 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-12-13 17:53 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-12-13 17:53 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-12-13 17:53 . 2009-08-04 14:20 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-12-13 07:34 . 2009-12-13 07:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2009-12-13 06:24 . 2009-12-13 06:24 -------- d--h--w- c:\windows\system32\GroupPolicy 2009-12-13 06:00 . 2009-12-13 06:00 -------- d-----w- c:\windows\McAfee.com 2009-12-13 00:03 . 2001-08-18 04:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll 2009-12-13 00:02 . 2008-04-14 05:41 400384 -c--a-w- c:\windows\system32\dllcache\fxsxp32.dll 2009-12-12 23:59 . 2001-08-23 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe 2009-12-12 23:51 . 2008-04-14 04:05 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys 2009-12-12 23:48 . 2001-08-23 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll 2009-12-12 23:48 . 2001-08-23 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll 2009-12-12 23:48 . 2001-08-23 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll 2009-12-12 23:48 . 2001-08-23 12:00 13312 ----a-w- c:\windows\system32\irclass.dll 2009-12-12 21:32 . 2009-12-12 21:32 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-12-12 21:31 . 2009-12-12 21:31 132096 --sha-r- c:\windows\system32\appmgmtsr.dll 2009-12-12 21:21 . 2009-12-12 21:21 -------- d-----w- c:\program files\DVDFab 6 2009-12-12 20:43 . 2009-12-12 20:43 368640 ----a-w- c:\windows\system32\ReWire.dll 2009-12-12 20:43 . 2009-12-12 20:43 233472 ----a-w- c:\windows\system32\REX Shared Library.dll 2009-12-12 20:38 . 2009-12-12 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Propellerhead Software 2009-12-12 20:38 . 2009-12-12 20:45 -------- d-----w- c:\documents and settings\St. Asmodeus\Application Data\Propellerhead Software 2009-12-12 20:28 . 2009-12-12 20:28 -------- d-----w- c:\program files\Propellerhead 2009-12-12 18:13 . 2009-12-14 21:55 -------- d-----w- c:\program files\Sony Setup 2009-12-10 22:52 . 2009-12-10 22:52 -------- d-----w- c:\documents and settings\St. Asmodeus\Local Settings\Application Data\Ahead 2009-12-10 22:49 . 2009-12-10 22:53 -------- d-----w- c:\documents and settings\St. Asmodeus\Application Data\Ahead 2009-12-10 22:48 . 2009-12-10 22:52 -------- d-----w- c:\program files\Common Files\Ahead 2009-12-10 22:48 . 2009-12-10 22:48 -------- d-----w- c:\program files\Nero 2009-12-09 01:47 . 2009-12-09 01:47 -------- d-----w- c:\program files\Common Files\Adobe 2009-12-09 01:45 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\St. Asmodeus\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-12-09 01:44 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-12-09 01:44 . 2009-12-09 01:44 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-12-09 01:44 . 2009-12-09 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan 2009-12-09 01:44 . 2009-12-09 01:50 -------- d-----w- c:\documents and settings\St. Asmodeus\Local Settings\Application Data\Adobe 2009-12-09 01:44 . 2009-12-09 01:44 -------- d-----w- c:\program files\McAfee Security Scan 2009-12-09 01:43 . 2009-12-09 01:43 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe 2009-12-09 01:42 . 2009-12-21 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-12-09 01:37 . 2009-12-09 01:37 -------- d-----w- c:\documents and settings\St. Asmodeus\Application Data\U3 2009-12-06 21:16 . 2009-12-06 21:16 -------- d-----w- c:\program files\ASIO4ALL v2 2009-12-06 21:15 . 2009-12-06 21:15 -------- d-----w- c:\program files\Outsim 2009-12-06 21:11 . 2009-12-06 21:15 -------- d-----w- c:\program files\Image-Line 2009-12-06 21:06 . 2009-12-21 10:29 -------- d-----w- c:\documents and settings\St. Asmodeus\Local Settings\Application Data\ApplicationHistory 2009-12-06 20:53 . 2006-08-16 15:23 21888 ----a-w- c:\windows\system32\drivers\ma_cmidi.sys 2009-12-06 20:53 . 2006-08-16 15:23 86016 ----a-w- c:\windows\system32\ma_cmidn.dll 2009-12-06 20:53 . 2006-08-16 15:24 82944 ----a-w- c:\windows\system32\USBMN1X1.DLL 2009-12-06 20:53 . 2006-08-16 15:24 24128 ----a-w- c:\windows\system32\drivers\USBMM1X1.SYS 2009-12-06 20:53 . 2006-08-16 15:24 22208 ----a-w- c:\windows\system32\drivers\USBMN1X1.SYS 2009-12-06 20:53 . 2006-08-16 15:24 17920 ----a-w- c:\windows\system32\USBMM1X1.DLL 2009-12-06 20:53 . 2006-08-16 15:24 13504 ----a-w- c:\windows\system32\drivers\USB11LDR.SYS 2009-12-06 20:53 . 2006-08-16 15:24 12272 ----a-w- c:\windows\system32\USBMM1X1.DRV 2009-12-06 20:53 . 2006-08-16 15:23 14272 ----a-w- c:\windows\system32\MA_CMIDI.DRV 2009-12-06 20:53 . 2006-08-16 15:23 17920 ----a-w- c:\windows\system32\MA_CMIDI.DLL 2009-12-06 20:30 . 2009-12-06 20:30 -------- d-----w- c:\windows\system32\XPSViewer 2009-12-06 20:30 . 2009-12-06 20:30 -------- d-----w- c:\program files\MSBuild 2009-12-06 20:30 . 2009-12-06 20:30 -------- d-----w- c:\program files\Reference Assemblies 2009-12-06 20:29 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2009-12-06 20:29 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-12-06 20:29 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-12-06 20:29 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2009-12-06 20:29 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-12-06 20:03 . 2009-12-06 20:03 -------- d-----w- c:\documents and settings\St. Asmodeus\Application Data\HpUpdate 2009-12-06 20:03 . 2009-12-06 20:03 -------- d-----w- c:\windows\Hewlett-Packard 2009-12-05 18:51 . 2009-12-20 01:56 -------- d-----w- c:\documents and settings\St. Asmodeus\Application Data\BitTorrent 2009-12-05 18:48 . 2009-12-05 18:48 -------- d-----w- c:\documents and settings\St. Asmodeus\Application Data\NetMedia Providers 2009-12-05 18:48 . 2009-12-12 18:20 -------- d-----w- c:\documents and settings\St. Asmodeus\Local Settings\Application Data\Sony 2009-12-05 18:44 . 2009-12-05 18:44 -------- d-----w- c:\program files\Microsoft.NET 2009-12-05 18:33 . 2009-12-06 21:15 -------- d-----w- c:\program files\VSTplugins 2009-12-05 18:33 . 2009-12-05 18:33 -------- d-----w- c:\documents and settings\St. Asmodeus\Application Data\Publish Providers 2009-12-05 18:32 . 2009-12-14 21:52 -------- d-----w- c:\documents and settings\St. Asmodeus\Application Data\Sony 2009-12-05 18:29 . 2009-12-12 18:14 -------- d-----w- c:\program files\Sony 2009-12-05 18:27 . 2009-12-05 18:28 -------- d-----w- c:\windows\system32\URTTemp 2009-12-05 18:13 . 2009-12-05 18:13 -------- d-----w- c:\program files\PowerISO 2009-12-05 01:57 . 2009-12-05 01:57 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-12-04 22:09 . 2009-12-04 22:11 -------- d-----w- c:\documents and settings\St. Asmodeus\Application Data\Ventrilo 2009-12-04 22:07 . 2009-12-04 22:07 -------- d-----w- c:\program files\Ventrilo 2009-12-04 22:04 . 2009-12-20 22:35 138328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-12-04 22:03 . 2009-12-20 22:34 214816 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-12-04 22:02 . 2009-12-04 22:02 -------- d-----w- c:\windows\system32\LogFiles 2009-12-04 22:02 . 2009-12-04 22:02 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-12-04 22:02 . 2009-12-04 22:02 -------- d-----w- c:\documents and settings\St. Asmodeus\Local Settings\Application Data\PunkBuster 2009-12-04 21:57 . 2009-12-04 22:01 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory 2009-12-04 21:46 . 2009-12-04 21:46 -------- d-sh--w- c:\documents and settings\St. Asmodeus\IETldCache 2009-12-04 21:32 . 2009-12-04 21:32 -------- d-----w- c:\windows\ie8updates 2009-12-04 21:30 . 2009-12-04 21:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee 2009-12-04 21:30 . 2009-12-16 01:42 -------- dc-h--w- c:\windows\ie8 2009-12-04 21:17 . 2009-12-04 21:17 -------- d-----w- c:\documents and settings\St. Asmodeus\Application Data\Logitech . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-20 14:56 . 2009-12-01 00:50 20432 ----a-w- c:\documents and settings\St. Asmodeus\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-13 20:26 . 2009-12-13 20:26 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C} 2009-12-13 20:20 . 2009-12-13 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner 2009-12-13 20:19 . 2009-12-13 20:19 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F} 2009-12-12 23:57 . 2009-12-01 00:38 23348 ----a-w- c:\windows\system32\emptyregdb.dat 2009-12-12 23:57 . 2009-12-01 00:38 -------- d-----w- c:\program files\Windows Media Connect 2 2009-12-04 21:14 . 2009-12-04 21:14 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2009-12-04 21:14 . 2009-12-04 21:14 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf 2009-12-04 21:14 . 2009-12-04 21:14 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-12-03 00:51 . 2009-12-01 00:41 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-12-01 00:58 . 2009-12-01 00:58 -------- d-----w- c:\program files\BitTorrent 2009-12-01 00:57 . 2009-12-01 00:57 0 ----a-w- c:\windows\nsreg.dat 2009-12-01 00:42 . 2009-12-01 00:42 -------- d-----w- c:\program files\microsoft frontpage 2009-11-20 11:08 . 2009-12-13 05:54 38784 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-11-04 22:54 . 2009-11-04 22:54 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-10-29 07:45 . 2008-04-14 05:42 916480 ------w- c:\windows\system32\wininet.dll 2009-10-21 05:38 . 2008-04-14 05:42 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38 . 2008-04-14 05:41 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2008-04-14 00:23 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 10:30 . 2008-04-14 05:42 270336 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:38 . 2008-04-14 05:42 149504 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:38 . 2008-04-14 05:42 79872 ----a-w- c:\windows\system32\raschap.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-18 2002160] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-02-01 98304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808] "M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2008-05-15 356864] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2006-03-18 184320] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "RTHDCPL"="RTHDCPL.EXE" [2006-07-27 16120832] c:\documents and settings\St. Asmodeus\Start Menu\Programs\Startup\ SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2007-9-17 2902528] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-4 805392] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 08:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi1"=ma_cmidn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] ="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] ="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] ="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= R0 amdide1;amdide1;c:\windows\system32\drivers\amdide1.sys [8/31/2009 5:38 AM 9096] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/30/2009 7:17 PM 93320] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408] S0 3112Rx47;3112Rx47;c:\windows\system32\drivers\3112Rx47.sys [8/31/2009 5:39 AM 110128] S2 0218441261345893mcinstcleanup;McAfee Application Installer Cleanup (0218441261345893);c:\windows\TEMP\021844~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\021844~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?] S3 MAUSBFT;Service for M-Audio Fast Track USB (WDM);c:\windows\system32\drivers\mausbft.sys [12/1/2009 6:15 PM 132096] --- Other Services/Drivers In Memory --- NewlyCreated - 0218441261345893MCINSTCLEANUP [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com FF - ProfilePath - c:\documents and settings\St. Asmodeus\Application Data\Mozilla\Firefox\Profiles\eo7e0plm.default\ FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-21 15:21 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(560) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll c:\documents and settings\St. Asmodeus\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL c:\documents and settings\St. Asmodeus\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll c:\windows\system32\Ati2evxx.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll - - - - - - - > 'explorer.exe'(2700) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\webcheck.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\progra~1\McAfee\VIRUSS~1\mcshield.exe c:\program files\McAfee\MPF\MPFSrv.exe c:\program files\McAfee\MSK\MskSrver.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\windows\system32\Ati2evxx.exe c:\progra~1\mcafee.com\agent\mcagent.exe c:\windows\RTHDCPL.EXE c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe . ************************************************************************ . Completion time: 2009-12-21 15:27:16 - machine was rebooted ComboFix-quarantined-files.txt 2009-12-21 21:27 ComboFix2.txt 2009-12-19 22:24 Pre-Run: 111,551,311,872 bytes free Post-Run: 111,516,999,680 bytes free - - End Of File - - D393E5DC0CB69BAA980CF675482C05BF [Saving space, attachment deleted by admin]Are you still getting the redirects?No more redirects.... Thank You so much. I could not help notice that it might have something to do with "c:\windows\Tasks\YNQPXOGR.job" I saw a file like that before in a spyware\malware I deleted and removed right before I got this problem... Thank you again so much is there any other scans or logs you need me to do? Yes it was the YNQPXOGR.job file. Time to clean up. Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have done. * Click START then RUN * Now type Combofix /Uninstall in the runbox * Make sure there's a space between Combofix and /Uninstall * Then hit Enter. The above procedure will: * Delete: ComboFix and its associated files and folders. * Reset the clock settings. * Hide file extensions, if required. * Hide System/Hidden files, if required. * Set a new, clean Restore Point. ---------- Go to the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures. ---------- Use the Secunia Software Inspector to check for out of date software. Click Start Now Check the box next to Enable thorough system inspection. Click Start Allow the scan to finish and scroll down to see if any updates are needed. Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan. I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your BROWSER. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in SPYBOT - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for TIPS and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Great! Thank you so much... I'll going through the through the clean process in a couple hours after I have dinner... Thanks again, I'll do have super anti-spyware as my real-time protection but I do believe I will also try some of the other programs you've recommended. Thanks Again for the help... Your welcome. Safe surfing.

Answer»

Delete ComboFix and download a new copy.

If you already have ComboFix be sure to delete it and download a new copy.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]KillAll::

File::
C:\WINDOWS\Tasks\YNQPXOGR.job

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\RunOnce]
"Uninstall Adobe Download Manager"=-

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freezeOkay, I let combofix do it's job... But I forgot to turn off anti-virus so it had a problem downloading at first but after realizing my mistake it didn't take log... Here is that log from combofix...

ComboFix 09-12-20.08 - St. Asmodeus 12/21/2009 15:13:37.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1902.1315 [GMT -6:00]
Running from: c:\documents and settings\St. Asmodeus\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\St. Asmodeus\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\Tasks\YNQPXOGR.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\YNQPXOGR.job
c:\windows\Temp\0218441261345893mcinst.exe

.
((((((((((((((((((((((((( Files Created from 2009-11-21 to 2009-12-21 )))))))))))))))))))))))))))))))
.

2009-12-21 10:27 . 2009-12-21 10:29   141526   ----a-w-   C:\MGlogs.zip
2009-12-21 10:27 . 2009-12-21 10:29   --------   d-----w-   C:\MGtools
2009-12-20 14:58 . 2009-12-20 14:58   --------   d-sh--w-   c:\documents and settings\St. Asmodeus\IECompatCache
2009-12-20 01:58 . 2009-12-20 02:21   --------   d-----w-   c:\documents and settings\St. Asmodeus\Application Data\Vso
2009-12-20 01:57 . 2009-12-20 01:57   --------   d-----w-   c:\program files\VSO
2009-12-18 02:19 . 2009-12-21 21:19   52224   ----a-w-   c:\documents and settings\St. Asmodeus\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-16 21:23 . 2009-12-16 21:23   --------   d-----w-   c:\program files\ESET
2009-12-16 01:26 . 2009-12-16 01:26   4844296   ----a-w-   c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-MALWARE\mbam-setup.exe
2009-12-16 01:14 . 2009-12-16 01:14   --------   d-----w-   c:\program files\Trend Micro
2009-12-16 00:44 . 2009-12-16 00:44   1   ----a-w-   c:\documents and settings\St. Asmodeus\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-16 00:43 . 2009-12-16 00:43   --------   d-----w-   c:\documents and settings\St. Asmodeus\Application Data\OpenOffice.org
2009-12-16 00:31 . 2009-12-16 00:31   --------   d-----w-   c:\program files\JRE
2009-12-16 00:31 . 2009-12-16 00:31   --------   d-----w-   c:\program files\OpenOffice.org 3
2009-12-16 00:30 . 2009-12-16 00:29   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-12-16 00:29 . 2009-12-16 00:29   --------   d-----w-   c:\program files\Java
2009-12-16 00:25 . 2009-12-16 00:25   --------   d-sh--w-   c:\documents and settings\St. Asmodeus\PrivacIE
2009-12-14 21:53 . 2002-12-17 22:23   33340   ------w-   c:\windows\system32\dbmsqlgc.dll
2009-12-14 21:53 . 2002-10-20 20:05   24576   ------w-   c:\windows\system32\dbmsgnet.dll
2009-12-14 21:53 . 1998-10-29 21:45   306688   ----a-w-   c:\windows\IsUninst.exe
2009-12-14 21:53 . 2009-12-14 21:53   --------   d-----w-   c:\program files\Microsoft SQL Server
2009-12-14 21:52 . 2009-12-14 21:52   --------   d-----w-   c:\documents and settings\All Users\Application Data\Sony
2009-12-14 21:09 . 2009-10-20 16:20   265728   -c----w-   c:\windows\system32\dllcache\http.sys
2009-12-14 21:08 . 2009-12-14 21:08   --------   d-----w-   c:\documents and settings\St. Asmodeus\ErrorLogs
2009-12-14 03:21 . 2009-12-21 21:18   139056   ----a-w-   c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-13 22:45 . 2009-12-13 23:07   --------   d-----w-   c:\program files\Easy CD-DA Extractor
2009-12-13 22:45 . 1998-02-07 03:37   299520   ----a-w-   c:\windows\uninst.exe
2009-12-13 22:44 . 2009-12-13 22:44   --------   d-----w-   c:\documents and settings\St. Asmodeus\WINDOWS
2009-12-13 20:19 . 2008-10-26 04:48   2651951   -c--a-w-   c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe
2009-12-13 20:18 . 2006-12-01 23:26   57856   -c--a-w-   c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\Windows\winsxs\7z1v718o.6n8\mfcm80u.dll
2009-12-13 19:18 . 2009-12-13 19:18   --------   d-sh--w-   c:\documents and settings\Administrator\IETldCache
2009-12-13 19:17 . 2009-12-13 19:17   --------   d-----w-   c:\program files\ACW
2009-12-13 18:45 . 2009-12-13 18:45   --------   d-----w-   c:\documents and settings\St. Asmodeus\DoctorWeb
2009-12-13 18:17 . 2009-10-29 07:45   12800   -c----w-   c:\windows\system32\dllcache\xpshims.dll
2009-12-13 18:17 . 2009-10-29 07:45   594432   -c----w-   c:\windows\system32\dllcache\msfeeds.dll
2009-12-13 18:17 . 2009-10-29 07:45   55296   -c----w-   c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-13 18:17 . 2009-10-29 07:45   246272   -c----w-   c:\windows\system32\dllcache\ieproxy.dll
2009-12-13 18:17 . 2009-10-29 07:45   1985536   -c----w-   c:\windows\system32\dllcache\iertutil.dll
2009-12-13 18:17 . 2009-10-29 07:45   11069952   -c----w-   c:\windows\system32\dllcache\ieframe.dll
2009-12-13 17:59 . 2008-06-13 11:05   272128   -c----w-   c:\windows\system32\dllcache\bthport.sys
2009-12-13 17:55 . 2008-10-24 11:21   455296   -c----w-   c:\windows\system32\dllcache\mrxsmb.sys
2009-12-13 17:53 . 2009-08-04 15:13   2145280   -c----w-   c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-13 17:53 . 2009-08-04 14:20   2023936   -c----w-   c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-13 17:53 . 2009-08-04 14:20   2066048   -c----w-   c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-13 07:34 . 2009-12-13 07:34   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-12-13 06:24 . 2009-12-13 06:24   --------   d--h--w-   c:\windows\system32\GroupPolicy
2009-12-13 06:00 . 2009-12-13 06:00   --------   d-----w-   c:\windows\McAfee.com
2009-12-13 00:03 . 2001-08-18 04:36   38912   -c--a-w-   c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-12-13 00:02 . 2008-04-14 05:41   400384   -c--a-w-   c:\windows\system32\dllcache\fxsxp32.dll
2009-12-12 23:59 . 2001-08-23 12:00   16384   -c--a-w-   c:\windows\system32\dllcache\isignup.exe
2009-12-12 23:51 . 2008-04-14 04:05   20992   ----a-w-   c:\windows\system32\drivers\RTL8139.sys
2009-12-12 23:48 . 2001-08-23 12:00   24661   -c--a-w-   c:\windows\system32\dllcache\spxcoins.dll
2009-12-12 23:48 . 2001-08-23 12:00   24661   ----a-w-   c:\windows\system32\spxcoins.dll
2009-12-12 23:48 . 2001-08-23 12:00   13312   -c--a-w-   c:\windows\system32\dllcache\irclass.dll
2009-12-12 23:48 . 2001-08-23 12:00   13312   ----a-w-   c:\windows\system32\irclass.dll
2009-12-12 21:32 . 2009-12-12 21:32   --------   d-sh--w-   c:\documents and settings\LocalService\IETldCache
2009-12-12 21:31 . 2009-12-12 21:31   132096   --sha-r-   c:\windows\system32\appmgmtsr.dll
2009-12-12 21:21 . 2009-12-12 21:21   --------   d-----w-   c:\program files\DVDFab 6
2009-12-12 20:43 . 2009-12-12 20:43   368640   ----a-w-   c:\windows\system32\ReWire.dll
2009-12-12 20:43 . 2009-12-12 20:43   233472   ----a-w-   c:\windows\system32\REX Shared Library.dll
2009-12-12 20:38 . 2009-12-12 20:38   --------   d-----w-   c:\documents and settings\All Users\Application Data\Propellerhead Software
2009-12-12 20:38 . 2009-12-12 20:45   --------   d-----w-   c:\documents and settings\St. Asmodeus\Application Data\Propellerhead Software
2009-12-12 20:28 . 2009-12-12 20:28   --------   d-----w-   c:\program files\Propellerhead
2009-12-12 18:13 . 2009-12-14 21:55   --------   d-----w-   c:\program files\Sony Setup
2009-12-10 22:52 . 2009-12-10 22:52   --------   d-----w-   c:\documents and settings\St. Asmodeus\Local Settings\Application Data\Ahead
2009-12-10 22:49 . 2009-12-10 22:53   --------   d-----w-   c:\documents and settings\St. Asmodeus\Application Data\Ahead
2009-12-10 22:48 . 2009-12-10 22:52   --------   d-----w-   c:\program files\Common Files\Ahead
2009-12-10 22:48 . 2009-12-10 22:48   --------   d-----w-   c:\program files\Nero
2009-12-09 01:47 . 2009-12-09 01:47   --------   d-----w-   c:\program files\Common Files\Adobe
2009-12-09 01:45 . 2009-11-20 11:08   38784   ----a-w-   c:\documents and settings\St. Asmodeus\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-09 01:44 . 2009-11-20 11:08   38784   ----a-w-   c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-09 01:44 . 2009-12-09 01:44   --------   d-----w-   c:\program files\Common Files\Adobe AIR
2009-12-09 01:44 . 2009-12-09 01:44   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-12-09 01:44 . 2009-12-09 01:50   --------   d-----w-   c:\documents and settings\St. Asmodeus\Local Settings\Application Data\Adobe
2009-12-09 01:44 . 2009-12-09 01:44   --------   d-----w-   c:\program files\McAfee Security Scan
2009-12-09 01:43 . 2009-12-09 01:43   86016   ----a-w-   c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-12-09 01:42 . 2009-12-21 21:12   --------   d-----w-   c:\documents and settings\All Users\Application Data\NOS
2009-12-09 01:37 . 2009-12-09 01:37   --------   d-----w-   c:\documents and settings\St. Asmodeus\Application Data\U3
2009-12-06 21:16 . 2009-12-06 21:16   --------   d-----w-   c:\program files\ASIO4ALL v2
2009-12-06 21:15 . 2009-12-06 21:15   --------   d-----w-   c:\program files\Outsim
2009-12-06 21:11 . 2009-12-06 21:15   --------   d-----w-   c:\program files\Image-Line
2009-12-06 21:06 . 2009-12-21 10:29   --------   d-----w-   c:\documents and settings\St. Asmodeus\Local Settings\Application Data\ApplicationHistory
2009-12-06 20:53 . 2006-08-16 15:23   21888   ----a-w-   c:\windows\system32\drivers\ma_cmidi.sys
2009-12-06 20:53 . 2006-08-16 15:23   86016   ----a-w-   c:\windows\system32\ma_cmidn.dll
2009-12-06 20:53 . 2006-08-16 15:24   82944   ----a-w-   c:\windows\system32\USBMN1X1.DLL
2009-12-06 20:53 . 2006-08-16 15:24   24128   ----a-w-   c:\windows\system32\drivers\USBMM1X1.SYS
2009-12-06 20:53 . 2006-08-16 15:24   22208   ----a-w-   c:\windows\system32\drivers\USBMN1X1.SYS
2009-12-06 20:53 . 2006-08-16 15:24   17920   ----a-w-   c:\windows\system32\USBMM1X1.DLL
2009-12-06 20:53 . 2006-08-16 15:24   13504   ----a-w-   c:\windows\system32\drivers\USB11LDR.SYS
2009-12-06 20:53 . 2006-08-16 15:24   12272   ----a-w-   c:\windows\system32\USBMM1X1.DRV
2009-12-06 20:53 . 2006-08-16 15:23   14272   ----a-w-   c:\windows\system32\MA_CMIDI.DRV
2009-12-06 20:53 . 2006-08-16 15:23   17920   ----a-w-   c:\windows\system32\MA_CMIDI.DLL
2009-12-06 20:30 . 2009-12-06 20:30   --------   d-----w-   c:\windows\system32\XPSViewer
2009-12-06 20:30 . 2009-12-06 20:30   --------   d-----w-   c:\program files\MSBuild
2009-12-06 20:30 . 2009-12-06 20:30   --------   d-----w-   c:\program files\Reference Assemblies
2009-12-06 20:29 . 2008-07-06 12:06   89088   ----a-w-   c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-06 20:29 . 2008-07-06 12:06   575488   ------w-   c:\windows\system32\xpsshhdr.dll
2009-12-06 20:29 . 2008-07-06 12:06   117760   ------w-   c:\windows\system32\prntvpt.dll
2009-12-06 20:29 . 2008-07-06 10:50   597504   ------w-   c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-12-06 20:29 . 2008-07-06 12:06   1676288   ------w-   c:\windows\system32\xpssvcs.dll
2009-12-06 20:03 . 2009-12-06 20:03   --------   d-----w-   c:\documents and settings\St. Asmodeus\Application Data\HpUpdate
2009-12-06 20:03 . 2009-12-06 20:03   --------   d-----w-   c:\windows\Hewlett-Packard
2009-12-05 18:51 . 2009-12-20 01:56   --------   d-----w-   c:\documents and settings\St. Asmodeus\Application Data\BitTorrent
2009-12-05 18:48 . 2009-12-05 18:48   --------   d-----w-   c:\documents and settings\St. Asmodeus\Application Data\NetMedia Providers
2009-12-05 18:48 . 2009-12-12 18:20   --------   d-----w-   c:\documents and settings\St. Asmodeus\Local Settings\Application Data\Sony
2009-12-05 18:44 . 2009-12-05 18:44   --------   d-----w-   c:\program files\Microsoft.NET
2009-12-05 18:33 . 2009-12-06 21:15   --------   d-----w-   c:\program files\VSTplugins
2009-12-05 18:33 . 2009-12-05 18:33   --------   d-----w-   c:\documents and settings\St. Asmodeus\Application Data\Publish Providers
2009-12-05 18:32 . 2009-12-14 21:52   --------   d-----w-   c:\documents and settings\St. Asmodeus\Application Data\Sony
2009-12-05 18:29 . 2009-12-12 18:14   --------   d-----w-   c:\program files\Sony
2009-12-05 18:27 . 2009-12-05 18:28   --------   d-----w-   c:\windows\system32\URTTemp
2009-12-05 18:13 . 2009-12-05 18:13   --------   d-----w-   c:\program files\PowerISO
2009-12-05 01:57 . 2009-12-05 01:57   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
2009-12-04 22:09 . 2009-12-04 22:11   --------   d-----w-   c:\documents and settings\St. Asmodeus\Application Data\Ventrilo
2009-12-04 22:07 . 2009-12-04 22:07   --------   d-----w-   c:\program files\Ventrilo
2009-12-04 22:04 . 2009-12-20 22:35   138328   ----a-w-   c:\windows\system32\drivers\PnkBstrK.sys
2009-12-04 22:03 . 2009-12-20 22:34   214816   ----a-w-   c:\windows\system32\PnkBstrB.exe
2009-12-04 22:02 . 2009-12-04 22:02   --------   d-----w-   c:\windows\system32\LogFiles
2009-12-04 22:02 . 2009-12-04 22:02   75064   ----a-w-   c:\windows\system32\PnkBstrA.exe
2009-12-04 22:02 . 2009-12-04 22:02   --------   d-----w-   c:\documents and settings\St. Asmodeus\Local Settings\Application Data\PunkBuster
2009-12-04 21:57 . 2009-12-04 22:01   --------   d-----w-   c:\program files\Wolfenstein - Enemy Territory
2009-12-04 21:46 . 2009-12-04 21:46   --------   d-sh--w-   c:\documents and settings\St. Asmodeus\IETldCache
2009-12-04 21:32 . 2009-12-04 21:32   --------   d-----w-   c:\windows\ie8updates
2009-12-04 21:30 . 2009-12-04 21:30   --------   d-----w-   c:\documents and settings\LocalService\Application Data\McAfee
2009-12-04 21:30 . 2009-12-16 01:42   --------   dc-h--w-   c:\windows\ie8
2009-12-04 21:17 . 2009-12-04 21:17   --------   d-----w-   c:\documents and settings\St. Asmodeus\Application Data\Logitech

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 14:56 . 2009-12-01 00:50   20432   ----a-w-   c:\documents and settings\St. Asmodeus\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-13 20:26 . 2009-12-13 20:26   --------   dc-h--w-   c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}
2009-12-13 20:20 . 2009-12-13 20:19   --------   d-----w-   c:\documents and settings\All Users\Application Data\DriverScanner
2009-12-13 20:19 . 2009-12-13 20:19   --------   dc-h--w-   c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-12-12 23:57 . 2009-12-01 00:38   23348   ----a-w-   c:\windows\system32\emptyregdb.dat
2009-12-12 23:57 . 2009-12-01 00:38   --------   d-----w-   c:\program files\Windows Media Connect 2
2009-12-04 21:14 . 2009-12-04 21:14   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-12-04 21:14 . 2009-12-04 21:14   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-12-04 21:14 . 2009-12-04 21:14   0   ---ha-w-   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-12-03 00:51 . 2009-12-01 00:41   86327   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-01 00:58 . 2009-12-01 00:58   --------   d-----w-   c:\program files\BitTorrent
2009-12-01 00:57 . 2009-12-01 00:57   0   ----a-w-   c:\windows\nsreg.dat
2009-12-01 00:42 . 2009-12-01 00:42   --------   d-----w-   c:\program files\microsoft frontpage
2009-11-20 11:08 . 2009-12-13 05:54   38784   ----a-w-   c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-04 22:54 . 2009-11-04 22:54   214664   ----a-w-   c:\windows\system32\drivers\mfehidk.sys
2009-10-29 07:45 . 2008-04-14 05:42   916480   ------w-   c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2008-04-14 05:42   75776   ----a-w-   c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-14 05:41   25088   ----a-w-   c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 00:23   265728   ----a-w-   c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2008-04-14 05:42   270336   ----a-w-   c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-14 05:42   149504   ----a-w-   c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-14 05:42   79872   ----a-w-   c:\windows\system32\raschap.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-18 2002160]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-02-01 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2008-05-15 356864]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2006-03-18 184320]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-27 16120832]

c:\documents and settings\St. Asmodeus\Start Menu\Programs\Startup\
SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2007-9-17 2902528]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-4 805392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 08:42   72208   ----a-w-   c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

R0 amdide1;amdide1;c:\windows\system32\drivers\amdide1.sys [8/31/2009 5:38 AM 9096]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/30/2009 7:17 PM 93320]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408]
S0 3112Rx47;3112Rx47;c:\windows\system32\drivers\3112Rx47.sys [8/31/2009 5:39 AM 110128]
S2 0218441261345893mcinstcleanup;McAfee Application Installer Cleanup (0218441261345893);c:\windows\TEMP\021844~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\021844~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 MAUSBFT;Service for M-Audio Fast Track USB (WDM);c:\windows\system32\drivers\mausbft.sys [12/1/2009 6:15 PM 132096]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 0218441261345893MCINSTCLEANUP

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
FF - ProfilePath - c:\documents and settings\St. Asmodeus\Application Data\Mozilla\Firefox\Profiles\eo7e0plm.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-21 15:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\St. Asmodeus\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\St. Asmodeus\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2700)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2009-12-21 15:27:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-21 21:27
ComboFix2.txt 2009-12-19 22:24

Pre-Run: 111,551,311,872 bytes free
Post-Run: 111,516,999,680 bytes free

- - End Of File - - D393E5DC0CB69BAA980CF675482C05BF

[Saving space, attachment deleted by admin]Are you still getting the redirects?No more redirects....

Thank You so much. I could not help notice that it might have something to do with "c:\windows\Tasks\YNQPXOGR.job" I saw a file like that before in a spyware\malware I deleted and removed right before I got this problem...

Thank you again so much is there any other scans or logs you need me to do?

Yes it was the YNQPXOGR.job file.

Time to clean up.

Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have done.

* Click START then RUN
* Now type Combofix /Uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter.

The above procedure will:
* Delete: ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

----------

Go to the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.

----------

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan.

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your BROWSER. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in SPYBOT - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for TIPS and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Great! Thank you so much...

I'll going through the through the clean process in a couple hours after I have dinner... Thanks again, I'll do have super anti-spyware as my real-time protection but I do believe I will also try some of the other programs you've recommended.

Thanks Again for the help...

Your welcome.

Safe surfing.

Solve : Befuddled... Mozilla hijacks and something else?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment