Search links redirected

Previous topic in AII here: http://www.bleepingcomputer.com/forums/t/312166/google-searches-redirected/ ~ OB

Hi,

Yesterday, I somehow managed to get myself some nasty sort of virus. At first, I wasn't even able to run virus scans or Malwarebytes to get rid of it, so I attempted a system restore. The system restore seemed to solve most of my problems, except my AVG resident shield constantly popped up telling me there was a threat. After running both an AVG scan and Malewarebytes, that problem, too, seems to have subsided.

Now, however, when I clink on links in Google, I am redirected to other websites. I have run Malwarebytes, AVG virus scan, Hitman, and SuperAntiSpyware several times each to no avail.

The DDS scan results are below, however, I was unable to run GMER. The first time I attempted to run it, the scan began, but a few minutes later my computer froze. I assumed this was because I had a couple windows open, so I restarted my computer and tried again with nothing open. This time, I started the scan and went away from my computer, only to return a few minutes later and see that my computer had a blue screen of death.

Edit: I noticed today that sometimes while I'm browsing the internet, a new tab will randomly open up and go to some website as well.

DDS (Ver_10-03-17.01) - NTFSx86
Run by AdamC at 16:45:23.09 on Sat 04/24/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2389 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\V0500Mon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\AdamC\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [V0500Mon.exe] c:\windows\V0500Mon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\adamc\applic~1\mozilla\firefox\profiles\1lvmf0zt.default\
FF - component: c:\documents and settings\adamc\application data\mozilla\firefox\profiles\1lvmf0zt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\adamc\application data\mozilla\firefox\profiles\1lvmf0zt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\adamc\application data\mozilla\firefox\profiles\1lvmf0zt.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\adamc\application data\mozilla\firefox\profiles\1lvmf0zt.default\extensions\npdyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-4 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-4 29512]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-4 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-5-4 353672]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-12-8 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-12-8 234888]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-14 308064]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2009-5-4 22784]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-4-24 15944]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
R3 V0500Dev;Dynex 1.3MP Webcam Driver;c:\windows\system32\drivers\V0500Vid.sys [2009-12-29 251264]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]

=============== Created Last 30 ================


==================== Find3M ====================

2010-04-24 06:13:16 3328 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-04-24 03:52:50 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-10 23:29:03 106496 ----a-w- c:\windows\system32\ATL71.DLL
2010-03-31 01:58:04 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-03-31 01:58:04 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-03-31 01:58:04 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58:04 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58:04 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58:04 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-14 12:04:28 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-14 12:03:50 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-11 02:35:51 79446 -c--a-w- c:\windows\War3Unin.dat
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59:18 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-26 05:43:57 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43:54 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 19:27:36 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27:16 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27:16 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27:16 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-01-27 03:53:29 45576 -c-ha-w- c:\windows\system32\mlfcache.dat

============= FINISH: 16:46:26.75 ===============

Edited by AdamC243, 25 April 2010 - 03:56 PM.

Hello AdamC243 Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.


I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.



In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.


Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.



After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.








I would like for you to try GMER once again but this time uncheck everything but Sections and then give it a try.


Also please run the following prior to attempting GMER again:




RKill by Grinler

Link #1
Link #2
Link #3
Link #4

• Download Link #1.
• Save it to your Desktop.
• Double click the RKill desktop icon.
  If you are using Vista please right click and run as Admin!
• A black screen will briefly flash indicating a successful run.
• If this does not occur please delete that application and download Link #2.
• Continue process until the tool runs.
• If the tool does not run from any of the links tell me about it.

Note: Please post the log in the reply window and do not make it an attachment. Do this with all subsequent replies unless I ask otherwise.







Thanks,



thewall

Edited by thewall, 29 April 2010 - 05:12 PM.

Thanks for helping me, this thing is starting to get rather frustrating. Anyway, I tried running GMER once more with only Sections checked, and my computer froze yet again.

Also, since my first post, I've noticed that my internet spikes when playing online games. This has happened before, but not nearly as frequently as it is now. I'm not sure if this is relevant or not, but I thought it couldn't hurt to mention it.

RKill log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as AdamC on 04/29/2010 at 18:38:19.


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\AdamC\Desktop\rkill.scr


Rkill completed on 04/29/2010 at 18:38:34.

Edited by AdamC243, 29 April 2010 - 05:57 PM.

We'll see if we can get ComboFix to run:



Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Instruction can be found HERE
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

ComboFix log:

ComboFix 10-04-29.04 - AdamC 04/29/2010 21:39:54.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2605 [GMT -4:00]
Running from: c:\documents and settings\AdamC\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\AdamC\Application Data\9C00931F16C80E65058F5EBAE41DB2E3
c:\documents and settings\AdamC\Application Data\9C00931F16C80E65058F5EBAE41DB2E3\enemies-names.txt
c:\documents and settings\AdamC\Application Data\9C00931F16C80E65058F5EBAE41DB2E3\lsrslt.ini
c:\documents and settings\AdamC\Local Settings\Application Data\706991270.dll
c:\windows\system32\drivers\1028_DELL_XPS_Dell DM051 .MRK
c:\windows\system32\drivers\DELL_XPS_Dell DM051 .MRK
c:\windows\system32\pragmabbr.dll.dot
c:\windows\system32\PRAGMAsrcr.dat

Infected copy of c:\windows\system32\drivers\pciide.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-30 )))))))))))))))))))))))))))))))
.

2010-04-29 22:27 . 2010-04-29 21:56 699512 ----a-w- c:\documents and settings\AdamC\Application Data\Mozilla\Firefox\Profiles\1lvmf0zt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-04-29 22:27 . 2010-04-29 21:56 863312 ----a-w- c:\documents and settings\AdamC\Application Data\Mozilla\Firefox\Profiles\1lvmf0zt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-04-29 18:15 . 2010-04-29 18:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-04-29 04:36 . 2010-04-29 04:36 -------- d-----w- c:\documents and settings\AdamC\Application Data\Dell
2010-04-29 04:36 . 2010-04-29 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Prism
2010-04-29 04:36 . 2004-12-08 16:41 229465 ----a-w- c:\windows\system32\PRISMGNA.dll
2010-04-29 04:36 . 2004-12-08 16:39 57433 ----a-w- c:\windows\system32\PRISMSVC.exe
2010-04-29 04:36 . 2004-12-08 16:37 356441 ----a-w- c:\windows\system32\PRISMSVR.exe
2010-04-29 04:36 . 2004-12-08 16:32 426073 ----a-w- c:\windows\system32\PRISMAPI.dll
2010-04-29 04:36 . 2004-10-22 01:07 1388630 ----a-r- c:\windows\system32\PRISME5.dll
2010-04-29 04:32 . 2010-04-29 04:33 -------- d-----w- c:\documents and settings\AdamC\Local Settings\Application Data\Deployment
2010-04-24 17:31 . 2010-04-24 17:31 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-24 17:31 . 2010-04-24 17:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-24 17:30 . 2010-04-25 10:04 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-24 17:26 . 2010-04-29 16:46 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-24 17:26 . 2010-04-24 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-04-24 17:26 . 2010-04-24 17:26 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-24 16:35 . 2010-04-24 16:35 52224 ----a-w- c:\documents and settings\AdamC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-24 16:35 . 2010-04-28 03:35 117760 ----a-w- c:\documents and settings\AdamC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-24 16:34 . 2010-04-24 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-24 16:33 . 2010-04-24 16:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-24 16:33 . 2010-04-24 16:33 -------- d-----w- c:\documents and settings\AdamC\Application Data\SUPERAntiSpyware.com
2010-04-24 08:33 . 2010-04-24 08:33 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-04-24 05:34 . 2010-04-24 05:34 -------- d-----w- c:\program files\Common Files\Java
2010-04-24 05:34 . 2010-04-24 05:34 503808 ----a-w- c:\documents and settings\AdamC\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5bf1e651-n\msvcp71.dll
2010-04-24 05:34 . 2010-04-24 05:34 499712 ----a-w- c:\documents and settings\AdamC\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5bf1e651-n\jmc.dll
2010-04-24 05:34 . 2010-04-24 05:34 348160 ----a-w- c:\documents and settings\AdamC\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5bf1e651-n\msvcr71.dll
2010-04-24 05:34 . 2010-04-24 05:34 61440 ----a-w- c:\documents and settings\AdamC\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-383bd1a3-n\decora-sse.dll
2010-04-24 05:34 . 2010-04-24 05:34 12800 ----a-w- c:\documents and settings\AdamC\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-383bd1a3-n\decora-d3d.dll
2010-04-24 05:33 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-24 04:36 . 2010-04-24 17:38 -------- d-----w- c:\documents and settings\AdamC\Application Data\QuickScan
2010-04-24 03:52 . 2010-04-24 03:52 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-24 03:52 . 2010-04-24 03:52 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-24 03:52 . 2010-04-24 03:52 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-24 03:52 . 2010-04-24 03:52 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-04-24 03:52 . 2010-04-24 03:52 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-04-24 00:22 . 2010-04-24 00:22 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-24 00:19 . 2010-04-24 00:19 54016 ----a-w- c:\windows\system32\drivers\qvtyov.sys
2010-04-24 00:16 . 2010-04-24 00:16 51400 ----a-w- c:\documents and settings\WTF\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-19 00:00 . 2010-04-19 00:00 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-18 23:59 . 2010-04-18 23:53 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-04-18 23:59 . 2010-04-18 23:53 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-04-18 23:59 . 2010-04-18 23:59 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-18 23:59 . 2010-04-18 23:59 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-04-18 23:59 . 2010-04-18 23:59 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-04-18 23:59 . 2010-04-18 23:59 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-04-18 23:59 . 2010-04-20 20:05 -------- d-----w- c:\documents and settings\AdamC\Application Data\DivX
2010-04-18 23:59 . 2010-04-18 23:59 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-04-18 23:54 . 2010-04-18 23:59 -------- d-----w- c:\program files\DivX
2010-04-18 23:53 . 2010-04-18 23:53 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-04-18 23:53 . 2010-04-18 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-04-16 02:47 . 2010-03-26 14:33 43008 ----a-w- c:\documents and settings\AdamC\Application Data\Mozilla\Firefox\Profiles\1lvmf0zt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-04-16 02:47 . 2010-03-26 14:33 1496064 ----a-w- c:\documents and settings\AdamC\Application Data\Mozilla\Firefox\Profiles\1lvmf0zt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-04-16 02:47 . 2010-03-26 14:33 339456 ----a-w- c:\documents and settings\AdamC\Application Data\Mozilla\Firefox\Profiles\1lvmf0zt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-04-16 02:47 . 2010-03-26 14:32 346112 ----a-w- c:\documents and settings\AdamC\Application Data\Mozilla\Firefox\Profiles\1lvmf0zt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-04-12 07:00 . 2010-04-12 07:00 -------- d-----w- c:\program files\MSXML 4.0
2010-04-10 23:34 . 2010-04-10 23:41 -------- d-----w- c:\documents and settings\AdamC\Application Data\Nikon
2010-04-10 23:31 . 2010-04-10 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\MIDI Drivers
2010-04-10 23:29 . 2010-04-10 23:29 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-04-10 23:29 . 2010-04-10 23:29 -------- d-----w- c:\program files\Common Files\Nikon
2010-04-10 23:29 . 2010-04-10 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon
2010-04-10 23:29 . 2010-04-10 23:31 -------- d-----w- c:\program files\Nikon
2010-04-10 23:29 . 2010-04-10 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15
2010-04-10 23:29 . 2010-04-10 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp
2010-04-10 23:29 . 2010-04-10 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Keyboard Layouts
2010-04-10 23:23 . 2010-04-10 23:23 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-01 17:47 . 2010-04-01 17:47 -------- d-----w- c:\documents and settings\AdamC\Application Data\Malwarebytes
2010-04-01 16:59 . 2010-03-29 19:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-01 16:59 . 2010-04-01 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-01 16:59 . 2010-04-01 16:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-01 16:59 . 2010-03-29 19:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-01 16:38 . 2010-04-01 16:38 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-01 16:38 . 2010-04-01 16:38 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-01 16:38 . 2010-04-01 16:38 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-01 16:38 . 2010-04-01 16:38 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-01 16:38 . 2010-04-01 16:38 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-04-01 16:38 . 2010-04-01 16:38 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-01 16:38 . 2010-04-01 16:38 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-01 16:38 . 2010-04-01 16:38 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-01 16:38 . 2010-04-01 16:38 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-01 16:38 . 2010-04-01 16:38 341272 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxch32.dll
2010-04-01 16:38 . 2010-04-01 16:38 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-01 16:38 . 2010-04-01 16:38 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-30 01:38 . 2010-04-30 01:39 1993728 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2010-04-30 01:38 . 2009-12-30 02:56 -------- d-----w- c:\documents and settings\AdamC\Application Data\Skype
2010-04-30 01:26 . 2009-05-12 19:55 -------- d-----w- c:\program files\Warcraft III
2010-04-29 22:51 . 2009-12-30 02:59 -------- d-----w- c:\documents and settings\AdamC\Application Data\skypePM
2010-04-29 21:57 . 2010-04-10 23:29 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2010-04-29 21:54 . 2010-04-10 23:31 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2010-04-29 04:36 . 2009-05-04 19:05 -------- d-----w- c:\program files\Dell Wireless
2010-04-29 04:36 . 2009-05-04 19:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-28 16:03 . 2009-05-06 07:07 3653132 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-04-27 08:07 . 2004-08-12 14:03 3328 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-04-26 16:58 . 2010-04-26 16:59 1963008 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2010-04-24 16:32 . 2009-05-05 00:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-24 05:33 . 2009-06-05 03:59 -------- d-----w- c:\program files\Java
2010-04-24 03:52 . 2009-05-04 20:08 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-24 00:10 . 2010-04-24 00:10 -------- d-----w- c:\documents and settings\WTF\Application Data\Malwarebytes
2010-04-21 13:54 . 2010-04-24 00:24 1936896 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2010-04-14 20:48 . 2009-12-02 01:41 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-14 15:53 . 2009-12-07 02:46 79488 ----a-w- c:\documents and settings\AdamC\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-04-14 07:04 . 2009-05-07 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-10 23:29 . 2003-03-19 16:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
2010-04-10 23:28 . 2009-05-04 19:00 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-01 03:58 . 2009-12-09 02:25 -------- d-----w- c:\documents and settings\AdamC\Application Data\Azureus
2010-03-31 01:58 . 2010-04-18 23:58 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-03-31 01:58 . 2010-04-18 23:58 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-03-31 01:58 . 2010-04-18 23:58 44944 ----a-w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58 . 2010-04-18 23:58 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2010-04-18 23:58 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2010-04-18 23:58 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-29 16:58 . 2010-03-29 17:02 1884672 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2010-03-22 02:43 . 2010-03-22 02:43 -------- d-----w- c:\program files\Common Files\Skype
2010-03-22 02:39 . 2010-03-22 02:42 1881088 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2010-03-17 05:37 . 2010-03-17 05:37 -------- d-----w- c:\program files\Veoh Networks
2010-03-14 12:04 . 2010-03-14 12:04 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-14 12:04 . 2009-05-04 20:08 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-14 12:03 . 2009-05-04 20:08 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-11 02:35 . 2009-05-12 19:58 79446 -c--a-w- c:\windows\War3Unin.dat
2010-03-09 11:09 . 2004-08-12 14:08 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-26 05:43 . 2004-08-12 14:09 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2004-08-12 13:58 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2004-08-12 14:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-16 14:08 . 2004-08-12 14:02 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-12 13:55 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-12 14:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-08 19:24 . 2010-02-08 19:24 72488 -c--a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 17:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-02-22 2633976]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2008-09-05 159744]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"V0500Mon.exe"="c:\windows\V0500Mon.exe" [2007-11-03 32768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-02-24 479232]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-04-28 5937984]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-1-19 113664]
Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe [2010-4-29 925803]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-14 12:04 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMGNA.DLL]
2004-12-08 16:41 229465 ----a-w- c:\windows\system32\PRISMGNA.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\AdamC\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/4/2009 4:08 PM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/4/2009 4:08 PM 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [12/8/2009 10:18 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [12/8/2009 10:18 PM 234888]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/14/2010 8:04 AM 308064]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [4/29/2010 12:36 AM 57433]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [5/4/2009 6:09 PM 22784]
R3 V0500Dev;Dynex 1.3MP Webcam Driver;c:\windows\system32\drivers\V0500Vid.sys [12/29/2009 10:42 PM 251264]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 4:22 PM 34064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\AdamC\Application Data\Mozilla\Firefox\Profiles\1lvmf0zt.default\
FF - component: c:\documents and settings\AdamC\Application Data\Mozilla\Firefox\Profiles\1lvmf0zt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\AdamC\Application Data\Mozilla\Firefox\Profiles\1lvmf0zt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\AdamC\Application Data\Mozilla\Firefox\Profiles\1lvmf0zt.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\AdamC\Application Data\Mozilla\Firefox\Profiles\1lvmf0zt.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-29 21:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(880)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2010-04-29 21:50:13
ComboFix-quarantined-files.txt 2010-04-30 01:49

Pre-Run: 44,165,627,904 bytes free
Post-Run: 44,714,053,632 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 8EBF567182D8B8D6136AE92815693499

That was good. Now we'll run a scan:




It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course. If for some reason it doesn't want to run just let me know and we'll do something else.



Please perform a scan with Kaspersky Online Virus Scanner.
-- Requires free Java Runtime Environment (JRE) to be installed before scanning for malware as ActiveX is no longer being used.
-- This scan will not remove any detected file threats but it will show where they are located so they can be cleaned with other tools.

• Vista users need to right-click the IE or FF Start Menu or Quick Launch Bar icons and Run As Administrator from the context menu.
• Read the "Advantages - Requirements and Limitations" then press the ... button.
• You will be prompted to install an application from Kaspersky. Click the Run button. It will start downloading and installing the scanner and virus definitions.
• When the downloads have finished, you should see 'Database is updated. Ready to scan'. Click on the ... button.
• Make sure these boxes are checked. By default, they should be. If not, please check them and click on the ... button afterwards:
  • Detect malicious programs of the following categories:
    Viruses, Worms, Trojan Horses, Rootkits
    Spyware, Adware, Dialers and other potentially dangerous programs
  • Scan compound files (doesn't apply to the File scan area):
    Archives
    Mail databases
• Click on My Computer under the Scan section. OK any warnings from your protection programs.
• The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
• Once the scan is complete (the 'status' will show complete), click on View Scan Report and any infected objects will be shown.
• Click on Save Report As... and change the Files of type to Text file (.txt)
• Name the file KAVScan_ddmmyy (day, month, year) before clicking on the Save button and save it to your Desktop.
• Copy and paste (Ctrl+C) the saved scan results from that file in your next reply.

-- Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, April 30, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, April 30, 2010 00:05:12
Records in database: 4005685
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 52592
Threats found: 4
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 01:50:40


File name / Threat / Threats count
C:\Documents and Settings\AdamC\Desktop\LWT\LWT.exe Infected: Trojan.Win32.Vilsel.abgj 1
C:\Documents and Settings\AdamC\My Documents\Downloads\LWT.zip Infected: Trojan.Win32.Vilsel.abgj 1
C:\Qoobox\Quarantine\C\Documents and Settings\AdamC\Local Settings\Application Data\706991270.dll.vir Infected: Packed.Win32.Katusha.j 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\pciide.sys.vir Infected: Rootkit.Win32.TDSS.ap 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\pragmabbr.dll.dot.vir Infected: Packed.Win32.Tdss.n 1

Selected area has been scanned.

The objects in Qoobox will be gone when we uninstall ComboFix. We'll try to remove the others manually:




Go to Start > My Computer
Go to Tools > Folder Options
Click on the View tab
Untick the following:

• Hide extensions for known file types
• Hide protected operating system files (Recommended)

You will get a message warning you about showing protected operating system files, click Yes
Make sure this option is selected:

• Show hidden files and folders

Click Apply and then click OK



Use Windows Explorer to find and delete these files:

C:\Documents and Settings\AdamC\Desktop\LWT\LWT.exe

C:\Documents and Settings\AdamC\My Documents\Downloads\LWT.zip

As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop. Or click on the Windows KEY + E.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete


Now do the opposite of what you did above to Hide extensions for known file types and
to Hide protected operating system files (Recommended)





When you have completed this let me know how your computer is running.

Ok, I deleted the files. It seems as if my Googles searches aren't being redirected anymore, but I can't be completely sure yet because sometimes the search redirecting would stop for a while and come back at a later time. Also, it seems like the web pages are loading a little bit slowly as compared to normal, but my internet may just be bad right now.

Why don't you use it for a day or so and then let me know. Your redirection problem should be gone now but it won't hurt to wait and see. Be sure to come back though because it is important we uninstall ComboFix in the right manner.

I'm actually going away in a few hours and won't be back til Sunday. Should I get back to you then, or use it for a while now and let you know before I leave?

You can just wait till Sunday. That will be fine.

Sorry for not replying sooner. Anyway, it seems that everything is back to normal and working well. Thanks for the help!

Good deal, glad to hear it. We can finish up now:


Uninstall Combofix

• Press the Windows Key + R on your keyboard.
• Now copy & paste the green bolded text in the run-box and click OK.
  
  ComboFix /Uninstall
  
  <Notice the space between the "x" and "/".>
  
  

  

• The following will implement some very important cleanup procedures as well as reset System Restore points.

You can go ahead and delete GMER, RKill and DDS now if they are still on your desktop.





Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented

1. Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
   Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
   Go here to check for & install updates to Microsoft applications
   Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
2. Keep your non-Microsoft applications updated as well
   Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
3. Make Internet Explorer more secure
   Click Start > Run
   Type Inetcpl.cpl & click OK
   Click on the Security tab
   Click Reset all zones to default level
   Make sure the Internet Zone is selected & Click Custom level
   In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
   Next Click OK, then Apply button and then OK to exit the Internet Properties page.
4. Install SpywareBlaster & make sure to update it regularly
   SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
   If you don't know what activex controls are, see here
   You can download SpywareBlaster from here
5. Finally, this is very important. It is absolutely essential to keep all of your security programs up to date

If you have any other questions or issues feel free to ask as I will be checking back on this topic.



Other than that if there is nothing else I can do for you then I wish you good luck in the future and thank you for using our forum.


thewall

Alright everything is uninstalled.

Although the google redirecting seems to have stopped, I've noticed that my internet seems worse than normal. Streaming content takes longer to buffer, or doesn't buffer at all. I get spikes and I get disconnected from online games more frequently, and my internet in general seems to just be below par. Any ideas as to why this could be?