Befuddled... Mozilla hijacks and something else

[evilfantasy]

Delete ComboFix and download a new copy.

If you already have ComboFix be sure to delete it and download a new copy.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

File::
C:\WINDOWS\Tasks\YNQPXOGR.job

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\RunOnce]
"Uninstall Adobe Download Manager"=-


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

[Stasmodeus]

Okay, I let combofix do it's job... But I forgot to turn off anti-virus so it had a problem downloading at first but after realizing my mistake it didn't take log... Here is that log from combofix...

ComboFix 09-12-20.08 - St. Asmodeus 12/21/2009  15:13:37.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1902.1315 [GMT -6:00]
Running from: c:\documents and settings\St. Asmodeus\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\St. Asmodeus\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\Tasks\YNQPXOGR.job"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\YNQPXOGR.job
c:\windows\Temp\0218441261345893mcinst.exe

.
(((((((((((((((((((((((((   Files Created from 2009-11-21 to 2009-12-21  )))))))))))))))))))))))))))))))
.

2009-12-21 10:27 . 2009-12-21 10:29   141526   ----a-w-   C:\MGlogs.zip
2009-12-21 10:27 . 2009-12-21 10:29   --------   d-----w-   C:\MGtools
2009-12-20 14:58 . 2009-12-20 14:58   --------   d-sh--w-   c:\documents and settings\St. Asmodeus\IECompatCache
2009-12-20 01:58 . 2009-12-20 02:21   --------   d-----w-   c:\documents and settings\St. Asmodeus\Application Data\Vso
2009-12-20 01:57 . 2009-12-20 01:57   --------   d-----w-   c:\program files\VSO
2009-12-18 02:19 . 2009-12-21 21:19   52224   ----a-w-   c:\documents and settings\St. Asmodeus\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-16 21:23 . 2009-12-16 21:23   --------   d-----w-   c:\program files\ESET
2009-12-16 01:26 . 2009-12-16 01:26   4844296   ----a-w-   c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-16 01:14 . 2009-12-16 01:14   --------   d-----w-   c:\program files\Trend Micro
2009-12-16 00:44 . 2009-12-16 00:44   1   ----a-w-   c:\documents and settings\St. Asmodeus\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-16 00:43 . 2009-12-16 00:43   --------   d-----w-   c:\documents and settings\St. Asmodeus\Application Data\OpenOffice.org
2009-12-16 00:31 . 2009-12-16 00:31   --------   d-----w-   c:\program files\JRE
2009-12-16 00:31 . 2009-12-16 00:31   --------   d-----w-   c:\program files\OpenOffice.org 3
2009-12-16 00:30 . 2009-12-16 00:29   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-12-16 00:29 . 2009-12-16 00:29   --------   d-----w-   c:\program files\Java
2009-12-16 00:25 . 2009-12-16 00:25   --------   d-sh--w-   c:\documents and settings\St. Asmodeus\PrivacIE
2009-12-14 21:53 . 2002-12-17 22:23   33340   ------w-   c:\windows\system32\dbmsqlgc.dll
2009-12-14 21:53 . 2002-10-20 20:05   24576   ------w-   c:\windows\system32\dbmsgnet.dll
2009-12-14 21:53 . 1998-10-29 21:45   306688   ----a-w-   c:\windows\IsUninst.exe
2009-12-14 21:53 . 2009-12-14 21:53   --------   d-----w-   c:\program files\Microsoft SQL Server
2009-12-14 21:52 . 2009-12-14 21:52   --------   d-----w-   c:\documents and settings\All Users\Application Data\Sony
2009-12-14 21:09 . 2009-10-20 16:20   265728   -c----w-   c:\windows\system32\dllcache\http.sys
2009-12-14 21:08 . 2009-12-14 21:08   --------   d-----w-   c:\documents and settings\St. Asmodeus\ErrorLogs
2009-12-14 03:21 . 2009-12-21 21:18   139056   ----a-w-   c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-13 22:45 . 2009-12-13 23:07   --------   d-----w-   c:\program files\Easy CD-DA Extractor
2009-12-13 22:45 . 1998-02-07 03:37   299520   ----a-w-   c:\windows\uninst.exe
2009-12-13 22:44 . 2009-12-13 22:44   --------   d-----w-   c:\documents and settings\St. Asmodeus\WINDOWS
2009-12-13 20:19 . 2008-10-26 04:48   2651951   -c--a-w-   c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe
2009-12-13 20:18 . 2006-12-01 23:26   57856   -c--a-w-   c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\Windows\winsxs\7z1v718o.6n8\mfcm80u.dll
2009-12-13 19:18 . 2009-12-13 19:18   --------   d-sh--w-   c:\documents and settings\Administrator\IETldCache
2009-12-13 19:17 . 2009-12-13 19:17   --------   d-----w-   c:\program files\ACW
2009-12-13 18:45 . 2009-12-13 18:45   --------   d-----w-   c:\documents and settings\St. Asmodeus\DoctorWeb
2009-12-13 18:17 . 2009-10-29 07:45   12800   -c----w-   c:\windows\system32\dllcache\xpshims.dll
2009-12-13 18:17 . 2009-10-29 07:45   594432   -c----w-   c:\windows\system32\dllcache\msfeeds.dll
2009-12-13 18:17 . 2009-10-29 07:45   55296   -c----w-   c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-13 18:17 . 2009-10-29 07:45   246272   -c----w-   c:\windows\system32\dllcache\ieproxy.dll
2009-12-13 18:17 . 2009-10-29 07:45   1985536   -c----w-   c:\windows\system32\dllcache\iertutil.dll
2009-12-13 18:17 . 2009-10-29 07:45   11069952   -c----w-   c:\windows\system32\dllcache\ieframe.dll
2009-12-13 17:59 . 2008-06-13 11:05   272128   -c----w-   c:\windows\system32\dllcache\bthport.sys
2009-12-13 17:55 . 2008-10-24 11:21   455296   -c----w-   c:\windows\system32\dllcache\mrxsmb.sys
2009-12-13 17:53 . 2009-08-04 15:13   2145280   -c----w-   c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-13 17:53 . 2009-08-04 14:20   2023936   -c----w-   c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-13 17:53 . 2009-08-04 14:20   2066048   -c----w-   c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-13 07:34 . 2009-12-13 07:34   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-12-13 06:24 . 2009-12-13 06:24   --------   d--h--w-   c:\windows\system32\GroupPolicy
2009-12-13 06:00 . 2009-12-13 06:00   --------   d-----w-   c:\windows\McAfee.com
2009-12-13 00:03 . 2001-08-18 04:36   38912   -c--a-w-   c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-12-13 00:02 . 2008-04-14 05:41   400384   -c--a-w-   c:\windows\system32\dllcache\fxsxp32.dll
2009-12-12 23:59 . 2001-08-23 12:00   16384   -c--a-w-   c:\windows\system32\dllcache\isignup.exe
2009-12-12 23:51 . 2008-04-14 04:05   20992   ----a-w-   c:\windows\system32\drivers\RTL8139.sys
2009-12-12 23:48 . 2001-08-23 12:00   24661   -c--a-w-   c:\windows\system32\dllcache\spxcoins.dll
2009-12-12 23:48 . 2001-08-23 12:00   24661   ----a-w-   c:\windows\system32\spxcoins.dll
2009-12-12 23:48 . 2001-08-23 12:00   13312   -c--a-w-   c:\windows\system32\dllcache\irclass.dll
2009-12-12 23:48 . 2001-08-23 12:00   13312   ----a-w-   c:\windows\system32\irclass.dll
2009-12-12 21:32 . 2009-12-12 21:32   --------   d-sh--w-   c:\documents and settings\LocalService\IETldCache
2009-12-12 21:31 . 2009-12-12 21:31   132096   --sha-r-   c:\windows\system32\appmgmtsr.dll
2009-12-12 21:21 . 2009-12-12 21:21   --------   d-----w-   c:\program files\DVDFab 6
2009-12-12 20:43 . 2009-12-12 20:43   368640   ----a-w-   c:\windows\system32\ReWire.dll
2009-12-12 20:43 . 2009-12-12 20:43   233472   ----a-w-   c:\windows\system32\REX Shared Library.dll
2009-12-12 20:38 . 2009-12-12 20:38   --------   d-----w-   c:\documents and settings\All Users\Application Data\Propellerhead Software
2009-12-12 20:38 . 2009-12-12 20:45   --------   d-----w-   c:\documents and settings\St. Asmodeus\Application Data\Propellerhead Software
2009-12-12 20:28 . 2009-12-12 20:28   --------   d-----w-   c:\program files\Propellerhead
2009-12-12 18:13 . 2009-12-14 21:55   --------   d-----w-   c:\program files\Sony Setup
2009-12-10 22:52 . 2009-12-10 22:52   --------   d-----w-   c:\documents and settings\St. Asmodeus\Local Settings\Application Data\Ahead
2009-12-10 22:49 . 2009-12-10 22:53   --------   d-----w-   c:\documents and settings\St. Asmodeus\Application Data\Ahead
2009-12-10 22:48 . 2009-12-10 22:52   --------   d-----w-   c:\program files\Common Files\Ahead
2009-12-10 22:48 . 2009-12-10 22:48   --------   d-----w-   c:\program files\Nero
2009-12-09 01:47 . 2009-12-09 01:47   --------   d-----w-   c:\program files\Common Files\Adobe
2009-12-09 01:45 . 2009-11-20 11:08   38784   ----a-w-   c:\documents and settings\St. Asmodeus\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-09 01:44 . 2009-11-20 11:08   38784   ----a-w-   c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-09 01:44 . 2009-12-09 01:44   --------   d-----w-   c:\program files\Common Files\Adobe AIR
2009-12-09 01:44 . 2009-12-09 01:44   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-12-09 01:44 . 2009-12-09 01:50   --------   d-----w-   c:\documents and settings\St. Asmodeus\Local Settings\Application Data\Adobe
2009-12-09 01:44 . 2009-12-09 01:44   --------   d-----w-   c:\program files\McAfee Security Scan
2009-12-09 01:43 . 2009-12-09 01:43   86016   ----a-w-   c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-12-09 01:42 . 2009-12-21 21:12   --------   d-----w-   c:\documents and settings\All Users\Application Data\NOS
2009-12-09 01:37 . 2009-12-09 01:37   --------   d-----w-   c:\documents and settings\St. Asmodeus\Application Data\U3
2009-12-06 21:16 . 2009-12-06 21:16   --------   d-----w-   c:\program files\ASIO4ALL v2
2009-12-06 21:15 . 2009-12-06 21:15   --------   d-----w-   c:\program files\Outsim
2009-12-06 21:11 . 2009-12-06 21:15   --------   d-----w-   c:\program files\Image-Line
2009-12-06 21:06 . 2009-12-21 10:29   --------   d-----w-   c:\documents and settings\St. Asmodeus\Local Settings\Application Data\ApplicationHistory
2009-12-06 20:53 . 2006-08-16 15:23   21888   ----a-w-   c:\windows\system32\drivers\ma_cmidi.sys
2009-12-06 20:53 . 2006-08-16 15:23   86016   ----a-w-   c:\windows\system32\ma_cmidn.dll
2009-12-06 20:53 . 2006-08-16 15:24   82944   ----a-w-   c:\windows\system32\USBMN1X1.DLL
2009-12-06 20:53 . 2006-08-16 15:24   24128   ----a-w-   c:\windows\system32\drivers\USBMM1X1.SYS
2009-12-06 20:53 . 2006-08-16 15:24   22208   ----a-w-   c:\windows\system32\drivers\USBMN1X1.SYS
2009-12-06 20:53 . 2006-08-16 15:24   17920   ----a-w-   c:\windows\system32\USBMM1X1.DLL
2009-12-06 20:53 . 2006-08-16 15:24   13504   ----a-w-   c:\windows\system32\drivers\USB11LDR.SYS
2009-12-06 20:53 . 2006-08-16 15:24   12272   ----a-w-   c:\windows\system32\USBMM1X1.DRV
2009-12-06 20:53 . 2006-08-16 15:23   14272   ----a-w-   c:\windows\system32\MA_CMIDI.DRV
2009-12-06 20:53 . 2006-08-16 15:23   17920   ----a-w-   c:\windows\system32\MA_CMIDI.DLL
2009-12-06 20:30 . 2009-12-06 20:30   --------   d-----w-   c:\windows\system32\XPSViewer
2009-12-06 20:30 . 2009-12-06 20:30   --------   d-----w-   c:\program files\MSBuild
2009-12-06 20:30 . 2009-12-06 20:30   --------   d-----w-   c:\program files\Reference Assemblies
2009-12-06 20:29 . 2008-07-06 12:06   89088   ----a-w-   c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-06 20:29 . 2008-07-06 12:06   575488   ------w-   c:\windows\system32\xpsshhdr.dll
2009-12-06 20:29 . 2008-07-06 12:06   117760   ------w-   c:\windows\system32\prntvpt.dll
2009-12-06 20:29 . 2008-07-06 10:50   597504   ------w-   c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-12-06 20:29 . 2008-07-06 12:06   1676288   ------w-   c:\windows\system32\xpssvcs.dll
2009-12-06 20:03 . 2009-12-06 20:03   --------   d-----w-   c:\documents and settings\St. Asmodeus\Application Data\HpUpdate
2009-12-06 20:03 . 2009-12-06 20:03   --------   d-----w-   c:\windows\Hewlett-Packard
2009-12-05 18:51 . 2009-12-20 01:56   --------   d-----w-   c:\documents and settings\St. Asmodeus\Application Data\BitTorrent
2009-12-05 18:48 . 2009-12-05 18:48   --------   d-----w-   c:\documents and settings\St. Asmodeus\Application Data\NetMedia Providers
2009-12-05 18:48 . 2009-12-12 18:20   --------   d-----w-   c:\documents and settings\St. Asmodeus\Local Settings\Application Data\Sony
2009-12-05 18:44 . 2009-12-05 18:44   --------   d-----w-   c:\program files\Microsoft.NET
2009-12-05 18:33 . 2009-12-06 21:15   --------   d-----w-   c:\program files\VSTplugins
2009-12-05 18:33 . 2009-12-05 18:33   --------   d-----w-   c:\documents and settings\St. Asmodeus\Application Data\Publish Providers
2009-12-05 18:32 . 2009-12-14 21:52   --------   d-----w-   c:\documents and settings\St. Asmodeus\Application Data\Sony
2009-12-05 18:29 . 2009-12-12 18:14   --------   d-----w-   c:\program files\Sony
2009-12-05 18:27 . 2009-12-05 18:28   --------   d-----w-   c:\windows\system32\URTTemp
2009-12-05 18:13 . 2009-12-05 18:13   --------   d-----w-   c:\program files\PowerISO
2009-12-05 01:57 . 2009-12-05 01:57   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
2009-12-04 22:09 . 2009-12-04 22:11   --------   d-----w-   c:\documents and settings\St. Asmodeus\Application Data\Ventrilo
2009-12-04 22:07 . 2009-12-04 22:07   --------   d-----w-   c:\program files\Ventrilo
2009-12-04 22:04 . 2009-12-20 22:35   138328   ----a-w-   c:\windows\system32\drivers\PnkBstrK.sys
2009-12-04 22:03 . 2009-12-20 22:34   214816   ----a-w-   c:\windows\system32\PnkBstrB.exe
2009-12-04 22:02 . 2009-12-04 22:02   --------   d-----w-   c:\windows\system32\LogFiles
2009-12-04 22:02 . 2009-12-04 22:02   75064   ----a-w-   c:\windows\system32\PnkBstrA.exe
2009-12-04 22:02 . 2009-12-04 22:02   --------   d-----w-   c:\documents and settings\St. Asmodeus\Local Settings\Application Data\PunkBuster
2009-12-04 21:57 . 2009-12-04 22:01   --------   d-----w-   c:\program files\Wolfenstein - Enemy Territory
2009-12-04 21:46 . 2009-12-04 21:46   --------   d-sh--w-   c:\documents and settings\St. Asmodeus\IETldCache
2009-12-04 21:32 . 2009-12-04 21:32   --------   d-----w-   c:\windows\ie8updates
2009-12-04 21:30 . 2009-12-04 21:30   --------   d-----w-   c:\documents and settings\LocalService\Application Data\McAfee
2009-12-04 21:30 . 2009-12-16 01:42   --------   dc-h--w-   c:\windows\ie8
2009-12-04 21:17 . 2009-12-04 21:17   --------   d-----w-   c:\documents and settings\St. Asmodeus\Application Data\Logitech

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 14:56 . 2009-12-01 00:50   20432   ----a-w-   c:\documents and settings\St. Asmodeus\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-13 20:26 . 2009-12-13 20:26   --------   dc-h--w-   c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}
2009-12-13 20:20 . 2009-12-13 20:19   --------   d-----w-   c:\documents and settings\All Users\Application Data\DriverScanner
2009-12-13 20:19 . 2009-12-13 20:19   --------   dc-h--w-   c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-12-12 23:57 . 2009-12-01 00:38   23348   ----a-w-   c:\windows\system32\emptyregdb.dat
2009-12-12 23:57 . 2009-12-01 00:38   --------   d-----w-   c:\program files\Windows Media Connect 2
2009-12-04 21:14 . 2009-12-04 21:14   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-12-04 21:14 . 2009-12-04 21:14   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-12-04 21:14 . 2009-12-04 21:14   0   ---ha-w-   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-12-03 00:51 . 2009-12-01 00:41   86327   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-01 00:58 . 2009-12-01 00:58   --------   d-----w-   c:\program files\BitTorrent
2009-12-01 00:57 . 2009-12-01 00:57   0   ----a-w-   c:\windows\nsreg.dat
2009-12-01 00:42 . 2009-12-01 00:42   --------   d-----w-   c:\program files\microsoft frontpage
2009-11-20 11:08 . 2009-12-13 05:54   38784   ----a-w-   c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-04 22:54 . 2009-11-04 22:54   214664   ----a-w-   c:\windows\system32\drivers\mfehidk.sys
2009-10-29 07:45 . 2008-04-14 05:42   916480   ------w-   c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2008-04-14 05:42   75776   ----a-w-   c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-14 05:41   25088   ----a-w-   c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 00:23   265728   ----a-w-   c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2008-04-14 05:42   270336   ----a-w-   c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-14 05:42   149504   ----a-w-   c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-14 05:42   79872   ----a-w-   c:\windows\system32\raschap.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-18 2002160]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-02-01 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2008-05-15 356864]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2006-03-18 184320]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-27 16120832]

c:\documents and settings\St. Asmodeus\Start Menu\Programs\Startup\
SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2007-9-17 2902528]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-4 805392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 08:42   72208   ----a-w-   c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

R0 amdide1;amdide1;c:\windows\system32\drivers\amdide1.sys [8/31/2009 5:38 AM 9096]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/30/2009 7:17 PM 93320]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408]
S0 3112Rx47;3112Rx47;c:\windows\system32\drivers\3112Rx47.sys [8/31/2009 5:39 AM 110128]
S2 0218441261345893mcinstcleanup;McAfee Application Installer Cleanup (0218441261345893);c:\windows\TEMP\021844~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\021844~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 MAUSBFT;Service for M-Audio Fast Track USB (WDM);c:\windows\system32\drivers\mausbft.sys [12/1/2009 6:15 PM 132096]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 0218441261345893MCINSTCLEANUP

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
FF - ProfilePath - c:\documents and settings\St. Asmodeus\Application Data\Mozilla\Firefox\Profiles\eo7e0plm.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-21 15:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\St. Asmodeus\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\St. Asmodeus\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2700)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2009-12-21  15:27:16 - machine was rebooted
ComboFix-quarantined-files.txt  2009-12-21 21:27
ComboFix2.txt  2009-12-19 22:24

Pre-Run: 111,551,311,872 bytes free
Post-Run: 111,516,999,680 bytes free

- - End Of File - - D393E5DC0CB69BAA980CF675482C05BF


[Saving space, attachment deleted by admin]

[evilfantasy]

Are you still getting the redirects?

[Stasmodeus]

No more redirects....

Thank You so much. I could not help notice that it might have something to do with "c:\windows\Tasks\YNQPXOGR.job" I saw a file  like that before in a spyware\malware I deleted and removed right before I got this problem...

Thank you again so much is there any other scans or logs you need me to do?

[evilfantasy]

Yes it was the YNQPXOGR.job file.

Time to clean up.

Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have done.

* Click START then RUN
* Now type Combofix /Uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter.

The above procedure will:
* Delete: ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

----------

Go to the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.

----------

Use the Secunia Software Inspector to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan.

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

[Stasmodeus]

Great! Thank you so much...

I'll going through the  through the clean process in a couple hours after I have dinner... Thanks again, I'll do have super anti-spyware as my real-time protection but I do believe I will also try some of the other programs you've recommended.

Thanks Again for the help...

[evilfantasy]

Your welcome.

Safe surfing.