Google/Blingo search takes me to wrong page

[Melissa_1959]

My computer seems to be running a bit slower, but the real problem is that I am sent to the wrong Internet page when clicking the first link from a search engine. This happens on both Google and Blingo.

It appears to take me to a "related" page. For instance, I was searching for "best low-calorie cookbooks" and ended up at a 24-Hour Fitness site. It has been happening for awhile, so I can't exactly pinpoint when it started. As I recall, the computer slowdown happened before the link redirect problems, but I could be mistaken.

For the most part, I am the only user on this laptop computer. But occasionally, when my adult son comes to visit, he uses it. I don't see any new programs that shouldn't be on it, but maybe someone with a trained eye can tell me what's wrong.

Below is the DDS info and attached is a zip file with the other two required scans.


DDS (Ver_09-09-29.01) - NTFSx86
Run by Mom at 23:11:23.35 on Sun 10/04/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.382 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
c:\WINDOWS\System32\o2flash.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\OpwareSE4.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Craft ROBO Controller\CRSSupervisor.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Mom\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MoneyAgent] "c:\program files\microsoft money\system\Money Express.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\canon\OpwareSE4.exe"
mRun: [MoneyStartUp10.0] "c:\program files\microsoft money\system\Activation.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\craftr~1.lnk - c:\program files\craft robo controller\CRSSupervisor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251523183250
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://extranet.belo.com/dana-cached/setup/JuniperSetupSP1.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mom\applic~1\mozilla\firefox\profiles\2bsfzw1s.default\
FF - prefs.js: browser.startup.homepage - hxxp://blingo.com
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: XUL Cache: {3D5FF840-97E6-4D17-835B-BB9C5D1D04DD} - c:\documents and settings\mom\local settings\application data\{3D5FF840-97E6-4D17-835B-BB9C5D1D04DD}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-15 64160]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-2-16 34144]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-2-16 28800]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-29 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-29 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-29 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-29 297752]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-3 54752]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

=============== Created Last 30 ================

2009-10-03 19:00 212,480 a------- c:\windows\system32\pcdlib32.dll
2009-10-03 19:00 210,944 a------- c:\windows\system32\MSVCRT10.DLL
2009-10-03 19:00 197,120 a------- c:\windows\kpcp32.dll
2009-10-03 19:00 133,120 a------- c:\windows\sprof32.dll
2009-10-03 19:00 58,368 a------- c:\windows\pfpick.dll
2009-10-03 19:00 40,129 a------- c:\windows\iccsigs.dat
2009-10-03 19:00 37,376 a------- c:\windows\kpsys32.dll
2009-10-03 19:00 20,992 a------- c:\windows\icccodes.dll
2009-10-03 19:00 149 a------- c:\windows\KPCMS.INI
2009-10-03 19:00 <DIR> --d----- C:\KPCMS
2009-10-03 19:00 <DIR> --d----- c:\windows\system32\COLOR
2009-10-03 18:58 299,520 a------- c:\windows\uninst.exe
2009-10-03 18:56 <DIR> --d----- c:\documents and settings\mom\WINDOWS
2009-10-03 11:04 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-09-28 16:24 <DIR> --d----- c:\program files\Trend Micro
2009-09-28 16:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AcrobatInstall
2009-09-27 09:36 <DIR> --d----- c:\windows\Cache
2009-09-27 09:36 <DIR> --d----- c:\program files\Coupons
2009-09-22 14:07 <DIR> --d----- c:\docume~1\mom\applic~1\GoodSync
2009-09-15 19:30 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-09-15 19:30 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-09-15 19:30 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-09-15 19:30 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-09-15 19:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-09-15 19:23 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-09-15 19:19 15,688 a------- c:\windows\system32\lsdelete.exe
2009-09-15 11:19 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-09-15 11:17 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-15 11:17 <DIR> --d----- c:\program files\Lavasoft
2009-09-12 18:31 <DIR> --d----- c:\windows\system32\scripting
2009-09-12 18:31 <DIR> --d----- c:\windows\system32\en
2009-09-12 18:31 <DIR> --d----- c:\windows\l2schemas
2009-09-12 18:25 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{C2EE940D-3E2D-4D68-81F4-470AB6C01D8A}
2009-09-12 18:24 <DIR> --d----- c:\program files\Radium Technologies
2009-09-12 18:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Radium Technologies
2009-09-12 18:22 1,374 a------- c:\windows\imsins.BAK
2009-09-08 20:04 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-06 13:21 6,067,200 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-09-06 13:21 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-09-06 13:21 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-09-06 13:21 380,928 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-09-06 13:21 268,288 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-09-06 13:21 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-06 13:21 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-09-06 13:21 2,452,872 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-09-06 13:21 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-09-06 13:16 <DIR> --d----- c:\windows\network diagnostic
2009-09-06 13:16 33,792 ac------ c:\windows\system32\dllcache\custsat.dll
2009-09-05 04:01 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2

==================== Find3M ====================

2009-09-12 18:34 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-08-29 23:10 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-29 15:44 9,544 a------- c:\windows\extend.dat
2009-08-29 15:23 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-08-29 15:23 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-29 15:23 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-28 22:07 21,275 a------- c:\windows\system32\drivers\AegisP.sys
2009-08-28 21:57 558,142 a------- c:\windows\java\packages\RXB57Z53.ZIP
2009-08-28 21:57 2,678 a------- c:\windows\java\packages\data\OV3LJHZP.DAT
2009-08-28 21:57 155,995 a------- c:\windows\java\packages\U2YA5NHZ.ZIP
2009-08-28 21:57 2,678 a------- c:\windows\java\packages\data\AZXV5NTR.DAT
2009-08-28 21:57 2,678 a------- c:\windows\java\packages\data\JN35ZZZP.DAT
2009-08-28 21:57 2,678 a------- c:\windows\java\packages\data\373RPJF3.DAT
2009-08-28 21:57 2,678 a------- c:\windows\java\packages\data\2JFZ35F7.DAT
2009-08-28 21:55 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-28 21:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-28 21:37 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-12 12:21 233,472 -------- c:\windows\system32\wmpdxm.dll
2009-07-10 12:15 306,544 a------- c:\windows\WLXPGSS.SCR

============= FINISH: 23:11:45.98 ===============

[Melissa_1959]

BUMP, please.

[tetonbob]

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

1. Download ComboFix from one of these locations:
   
   Link 1
   Link 2
   
   * IMPORTANT !!! Place combofix.exe on your Desktop
   
2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
   
   
   You can get help on disabling your protection programs here
   
   
   AVG 8.5
   Please open the AVG 8.5 Control Center, by right clicking on the AVG icon on task bar.
   • Click on Open AVG Interface.
   • Double click on Resident Shield
   • Deselect the option to "Enable Resident Shield."
   • Save changes, and exit the application.
   • To re-enable AVG 8.5, please select "Enable Resident Shield" again.
3. Double click on combofix.exe & follow the prompts.
   
4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
   
   Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
   
   
   
   
   
   The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
   
   With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
   
   Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
   
   ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
   
   Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
   
   The Recovery Console was successfully installed.
   
   
   
   Click on Yes, to continue scanning for malware.
   
5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
   
6. When finished, it shall produce a log for you. Post that log in your next reply
   
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   
   ---------------------------------------------------------------------------------------------
   
7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
   
   ---------------------------------------------------------------------------------------------

[Melissa_1959]

Thank you for the reply.
Below is the log created by ComboFix.

BTW ... as ComboFix was rebooting my computer, a box came up. I think it was catchme.XXX (exe, apx, ???) and it said, "Application failed to initialize." I don't know if this means anything or not.

+++++++++++++++++++++++++++++++++++++++++++++++++++++

ComboFix 09-10-08.04 - Mom 10/09/2009 18:32.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.522 [GMT -7:00]
Running from: c:\documents and settings\Mom\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_npf


((((((((((((((((((((((((( Files Created from 2009-09-10 to 2009-10-10 )))))))))))))))))))))))))))))))
.

2009-10-04 02:00 . 1998-04-25 12:32 212480 ----a-w- c:\windows\system32\pcdlib32.dll
2009-10-04 02:00 . 1998-04-25 12:32 210944 ----a-w- c:\windows\system32\MSVCRT10.DLL
2009-10-04 02:00 . 2009-10-04 02:00 -------- d-----w- C:\KPCMS
2009-10-04 02:00 . 1998-06-05 18:42 197120 ----a-w- c:\windows\kpcp32.dll
2009-10-04 02:00 . 1998-04-25 12:32 58368 ----a-w- c:\windows\pfpick.dll
2009-10-04 02:00 . 1998-04-25 12:32 40129 ----a-w- c:\windows\iccsigs.dat
2009-10-04 02:00 . 1998-04-25 12:32 37376 ----a-w- c:\windows\kpsys32.dll
2009-10-04 02:00 . 1998-04-25 12:32 20992 ----a-w- c:\windows\icccodes.dll
2009-10-04 02:00 . 1998-01-20 16:12 133120 ----a-w- c:\windows\sprof32.dll
2009-10-04 02:00 . 2009-10-04 02:00 -------- d-----w- c:\windows\system32\COLOR
2009-10-04 01:58 . 1998-04-25 12:19 299520 ----a-w- c:\windows\uninst.exe
2009-10-04 01:56 . 2009-10-04 01:56 -------- d-----w- c:\documents and settings\Mom\WINDOWS
2009-09-28 23:24 . 2009-09-28 23:24 -------- d-----w- c:\program files\Trend Micro
2009-09-28 23:16 . 2009-09-28 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AcrobatInstall
2009-09-27 16:36 . 2009-09-27 16:36 -------- d-----w- c:\windows\Cache
2009-09-27 16:36 . 2009-10-05 17:46 -------- d-----w- c:\program files\Coupons
2009-09-22 21:07 . 2009-10-05 17:47 -------- d-----w- c:\documents and settings\Mom\Application Data\GoodSync
2009-09-16 02:30 . 2009-09-16 02:30 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-09-16 02:30 . 2009-09-16 02:30 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-09-16 02:30 . 2009-09-16 02:30 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-09-16 02:30 . 2009-09-16 02:30 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-09-16 02:23 . 2009-09-16 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-16 02:23 . 2009-09-23 05:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-16 02:19 . 2009-09-21 18:19 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-15 18:19 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-15 18:17 . 2009-09-15 18:17 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-15 18:17 . 2009-09-15 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-15 18:17 . 2009-09-15 18:17 -------- d-----w- c:\program files\Lavasoft
2009-09-13 01:31 . 2009-09-13 01:31 -------- d-----w- c:\windows\system32\scripting
2009-09-13 01:31 . 2009-09-13 01:31 -------- d-----w- c:\windows\l2schemas
2009-09-13 01:31 . 2009-09-13 01:31 -------- d-----w- c:\windows\system32\en
2009-09-13 01:25 . 2009-09-13 01:25 -------- d-----w- c:\documents and settings\Mom\Local Settings\Application Data\Radium Technologies
2009-09-13 01:25 . 2009-09-13 01:25 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{C2EE940D-3E2D-4D68-81F4-470AB6C01D8A}
2009-09-13 01:24 . 2009-09-13 01:24 -------- d-----w- c:\program files\Radium Technologies
2009-09-13 01:24 . 2009-09-13 01:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Radium Technologies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-09 14:25 . 2009-08-29 17:21 -------- d-----w- c:\documents and settings\Mom\Application Data\Juniper Networks
2009-10-05 17:47 . 2009-08-29 05:43 -------- d-----w- c:\program files\Siber Systems
2009-10-04 02:00 . 2009-08-29 23:49 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-29 18:35 . 2009-08-30 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-09-29 03:07 . 2009-08-29 17:48 17656 ----a-w- c:\documents and settings\Mom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 07:40 . 2009-08-30 03:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-10 21:54 . 2009-08-30 03:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 21:53 . 2009-08-30 03:08 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 23:15 . 2009-09-04 02:03 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-06 20:25 . 2009-09-06 20:25 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Juniper Networks
2009-09-05 11:01 . 2009-09-05 11:01 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-09-04 02:03 . 2009-09-04 01:59 -------- d-----w- c:\program files\Windows Live
2009-09-04 02:02 . 2009-09-04 02:02 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-04 02:01 . 2009-09-04 02:01 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-04 02:00 . 2009-09-04 02:00 -------- d-----w- c:\program files\Microsoft
2009-09-04 01:59 . 2009-09-04 01:59 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-04 01:51 . 2009-09-04 01:51 -------- d-----w- c:\program files\Common Files\Windows Live
2009-08-31 20:15 . 2009-08-31 20:02 -------- d-----w- c:\program files\BreezeSys
2009-08-31 20:07 . 2009-08-30 18:24 -------- d-----w- c:\program files\Canon
2009-08-30 20:57 . 2009-08-30 20:46 -------- d-----w- c:\documents and settings\Mom\Application Data\ICAClient
2009-08-30 20:12 . 2009-08-30 20:10 -------- d-----w- c:\program files\ROBO Master
2009-08-30 20:11 . 2009-08-30 20:11 -------- d-----w- c:\program files\GRAPHTEC
2009-08-30 20:11 . 2009-08-30 20:11 -------- d-----w- c:\program files\Craft ROBO Controller
2009-08-30 20:11 . 2009-08-29 05:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-30 20:04 . 2009-08-30 20:04 -------- d-----w- c:\program files\FitDay
2009-08-30 20:01 . 2009-08-30 20:00 -------- d-----w- c:\program files\Microsoft Money
2009-08-30 18:32 . 2009-08-30 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-08-30 18:32 . 2009-08-30 18:32 -------- d-----w- c:\documents and settings\Mom\Application Data\ScanSoft
2009-08-30 18:31 . 2009-08-30 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-08-30 18:31 . 2009-08-30 18:31 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-08-30 18:31 . 2009-08-29 05:04 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-30 18:29 . 2009-08-30 18:29 -------- d-----w- c:\program files\Common Files\CANON
2009-08-30 18:26 . 2009-08-30 18:26 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2009-08-30 18:26 . 2009-08-30 18:26 -------- d--h--w- c:\program files\CanonBJ
2009-08-30 06:15 . 2009-08-30 06:15 -------- d-----w- c:\program files\Citrix
2009-08-30 06:10 . 2009-08-30 06:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-30 06:10 . 2009-08-30 06:10 -------- d-----w- c:\program files\Java
2009-08-30 04:14 . 2009-08-30 04:14 -------- d-----w- c:\documents and settings\LocalService\Application Data\Juniper Networks
2009-08-30 04:07 . 2009-08-30 04:07 -------- d-----w- c:\program files\MSBuild
2009-08-30 04:07 . 2009-08-30 04:07 -------- d-----w- c:\program files\Reference Assemblies
2009-08-30 04:04 . 2009-08-30 04:04 -------- d-----w- c:\program files\MSXML 6.0
2009-08-30 03:26 . 2009-08-30 03:26 -------- d-----w- c:\program files\MSXML 4.0
2009-08-30 03:08 . 2009-08-30 03:08 -------- d-----w- c:\documents and settings\Mom\Application Data\Malwarebytes
2009-08-30 03:08 . 2009-08-30 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-30 02:51 . 2009-08-30 02:51 -------- d-----w- c:\program files\CCleaner
2009-08-30 02:16 . 2009-08-30 02:16 120 ----a-w- c:\windows\Nlidodovujepop.dat
2009-08-30 01:07 . 2009-08-30 01:07 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-29 22:44 . 2009-08-29 22:44 9544 ----a-w- c:\windows\extend.dat
2009-08-29 22:23 . 2009-08-29 22:23 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-29 22:23 . 2009-08-29 22:23 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-29 22:23 . 2009-08-29 22:23 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-29 22:23 . 2009-08-29 22:23 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-29 22:22 . 2009-08-29 22:22 -------- d-----w- c:\program files\AVG
2009-08-29 22:22 . 2009-08-29 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-29 22:13 . 2009-08-29 22:13 -------- d-----w- c:\documents and settings\Mom\Application Data\AVG8
2009-08-29 17:43 . 2009-08-29 17:43 -------- d-----w- c:\program files\Windows Messaging
2009-08-29 17:26 . 2009-08-29 17:26 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Juniper Networks
2009-08-29 17:26 . 2009-08-29 17:26 -------- d-----w- c:\program files\Juniper Networks
2009-08-29 06:53 . 2009-08-29 06:15 1259 ----a-w- c:\windows\eReg.dat
2009-08-29 06:07 . 2009-08-29 06:06 -------- d-----w- c:\program files\Maxis
2009-08-29 05:43 . 2009-08-29 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm
2009-08-29 05:38 . 2009-08-29 05:38 0 ----a-w- c:\windows\nsreg.dat
2009-08-29 05:18 . 2009-08-29 05:18 -------- d-----w- c:\documents and settings\Mom\Application Data\MSN6
2009-08-29 05:18 . 2009-08-29 05:18 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
2009-08-29 05:08 . 2009-08-29 05:08 -------- d-----w- c:\documents and settings\Mom\Application Data\Intel
2009-08-29 05:07 . 2009-08-29 05:07 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-08-29 05:07 . 2009-08-29 05:07 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel
2009-08-29 05:07 . 2009-08-29 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2009-08-29 05:07 . 2009-08-29 05:04 -------- d-----w- c:\program files\Intel
2009-08-29 05:06 . 2009-08-29 05:06 -------- d-----w- c:\program files\Synaptics
2009-08-29 05:05 . 2009-08-29 05:05 -------- d-----w- c:\program files\Realtek
2009-08-29 04:57 . 2009-08-29 04:57 -------- d-----w- c:\program files\microsoft frontpage
2009-08-29 04:55 . 2009-08-29 04:55 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-07 02:24 . 2009-08-29 05:20 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 02:24 . 2008-10-16 21:12 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 02:24 . 2009-08-29 05:20 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 02:24 . 2009-08-29 05:20 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 02:24 . 2009-08-29 04:54 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 02:24 . 2002-08-29 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 02:23 . 2009-08-29 05:20 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 02:23 . 2009-09-04 19:29 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 02:23 . 2009-09-04 19:29 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 02:23 . 2009-08-29 04:54 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 05:48 . 2009-09-04 02:03 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-08-05 09:01 . 2002-08-29 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2005-10-17 21:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2002-08-29 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-26 23:44 . 2009-07-26 23:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 19:01 . 2002-08-29 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 19:21 . 2004-08-04 07:56 233472 ------w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2001-07-25 184376]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-08-29 160592]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-17 729178]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 569413]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-02 2023704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-30 149280]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\Canon\OpwareSE4.exe" [2007-02-04 79400]
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-17 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-17 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-17 118784]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-08 61952]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2006-02-17 88203]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-02-17 15473664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Craft ROBO Status Supervisor.lnk - c:\program files\Craft ROBO Controller\CRSSupervisor.exe [2009-8-30 32768]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-7-11 122880]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-11 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-29 22:23 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Documents and Settings\\Mom\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Radium Technologies\\Living Cookbook 2008\\LC.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/15/2009 11:19 AM 64160]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2/16/2006 10:20 PM 34144]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2/16/2006 10:20 PM 28800]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/29/2009 3:23 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/29/2009 3:23 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/29/2009 3:23 PM 297752]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [9/3/2009 7:03 PM 54752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 7:49 AM 1028432]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
.
Contents of the 'Scheduled Tasks' folder

2009-10-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 18:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\2bsfzw1s.default\
FF - prefs.js: browser.startup.homepage - hxxp://blingo.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: XUL Cache: {3D5FF840-97E6-4D17-835B-BB9C5D1D04DD} - c:\documents and settings\Mom\Local Settings\Application Data\{3D5FF840-97E6-4D17-835B-BB9C5D1D04DD}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-KB913433 - c:\windows\System32\MacroMed\Flash\genuinst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-09 18:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4060)
c:\windows\system32\WININET.dll
c:\program files\Canon\OpHookSE4.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Canon\IJPLM\ijplmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2009-10-10 18:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-10 01:42

Pre-Run: 138,173,595,648 bytes free
Post-Run: 138,214,387,712 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

278 --- E O F --- 2009-10-04 11:01

[tetonbob]

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

1. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
   
2. Open notepad and copy/paste the text in the quotebox below into it:
   
   
   Code:

   http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/419772-google-blingo-search-takes-me-wrong-page.html#post2382959
   FireFox::
   FF - ProfilePath - c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\2bsfzw1s.default\
   FF - HiddenExtension: XUL Cache: {3D5FF840-97E6-4D17-835B-BB9C5D1D04DD} - c:\documents and settings\Mom\Local Settings\Application Data\{3D5FF840-97E6-4D17-835B-BB9C5D1D04DD}
   Suspect::[28]
   c:\windows\Nlidodovujepop.dat

   Save this as CFScript.txt
   
   
   
   
   Referring to the picture above, drag CFScript.txt into ComboFix.exe
   
3. ComboFix may request an update; please allow it.
   
4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
   
5. When finished, it shall produce a log for you. Post that log in your next reply
   
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   
   **Note**
   
   When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
   • Ensure you are connected to the internet and click OK on the message box.
   
   Please let me know if the file was successfully submitted . Thanks.
   
   ------------------------------------------------------
   
6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
   
   ---------------------------------------------------------------------------------------------
   

[Melissa_1959]

ComboFix has successfully uploaded the log.


ComboFix 09-10-08.04 - Mom 10/09/2009 21:12:27.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.543 [GMT -7:00]
Running from: C:\Documents and Settings\Mom\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mom\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

file zipped: c:\WINDOWS\Nlidodovujepop.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mom\Local Settings\Application Data\{3D5FF840-97E6-4D17-835B-BB9C5D1D04DD}
c:\documents and settings\Mom\Local Settings\Application Data\{3D5FF840-97E6-4D17-835B-BB9C5D1D04DD}\chrome.manifest
c:\documents and settings\Mom\Local Settings\Application Data\{3D5FF840-97E6-4D17-835B-BB9C5D1D04DD}\chrome\content\_cfg.js
c:\documents and settings\Mom\Local Settings\Application Data\{3D5FF840-97E6-4D17-835B-BB9C5D1D04DD}\chrome\content\overlay.xul
c:\documents and settings\Mom\Local Settings\Application Data\{3D5FF840-97E6-4D17-835B-BB9C5D1D04DD}\install.rdf

.
((((((((((((((((((((((((( Files Created from 2009-09-10 to 2009-10-10 )))))))))))))))))))))))))))))))
.

2009-10-04 02:00:47 . 1998-04-25 12:32:06 212480 ----a-w- C:\WINDOWS\system32\pcdlib32.dll
2009-10-04 02:00:47 . 1998-04-25 12:32:04 210944 ----a-w- C:\WINDOWS\system32\MSVCRT10.DLL
2009-10-04 02:00:46 . 2009-10-04 02:00:46 0 d-----w- C:\KPCMS
2009-10-04 02:00:46 . 1998-06-05 18:42:18 197120 ----a-w- C:\WINDOWS\kpcp32.dll
2009-10-04 02:00:46 . 1998-04-25 12:32:02 58368 ----a-w- C:\WINDOWS\pfpick.dll
2009-10-04 02:00:46 . 1998-04-25 12:32:02 40129 ----a-w- C:\WINDOWS\iccsigs.dat
2009-10-04 02:00:46 . 1998-04-25 12:32:02 37376 ----a-w- C:\WINDOWS\kpsys32.dll
2009-10-04 02:00:46 . 1998-04-25 12:32:02 20992 ----a-w- C:\WINDOWS\icccodes.dll
2009-10-04 02:00:46 . 1998-01-20 16:12:46 133120 ----a-w- C:\WINDOWS\sprof32.dll
2009-10-04 02:00:40 . 2009-10-04 02:00:42 0 d-----w- C:\WINDOWS\system32\COLOR
2009-10-04 01:58:07 . 1998-04-25 12:19:42 299520 ----a-w- C:\WINDOWS\uninst.exe
2009-10-04 01:56:55 . 2009-10-04 01:56:55 0 d-----w- C:\Documents and Settings\Mom\WINDOWS
2009-09-28 23:24:43 . 2009-09-28 23:24:43 0 d-----w- C:\Program Files\Trend Micro
2009-09-28 23:16:55 . 2009-09-28 23:17:04 0 d-----w- C:\Documents and Settings\All Users\Application Data\AcrobatInstall
2009-09-27 16:36:59 . 2009-09-27 16:36:59 0 d-----w- C:\WINDOWS\Cache
2009-09-27 16:36:56 . 2009-10-05 17:46:40 0 d-----w- C:\Program Files\Coupons
2009-09-22 21:07:51 . 2009-10-05 17:47:00 0 d-----w- C:\Documents and Settings\Mom\Application Data\GoodSync
2009-09-16 02:30:40 . 2009-09-16 02:30:42 0 d-----w- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2009-09-16 02:30:40 . 2009-09-16 02:30:41 0 d-----w- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-09-16 02:30:40 . 2009-09-16 02:30:40 0 d-----w- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-09-16 02:30:39 . 2009-09-16 02:30:40 0 d-----w- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-09-16 02:23:18 . 2009-09-16 02:35:23 0 d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-16 02:23:16 . 2009-09-23 05:52:31 0 d-----w- C:\Program Files\Spybot - Search & Destroy
2009-09-16 02:19:01 . 2009-09-21 18:19:34 15688 ----a-w- C:\WINDOWS\system32\lsdelete.exe
2009-09-15 18:19:46 . 2009-07-03 14:49:08 64160 ----a-w- C:\WINDOWS\system32\drivers\Lbd.sys
2009-09-15 18:17:50 . 2009-09-15 18:17:51 0 dc-h--w- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-15 18:17:22 . 2009-09-15 18:19:42 0 d-----w- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-09-15 18:17:22 . 2009-09-15 18:17:22 0 d-----w- C:\Program Files\Lavasoft
2009-09-13 01:31:38 . 2009-09-13 01:31:38 0 d-----w- C:\WINDOWS\system32\scripting
2009-09-13 01:31:35 . 2009-09-13 01:31:36 0 d-----w- C:\WINDOWS\l2schemas
2009-09-13 01:31:35 . 2009-09-13 01:31:35 0 d-----w- C:\WINDOWS\system32\en
2009-09-13 01:25:49 . 2009-09-13 01:25:49 0 d-----w- C:\Documents and Settings\Mom\Local Settings\Application Data\Radium Technologies
2009-09-13 01:25:14 . 2009-09-13 01:25:14 0 dc-h--w- C:\Documents and Settings\All Users\Application Data\{C2EE940D-3E2D-4D68-81F4-470AB6C01D8A}
2009-09-13 01:24:29 . 2009-09-13 01:24:29 0 d-----w- C:\Program Files\Radium Technologies
2009-09-13 01:24:29 . 2009-09-13 01:24:29 0 d-----w- C:\Documents and Settings\All Users\Application Data\Radium Technologies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-10 02:47:04 . 2009-08-29 17:21:48 0 d-----w- C:\Documents and Settings\Mom\Application Data\Juniper Networks
2009-10-05 17:47:04 . 2009-08-29 05:43:26 0 d-----w- C:\Program Files\Siber Systems
2009-10-04 02:00:45 . 2009-08-29 23:49:48 0 d-----w- C:\Program Files\Common Files\Adobe
2009-09-29 18:35:13 . 2009-08-30 18:34:01 0 d-----w- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2009-09-29 03:07:15 . 2009-08-29 17:48:40 17656 ----a-w- C:\Documents and Settings\Mom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 07:40:24 . 2009-08-30 03:08:14 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-10 21:54:06 . 2009-08-30 03:08:16 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-09-10 21:53:50 . 2009-08-30 03:08:14 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2009-09-09 23:15:43 . 2009-09-04 02:03:49 0 d-----w- C:\Program Files\Microsoft Silverlight
2009-09-06 20:25:16 . 2009-09-06 20:25:16 0 d-----w- C:\Documents and Settings\NetworkService\Application Data\Juniper Networks
2009-09-05 11:01:12 . 2009-09-05 11:01:11 0 d-----w- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-09-04 02:03:27 . 2009-09-04 01:59:33 0 d-----w- C:\Program Files\Windows Live
2009-09-04 02:02:55 . 2009-09-04 02:02:55 0 d-----w- C:\Program Files\Microsoft Sync Framework
2009-09-04 02:01:57 . 2009-09-04 02:01:57 0 d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2009-09-04 02:00:17 . 2009-09-04 02:00:17 0 d-----w- C:\Program Files\Microsoft
2009-09-04 01:59:58 . 2009-09-04 01:59:58 0 d-----w- C:\Program Files\Windows Live SkyDrive
2009-09-04 01:51:08 . 2009-09-04 01:51:08 0 d-----w- C:\Program Files\Common Files\Windows Live
2009-08-31 20:15:19 . 2009-08-31 20:02:15 0 d-----w- C:\Program Files\BreezeSys
2009-08-31 20:07:22 . 2009-08-30 18:24:39 0 d-----w- C:\Program Files\Canon
2009-08-30 20:57:19 . 2009-08-30 20:46:55 0 d-----w- C:\Documents and Settings\Mom\Application Data\ICAClient
2009-08-30 20:12:21 . 2009-08-30 20:10:36 0 d-----w- C:\Program Files\ROBO Master
2009-08-30 20:11:37 . 2009-08-30 20:11:37 0 d-----w- C:\Program Files\GRAPHTEC
2009-08-30 20:11:03 . 2009-08-30 20:11:01 0 d-----w- C:\Program Files\Craft ROBO Controller
2009-08-30 20:11:01 . 2009-08-29 05:05:35 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-08-30 20:04:25 . 2009-08-30 20:04:15 0 d-----w- C:\Program Files\FitDay
2009-08-30 20:01:51 . 2009-08-30 20:00:38 0 d-----w- C:\Program Files\Microsoft Money
2009-08-30 18:32:02 . 2009-08-30 18:32:01 0 d-----w- C:\Documents and Settings\All Users\Application Data\InstallShield
2009-08-30 18:32:00 . 2009-08-30 18:32:00 0 d-----w- C:\Documents and Settings\Mom\Application Data\ScanSoft
2009-08-30 18:31:57 . 2009-08-30 18:31:53 0 d-----w- C:\Documents and Settings\All Users\Application Data\ScanSoft
2009-08-30 18:31:53 . 2009-08-30 18:31:53 0 d-----w- C:\Program Files\Common Files\ScanSoft Shared
2009-08-30 18:31:52 . 2009-08-29 05:04:33 0 d-----w- C:\Program Files\Common Files\InstallShield
2009-08-30 18:29:40 . 2009-08-30 18:29:40 0 d-----w- C:\Program Files\Common Files\CANON
2009-08-30 18:26:52 . 2009-08-30 18:26:52 0 d--h--w- C:\Documents and Settings\All Users\Application Data\CanonBJ
2009-08-30 18:26:11 . 2009-08-30 18:26:11 0 d--h--w- C:\Program Files\CanonBJ
2009-08-30 06:15:58 . 2009-08-30 06:15:58 0 d-----w- C:\Program Files\Citrix
2009-08-30 06:10:39 . 2009-08-30 06:10:52 411368 ----a-w- C:\WINDOWS\system32\deploytk.dll
2009-08-30 06:10:33 . 2009-08-30 06:10:33 0 d-----w- C:\Program Files\Java
2009-08-30 04:14:12 . 2009-08-30 04:14:12 0 d-----w- C:\Documents and Settings\LocalService\Application Data\Juniper Networks
2009-08-30 04:07:28 . 2009-08-30 04:07:28 0 d-----w- C:\Program Files\MSBuild
2009-08-30 04:07:23 . 2009-08-30 04:07:23 0 d-----w- C:\Program Files\Reference Assemblies
2009-08-30 04:04:14 . 2009-08-30 04:04:14 0 d-----w- C:\Program Files\MSXML 6.0
2009-08-30 03:26:51 . 2009-08-30 03:26:51 0 d-----w- C:\Program Files\MSXML 4.0
2009-08-30 03:08:21 . 2009-08-30 03:08:21 0 d-----w- C:\Documents and Settings\Mom\Application Data\Malwarebytes
2009-08-30 03:08:15 . 2009-08-30 03:08:15 0 d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-30 02:51:28 . 2009-08-30 02:51:26 0 d-----w- C:\Program Files\CCleaner
2009-08-30 02:16:19 . 2009-08-30 02:16:19 120 ----a-w- C:\WINDOWS\Nlidodovujepop.dat
2009-08-30 01:07:34 . 2009-08-30 01:07:34 0 d-----w- C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-08-29 22:44:00 . 2009-08-29 22:44:00 9544 ----a-w- C:\WINDOWS\extend.dat
2009-08-29 22:23:33 . 2009-08-29 22:23:33 11952 ----a-w- C:\WINDOWS\system32\avgrsstx.dll
2009-08-29 22:23:33 . 2009-08-29 22:23:33 108552 ----a-w- C:\WINDOWS\system32\drivers\avgtdix.sys
2009-08-29 22:23:27 . 2009-08-29 22:23:27 335240 ----a-w- C:\WINDOWS\system32\drivers\avgldx86.sys
2009-08-29 22:23:27 . 2009-08-29 22:23:27 27784 ----a-w- C:\WINDOWS\system32\drivers\avgmfx86.sys
2009-08-29 22:22:59 . 2009-08-29 22:22:59 0 d-----w- C:\Program Files\AVG
2009-08-29 22:22:59 . 2009-08-29 22:22:58 0 d-----w- C:\Documents and Settings\All Users\Application Data\avg8
2009-08-29 22:13:16 . 2009-08-29 22:13:16 0 d-----w- C:\Documents and Settings\Mom\Application Data\AVG8
2009-08-29 17:43:44 . 2009-08-29 17:43:43 0 d-----w- C:\Program Files\Windows Messaging
2009-08-29 17:26:25 . 2009-08-29 17:26:25 0 d-----w- C:\WINDOWS\system32\config\systemprofile\Application Data\Juniper Networks
2009-08-29 17:26:25 . 2009-08-29 17:26:22 0 d-----w- C:\Program Files\Juniper Networks
2009-08-29 06:53:14 . 2009-08-29 06:15:05 1259 ----a-w- C:\WINDOWS\eReg.dat
2009-08-29 06:07:33 . 2009-08-29 0619 0 d-----w- C:\Program Files\Maxis
2009-08-29 05:43:49 . 2009-08-29 05:43:49 0 d-----w- C:\Documents and Settings\All Users\Application Data\RoboForm
2009-08-29 05:38:02 . 2009-08-29 05:38:02 0 ----a-w- C:\WINDOWS\nsreg.dat
2009-08-29 05:18:08 . 2009-08-29 05:18:03 0 d-----w- C:\Documents and Settings\Mom\Application Data\MSN6
2009-08-29 05:18:03 . 2009-08-29 05:18:03 0 d-----w- C:\Documents and Settings\All Users\Application Data\MSN6
2009-08-29 05:08:09 . 2009-08-29 05:08:09 0 d-----w- C:\Documents and Settings\Mom\Application Data\Intel
2009-08-29 05:07:55 . 2009-08-29 05:07:55 21275 ----a-w- C:\WINDOWS\system32\drivers\AegisP.sys
2009-08-29 05:07:55 . 2009-08-29 05:07:55 0 d-----w- C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2009-08-29 05:07:50 . 2009-08-29 05:07:50 0 d-----w- C:\Documents and Settings\All Users\Application Data\Intel
2009-08-29 05:07:40 . 2009-08-29 05:04:45 0 d-----w- C:\Program Files\Intel
2009-08-29 0549 . 2009-08-29 0549 0 d-----w- C:\Program Files\Synaptics
2009-08-29 05:05:35 . 2009-08-29 05:05:35 0 d-----w- C:\Program Files\Realtek
2009-08-29 04:57:43 . 2009-08-29 04:57:43 0 d-----w- C:\Program Files\microsoft frontpage
2009-08-29 04:55:07 . 2009-08-29 04:55:07 21640 ----a-w- C:\WINDOWS\system32\emptyregdb.dat
2009-08-07 02:24:18 . 2009-08-29 05:20:20 327896 ----a-w- C:\WINDOWS\system32\wucltui.dll
2009-08-07 02:24:18 . 2008-10-16 21:12:24 209632 ----a-w- C:\WINDOWS\system32\wuweb.dll
2009-08-07 02:24:10 . 2009-08-29 05:20:20 44768 ----a-w- C:\WINDOWS\system32\wups2.dll
2009-08-07 02:24:10 . 2009-08-29 05:20:20 35552 ----a-w- C:\WINDOWS\system32\wups.dll
2009-08-07 02:24:06 . 2009-08-29 04:54:04 53472 ------w- C:\WINDOWS\system32\wuauclt.exe
2009-08-07 02:24:04 . 2002-08-29 12:00:00 96480 ----a-w- C:\WINDOWS\system32\cdm.dll
2009-08-07 02:23:54 . 2009-08-29 05:20:20 575704 ----a-w- C:\WINDOWS\system32\wuapi.dll
2009-08-07 02:23:46 . 2009-09-04 19:29:49 215920 ----a-w- C:\WINDOWS\system32\muweb.dll
2009-08-07 02:23:46 . 2009-09-04 19:29:48 274288 ----a-w- C:\WINDOWS\system32\mucltui.dll
2009-08-07 02:23:46 . 2009-08-29 04:54:04 1929952 ----a-w- C:\WINDOWS\system32\wuaueng.dll
2009-08-06 05:48:42 . 2009-09-04 02:03:28 54752 ----a-w- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys
2009-08-05 09:01:48 . 2002-08-29 12:00:00 204800 ----a-w- C:\WINDOWS\system32\mswebdvd.dll
2009-07-29 04:37:01 . 2005-10-17 21:29:54 119808 ----a-w- C:\WINDOWS\system32\t2embed.dll
2009-07-29 04:37:01 . 2002-08-29 12:00:00 81920 ----a-w- C:\WINDOWS\system32\fontsub.dll
2009-07-26 23:44:56 . 2009-07-26 23:44:56 48448 ----a-w- C:\WINDOWS\system32\sirenacm.dll
2009-07-17 19:01:06 . 2002-08-29 12:00:00 58880 ----a-w- C:\WINDOWS\system32\atl.dll
2009-07-12 19:21:50 . 2004-08-04 07:56:46 233472 ------w- C:\WINDOWS\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" [2001-07-25 17:00:00 184376]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 23:44:34 3883856]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-08-29 05:43:26 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-17 05:45:02 729178]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 18:55:40 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 18:56:16 602182]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 19:00:56 569413]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2009-10-02 16:57:46 2023704]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-08-30 06:10:40 149280]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 01:01:00 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 01:50:00 1603152]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 16:03:38 210472]
"OpwareSE4"="C:\Program Files\Canon\OpwareSE4.exe" [2007-02-04 19:02:14 79400]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 17:00:00 241714]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-17 06:31:20 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-17 06:26:16 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-17 06:28:50 118784]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - C:\WINDOWS\system32\HdAShCut.exe [2005-01-08 00:07:16 61952]
"AGRSMMSG"="AGRSMMSG.exe" - C:\WINDOWS\AGRSMMSG.exe [2006-02-17 05:39:40 88203]
"RTHDCPL"="RTHDCPL.EXE" - C:\WINDOWS\RTHDCPL.exe [2006-02-17 05:11:26 15473664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Craft ROBO Status Supervisor.lnk - C:\Program Files\Craft ROBO Controller\CRSSupervisor.exe [2009-8-30 32768]
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-7-11 122880]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-7-11 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-29 22:23:33 11952 ----a-w- C:\WINDOWS\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Documents and Settings\\Mom\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Radium Technologies\\Living Cookbook 2008\\LC.exe"=

R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys [9/15/2009 11:19:46 AM 64160]
R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\drivers\o2media.sys [2/16/2006 10:20:06 PM 34144]
R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\drivers\o2sd.sys [2/16/2006 10:20:14 PM 28800]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\drivers\avgldx86.sys [8/29/2009 3:23:27 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\drivers\avgtdix.sys [8/29/2009 3:23:33 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [8/29/2009 3:23:00 PM 297752]
R2 fssfltr;FssFltr;C:\WINDOWS\system32\drivers\fssfltr_tdi.sys [9/3/2009 7:03:28 PM 54752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 7:49:06 AM 1028432]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48:42 PM 704864]
.
Contents of the 'Scheduled Tasks' folder

2009-10-06 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49:06 . 2009-09-21 18:19:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
DPF: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
FF - ProfilePath - C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\2bsfzw1s.default\
FF - prefs.js: browser.startup.homepage - hxxp://blingo.com
FF - component: C:\Program Files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: C:\Program Files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-09 21:16:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-10-10 21:18:11
ComboFix-quarantined-files.txt 2009-10-10 04:18:08
ComboFix2.txt 2009-10-10 01:42:07

Pre-Run: 138,220,539,904 bytes free
Post-Run: 138,210,385,920 bytes free

240 --- E O F --- 2009-10-04 11:01:11

[tetonbob]

Thanks.

Is the machine still being redirected?

[Melissa_1959]

At this time, everything seems to be working well.
Thank you very much for your help!

Melissa

[tetonbob]

Great!

Please run this online scan to help look for remnants.

Go here to run an online scannner from ESET.

• Note: You will need to use Internet explorer for this scan
• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
• Copy and paste that log as a reply to this topic and also let me know how things are now.

[Melissa_1959]

All seems to be well, thanks to you!

The Eset scanner found no threats. Here is the log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=7.00.6000.16876 (vista_gdr.090625-2339)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=37005efb8fe4f743af5b13be382b5bc9
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-10-11 06:02:17
# local_time=2009-10-10 11:02:17 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 21 83 97 3127819982500
# scanned=93198
# found=0
# cleaned=0
# scan_time=4616

[tetonbob]

Great! Clean log.

We should be done here. Some final housekeeping instructions, and protection information for you.

Your logs appear clean.You should be good to go. We still have a few items to address.


Disconnect from the internet and disable your AntiVirus temporarily.

Go to -> Run -> copy/paste in the following single line command & click OK

combofix /u

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Re-enable your AntiVirus now. Reconnect to the internet at your leisure.

Delete any remaining tools we've used (DDS and GMER) and logs from them.

Empty your Recycle Bin.

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:

• Microsoft Windows Update - http://www.windowsupdate.com
  Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
• SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items
• WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
  
  
• Winpatrol
  
  Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.
  
  You can get a free copy of Winpatrol or use the Plus version for more features.
  
  You can read Winpatrol's FAQ if you run into problems.
  
  
• MVPS HOST FILE
  The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  
• ANTIVIRUS SOFTWARE
  It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.
  
  Do not install more than one AntiVirus program because they will conflict with each other.
  
  
• Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer
  
  
• http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
  
• http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.
  
  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
  
  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• How did I get infected in the first place?
• PC Safety and Security--What Do I Need?

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

[Melissa_1959]

Thank you.
I'll take a look at the fight back link when I'm finished with the housecleaning.
Thanks again,
Melissa

[tetonbob]

You're welcome!

Surf Safely, and Think Prevention!

Since this issue is resolved, this topic will be archived.