Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Homepage changes to Goggle.com

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Homepage changes to Goggle.com

Unread postby twigz77 » December 11th, 2008, 1:52 pm

Hi.

I'm having trouble with my homepage. No matter what I do, it changes to hxxp://www.goggle.com. Since this has happened, Internet Explorer hangs a lot, and slows down quite a bit. Here's my log file and I hope you can help. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:36:55, on 11/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Analog Devices\Core\smax4pnp.exe
E:\Program Files\Analog Devices\SoundMAX\Smax4.exe
E:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
E:\WINDOWS\CTHELPER.EXE
E:\WINDOWS\system32\CTXFIHLP.EXE
E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\XpertVision\TBPanel.exe
E:\WINDOWS\SYSTEM32\CTXFISPI.EXE
E:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\Program Files\Windows Defender\MSASCui.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Program Files\Electronic Arts\EADM\Core.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\system32\CTsvcCDA.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\PowerArchiver\POWERARC.EXE
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.goggle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SoundMAXPnP] E:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "E:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [VolPanel] "E:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "E:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Gainward] E:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [EPSON Stylus Photo R360 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE /FU "E:\WINDOWS\TEMP\E_S1B7.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [EA Core] E:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... .0.1.0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4399938687
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: b80ef576382 - E:\WINDOWS\system32\__c003C9DE.dat (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 10924 bytes
Last edited by silver on December 21st, 2008, 4:03 am, edited 1 time in total.
Reason: disabled link
twigz77
Active Member
 
Posts: 3
Joined: December 11th, 2008, 1:42 pm
Advertisement
Register to Remove

Re: Homepage changes to Goggle.com

Unread postby ndmmxiaomayi » December 21st, 2008, 3:48 am

Hi twigz77,

Welcome to Malware Removal. Sorry for the delay as the forum is busy.

Step 1

Please download DDS from Tech Support Forum and save it to your desktop.

Double click on dds to run it.

When done, DDS.txt will open. Another file, Attach.txt will open after a short while. Please save these 2 files to your desktop as they will be deleted once you close them.

Please attach Attach.txt in your next reply by scrolling down to Upload attachment and clicking on Browse....

An image is below for your reference:

Image

Step 2

Please download gmer.zip from Gmer and save it to your desktop.

  1. Right click on gmer.zip and select Extract All....
  2. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  3. Click on the Browse button. Click on Desktop. Then click OK.
  4. Click Next. It will start extracting.
  5. Once done, check (tick) the Show extracted files box and click Finish.

Double click on gmer.exe to run it. It will start running a scan. If it detects rootkit activity, you will receive a prompt to run a full scan. Click Yes.

  • When done, you may receive another notice. Click OK.
  • Click on Save ... to save a log.
  • Copy and paste in Gmer.txt and click Save.
  • Close Gmer.

If you receive no notice, click on the Scan button.

  • It will start scanning again.
  • When done, click on Save ... to save a log.
  • Copy and paste in Gmer.txt and click Save.
  • Close Gmer.

Note: Do not run any programs while Gmer is running.

In your next reply, please post:

  1. DDS.txt
  2. Attach.txt (attached to this topic)
  3. Gmer.txt
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Homepage changes to Goggle.com

Unread postby twigz77 » December 21st, 2008, 2:04 pm

DDS (Version 1.1.0) - NTFSx86
Run by Twigz at 15:50:43.20 on 21/12/2008
Internet Explorer: 8.0.6001.18241
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2430 [GMT 0:00]

============== Running Processes ===============

E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Analog Devices\Core\smax4pnp.exe
E:\Program Files\Analog Devices\SoundMAX\Smax4.exe
E:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
E:\WINDOWS\CTHELPER.EXE
E:\WINDOWS\system32\CTXFIHLP.EXE
E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\SYSTEM32\CTXFISPI.EXE
E:\Program Files\XpertVision\TBPanel.exe
E:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\Program Files\Windows Defender\MSASCui.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Program Files\Electronic Arts\EADM\Core.exe
svchost.exe
E:\WINDOWS\system32\CTsvcCDA.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\System32\svchost.exe -k imgsvc
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Documents and Settings\Twigz\Desktop\dds.com
E:\Program Files\Alwil Software\Avast4\setup\avast.setup

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.goggle.com/
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - e:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - e:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: EpsonToolBandKicker Class: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - e:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - e:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
uRun: [EPSON Stylus Photo R360 Series] e:\windows\system32\spool\drivers\w32x86\3\e_fatiboe.exe /fu "e:\windows\temp\E_S1B7.tmp" /EF "HKCU"
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "e:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [SUPERAntiSpyware] e:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [EA Core] e:\program files\electronic arts\eadm\Core.exe -silent
mRun: [SoundMAXPnP] e:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "e:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [VolPanel] "e:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [AudioDrvEmulator] "e:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "e:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [UpdReg] e:\windows\UpdReg.EXE
mRun: [SunJavaUpdateSched] "e:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Gainward] e:\program files\xpertvision\TBPanel.exe /A
mRun: [NvCplDaemon] RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NBKeyScan] "e:\program files\nero\nero 7\nero backitup\NBKeyScan.exe"
mRun: [GrooveMonitor] "e:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] e:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Windows Defender] "e:\program files\windows defender\MSASCui.exe" -hide
mRun: [NvMediaCenter] RUNDLL32.EXE e:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast!] e:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Adobe Reader Speed Launcher] "e:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "e:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] e:\windows\system32\CTFMON.EXE
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - e:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - e:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - e:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - e:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - e:\program files\superantispyware\SASWINLO.DLL
Notify: b80ef576382 - e:\windows\system32\__c003C9DE.dat
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - e:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - e:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - e:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;e:\windows\system32\drivers\aswSP.sys [2008-9-13 111184]
R1 SASDIFSV;SASDIFSV;\??\e:\program files\superantispyware\SASDIFSV.SYS [2008-5-28 8944]
R1 SASKUTIL;SASKUTIL;\??\e:\program files\superantispyware\SASKUTIL.sys [2008-5-28 55024]
R2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [2008-9-13 20560]
R2 avast! Antivirus;avast! Antivirus;"e:\program files\alwil software\avast4\ashServ.exe" [2008-9-13 155160]
R2 WinDefend;Windows Defender;"e:\program files\windows defender\MsMpEng.exe" [2006-11-3 13592]
R3 avast! Mail Scanner;avast! Mail Scanner;"e:\program files\alwil software\avast4\ashMaiSv.exe" /service [2008-9-13 254040]
R3 avast! Web Scanner;avast! Web Scanner;"e:\program files\alwil software\avast4\ashWebSv.exe" /service [2008-9-13 352920]
R3 SASENUM;SASENUM;\??\e:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]
S3 lredbooo;lredbooo;\??\e:\docume~1\twigz\locals~1\temp\lredbooo.sys [2003-6-26 29696]
S3 NPF;Netgroup Packet Filter;e:\windows\system32\drivers\npf.sys [2008-6-28 42512]

=============== Created Last 30 ================

2008-12-18 14:46 <DIR> --d----- e:\windows\ie8updates
2008-12-15 22:01 3,851,784 a------- e:\windows\system32\D3DX9_39.dll
2008-12-11 17:36 <DIR> --d----- e:\program files\Trend Micro
2008-12-06 13:10 14,591 a------- e:\windows\system32\dummy019file
2008-12-06 13:10 <DIR> --d----- e:\docume~1\alluse~1\applic~1\Software4u
2008-12-06 13:10 <DIR> --d----- e:\docume~1\twigz\applic~1\Software4u
2008-12-06 13:10 <DIR> --d----- e:\program files\S.A.D
2008-12-05 18:46 71,539 -------- e:\windows\system32\drivers\StMp3Rec.sys
2008-12-05 18:46 360 -------- e:\windows\system32\drivers\StMp3Recnt.cat
2008-12-05 18:46 <DIR> --d----- e:\program files\SigmaTel
2008-12-04 17:58 <DIR> --dsh--- e:\documents and settings\twigz\PrivacIE
2008-12-04 17:17 <DIR> -cd-h--- e:\windows\ie8
2008-11-23 16:45 1,024 a------- E:\EPSONCD.Pal
2008-11-23 16:45 71 a------- e:\windows\EPSONCD.INI

==================== Find3M ====================

2008-10-24 11:21 455,296 a------- e:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 a------- e:\windows\system32\gdi32.dll
2008-10-16 14:06 268,648 a------- e:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- e:\windows\system32\muweb.dll
2008-10-10 16:35 43,698 a------- e:\windows\system32\xvid-uninstall.exe
2008-10-03 13:36 1,600 a------- e:\windows\system32\ealregsnapshot1.reg
2008-10-03 10:02 247,326 a------- e:\windows\system32\strmdll.dll
2008-09-30 16:43 1,286,152 a------- e:\windows\system32\msxml4.dll
2008-09-30 15:22 245,760 a------- e:\windows\system32\goalsss.scr
2008-09-30 15:22 53,248 a------- e:\windows\system32\hklspl.dll
2008-03-23 15:23 22,328 a------- e:\docume~1\twigz\applic~1\PnkBstrK.sys
2002-07-01 14:13 243 a--sh--- e:\docume~1\alluse~1\applic~1\system16driver.dat
2008-06-29 17:47 32,768 a--sh--- e:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062920080630\index.dat
2008-08-11 14:06 16,384 a--sh--- e:\windows\temp\cookies\index.dat
2008-08-11 14:06 16,384 a--sh--- e:\windows\temp\history\history.ie5\index.dat
2008-08-11 14:06 32,768 a--sh--- e:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 15:51:07.35 ===============

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-21 17:59:11
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB2C14576]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB2C14432]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB2C14910]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB2C1400A]
SSDT spss.sys ZwEnumerateKey [0xBA6C8CA2]
SSDT spss.sys ZwEnumerateValueKey [0xBA6C9030]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB2C1450C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB2C13F4A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB2C13FAE]
SSDT spss.sys ZwQueryKey [0xBA6C9108]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB2C1462C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB2C145EC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB2C1476C]
SSDT \??\E:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB2D85F20]

INT 0x62 ? 8AE55BF8
INT 0x63 ? 8AC8ABF8
INT 0x73 ? 8AEC6BF8
INT 0x73 ? 8AEC6BF8
INT 0x83 ? 8AEC6BF8
INT 0x94 ? 8AC8ABF8

---- Kernel code sections - GMER 1.0.14 ----

? spss.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B9F258AC 5 Bytes JMP 8AC8A1D8
.text a93yq1qh.SYS B961E384 1 Byte [ 20 ]
.text a93yq1qh.SYS B961E386 35 Bytes [ 00, 68, 00, 00, 00, 00, 00, ... ]
.text a93yq1qh.SYS B961E3AA 24 Bytes [ 00, 00, 20, 00, 00, E0, 00, ... ]
.text a93yq1qh.SYS B961E3C4 3 Bytes [ 00, 00, 00 ]
.text a93yq1qh.SYS B961E3C9 1 Byte [ 00 ]
.text ...

---- User code sections - GMER 1.0.14 ----

.text E:\Program Files\Internet Explorer\iexplore.exe[2672] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 0112E0B3 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2672] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 011BECEE E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2672] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 0135157B E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2672] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 013514AD E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2672] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 01351518 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2672] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 0135137E E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2672] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 013513E0 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2672] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 013515DE E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2672] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 01351442 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 0112E0B3 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01351712 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 01351776 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 011BECEE E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 0135175D E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 0135157B E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 013514AD E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 01351518 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 0135137E E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 013513E0 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 013515DE E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 01351442 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2796] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 01141420 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6AC040] spss.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6AC13C] spss.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6AC0BE] spss.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6AC7FC] spss.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6AC6D2] spss.sys
IAT \SystemRoot\System32\Drivers\a93yq1qh.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\a93yq1qh.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\a93yq1qh.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\a93yq1qh.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\a93yq1qh.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\a93yq1qh.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\a93yq1qh.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\a93yq1qh.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\a93yq1qh.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\a93yq1qh.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\a93yq1qh.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\a93yq1qh.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\a93yq1qh.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\a93yq1qh.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\a93yq1qh.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6BBD92] spss.sys

---- User IAT/EAT - GMER 1.0.14 ----

IAT E:\WINDOWS\system32\services.exe[760] @ E:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003A0002
IAT E:\WINDOWS\system32\services.exe[760] @ E:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003A0000

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8AEC51F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD6 0xFA 0x43 0xC7 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB7 0xAB 0x54 0xEB ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x72 0x4B 0x06 0xF1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd601265
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd601265@0017d55a61b2 0x57 0x55 0x62 0xA6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd601265@001b59e56330 0x9C 0x3B 0xDE 0x91 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD6 0xFA 0x43 0xC7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB7 0xAB 0x54 0xEB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x72 0x4B 0x06 0xF1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD6 0xFA 0x43 0xC7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB7 0xAB 0x54 0xEB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x90 0xE4 0x6F 0x21 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd601265
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd601265@0017d55a61b2 0x57 0x55 0x62 0xA6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd601265@001b59e56330 0x9C 0x3B 0xDE 0x91 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD6 0xFA 0x43 0xC7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB7 0xAB 0x54 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE9 0x84 0x13 0xA0 ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\0009dd601265
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\0009dd601265@0017d55a61b2 0x57 0x55 0x62 0xA6 ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\0009dd601265@001b59e56330 0x9C 0x3B 0xDE 0x91 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD6 0xFA 0x43 0xC7 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB7 0xAB 0x54 0xEB ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE9 0x84 0x13 0xA0 ...

---- Disk sectors - GMER 1.0.14 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.14 ----
You do not have the required permissions to view the files attached to this post.
twigz77
Active Member
 
Posts: 3
Joined: December 11th, 2008, 1:42 pm

Re: Homepage changes to Goggle.com

Unread postby ndmmxiaomayi » December 22nd, 2008, 9:37 am

Hi twigz77,

Step 1

Please disable avast! Antivirus temporarily as it may interfere with the fixes. Remember to re-enable it back before posting back the logs.

  • Right click on avast! Antivirus icon near the clock ( Image ) and select Stop On-Access Protection.
  • Right click on the icon again and select Program Settings.
  • On the left, click on Troubleshooting.
  • Uncheck (untick) this box - Disable avast! self-defense module.
  • Click OK to apply the settings.

Please also disable SUPERAntiSpyware and Windows Defender temporarily as they may interfere with the fixes.

Disable SUPERAntiSpyware temporarily

  1. Right click on SUPERAntiSpyware icon near the clock (a bug icon) and select View Control Center (Preferences/Options)....
  2. Select the General and Startup tab.
  3. Under Start-Up Options, uncheck (untick) Start SUPERAntiSpyware when Windows start box.
  4. Select Hi-Jack Protection tab. Uncheck (untick) Protect home page from being changed. Changes can be made only here box.
  5. Right click on SUPERAntiSpyware icon near the clock again and select Exit.
  6. Click OK to confirm.

Disable Windows Defender temporarily

  1. Go to Start > All Programs > Windows Defender.
  2. Click on Tools at the top.
  3. Under Settings, click on Options.
  4. Under Automatic scanning, uncheck (untick) Automatically scan my computer (recommended) box.
  5. Under Real-time protection options, uncheck (untick) Use real-time protection (recommended) box.
  6. Click on the Save button at the bottom right hand corner.

Step 2

Please visit this page to download and run Combofix - http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Save it to your desktop.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. You will see the following message if Microsoft Windows Recovery Console is not installed.

    Image

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image


Click on Yes to continue scanning for malware.

When finished, a log will be produced. Please post this log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Homepage changes to Goggle.com

Unread postby NonSuch » December 27th, 2008, 5:43 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27299
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 38 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware