When I use google i'm being redirected all over the place. The sites it sends me to vary, but "overclick.cn" is a common destination.

I have read other entries in these forums and have performed the recommendations to no avail.

I have run Kaspersky scans, Ad-Aware scans, ComboFix and Malwarebytes Anti-Malware. All 4 of these applications identified problem files and "cleaned" them, but I continue to have redirects.

Below I am pasting the logs from ComboFix and Malwarebytes Anti-Malware.

Any help would be GREATLY appreciated!

=====================================================================================

ComboFix 09-06-26.02 - John 06/28/2009 11:46.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.651 [GMT -5:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
The following files were disabled during the run:
c:\program files\Cisco Systems\Secure Desktop\System.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\net.net

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 )))))))))))))))))))))))))))))))
.

2009-06-28 12:42 . 2009-06-28 12:42 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-27 01:31 . 2009-06-27 01:32 54272 ----a-w- c:\windows\system32\drivers\UACdcgdtryqoppblao.sys
2009-06-22 22:26 . 2009-06-22 22:26 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-22 22:26 . 2009-06-22 22:26 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-22 22:26 . 2009-06-22 22:26 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-22 22:26 . 2009-06-22 22:26 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-22 22:26 . 2009-06-22 22:26 296800 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-22 22:26 . 2009-06-22 22:26 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-22 22:25 . 2009-06-22 22:25 72704 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-22 22:25 . 2009-06-22 22:25 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-22 22:24 . 2009-06-22 22:24 561016 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-22 22:24 . 2009-06-22 22:24 565096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-22 22:24 . 2009-06-22 22:24 2349384 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-22 22:24 . 2009-06-22 22:24 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-22 22:23 . 2009-06-22 22:23 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-22 22:23 . 2009-06-22 22:23 1003344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-17 03:19 . 2009-06-17 03:19 1915520 ----a-w- c:\documents and settings\John\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-06-12 00:00 . 2009-06-12 00:00 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-06-12 00:00 . 2009-06-12 00:00 206088 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-06-12 00:00 . 2009-06-12 00:00 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-06-11 23:53 . 2009-06-16 22:23 499744 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-11 23:53 . 2009-06-16 21:39 4512288 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-11 23:49 . 2009-06-12 00:00 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-11 23:49 . 2009-06-12 00:00 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-11 23:46 . 2009-06-11 23:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-11 05:23 . 2009-06-11 05:23 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-06-11 05:23 . 2009-06-11 05:23 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 12:48 . 2006-07-02 12:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-16 22:23 . 2009-06-11 23:53 2788 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-16 21:39 . 2009-06-11 23:53 36332 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-12 00:00 . 2008-01-29 22:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-06-11 23:53 . 2004-06-10 00:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-11 23:50 . 2006-07-02 12:11 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-11 23:48 . 2004-12-06 23:48 -------- d-----w- c:\program files\SpywareBlaster
2009-05-26 22:23 . 2009-05-26 22:23 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-26 22:23 . 2009-03-04 01:45 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-26 22:23 . 2009-05-26 22:23 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-05-26 22:23 . 2009-05-26 22:23 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-05-26 22:23 . 2009-05-26 22:23 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-05-07 15:44 . 2003-03-31 12:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-02-06 23:05 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-21 22:23 . 2009-04-21 22:23 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-21 22:23 . 2009-03-03 23:23 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-17 09:58 . 2003-03-31 12:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:26 . 2004-05-10 02:35 583168 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-08 20:46 . 2009-02-24 07:13 92219 ----a-w- c:\documents and settings\John\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-06-28_12.38.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-28 12:42 . 2008-10-16 20:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-28 12:42 . 2004-08-04 07:56 82944 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-28 12:42 . 2004-08-04 07:56 24576 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-28 12:42 . 2004-08-04 07:56 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-28 12:42 . 2005-06-10 23:53 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-28 12:42 . 2004-08-04 07:56 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-28 12:42 . 2004-08-04 07:56 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-28 12:42 . 2004-08-04 05:58 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-28 12:42 . 2004-08-04 06:00 29056 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-28 12:42 . 2004-08-04 07:56 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-06-28 12:42 . 2004-08-04 07:56 502272 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-28 12:42 . 2009-04-29 04:56 827392 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-28 12:42 . 2007-03-08 15:36 577536 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-28 12:42 . 2004-08-04 07:56 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-28 12:42 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-28 12:42 . 2009-02-06 17:14 110592 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-28 12:42 . 2004-08-04 06:14 182912 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-28 12:42 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-28 12:42 . 2004-08-04 07:56 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-28 12:42 . 2004-08-04 07:56 1580544 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-28 12:42 . 2009-02-06 17:24 2180480 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-28 12:42 . 2009-02-06 16:49 2057728 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-28 12:42 . 2007-06-13 10:23 1033216 c:\windows\system32\dllcache\cache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-07-12 1409136]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-02 289576]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-22 518488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk
backup=c:\windows\pss\NaturalColorLoad.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\JavaSoft\\JRE\\1.3.1_04\\bin\\javaw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ABIT\\ABIT uGuru\\FlashMenu.exe"=
"c:\\Program Files\\ABIT\\FlashMenu\\FlashMenu.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 AC2003;AC2003;c:\windows\system32\drivers\AC2003.sys [5/11/2004 10:51 PM 3584]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 5:29 PM 33808]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/3/2009 6:23 PM 64160]
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2/9/2004 3:15 PM 97873]
R2 TwingoStorageDriver;TwingoStorageDriver;c:\program files\Cisco Systems\Secure Desktop\Storage.sys [10/24/2006 6:20 AM 73728]
R2 TwingoStorageService;Cisco Systems Secure Desktop;c:\program files\Cisco Systems\Secure Desktop\Storage.exe [10/24/2006 6:20 AM 34576]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 5:06 PM 24592]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [6/22/2007 9:46 PM 36224]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1003344]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 oflpydin;oflpydin;\??\c:\docume~1\John\LOCALS~1\Temp\oflpydin.sys --> c:\docume~1\John\LOCALS~1\Temp\oflpydin.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-06-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 22:24]

2009-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{1aa96a54-ed7a-4e1e-906d-c70c35f0b1fc} - (no file)
Notify-= - (no file)


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: windowsupdate
DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} - hxxp://216.229.34.68:81/cab/OCXChecker_6100.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://webvpn.usaa.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {705EC6D4-B138-4079-A307-EF13E40C2416} - hxxps://webmail.usaa.com/CACHE/sdesktop/install/binaries/instweb.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-28 11:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\drivers\hjgruinqwnnsfn.sys 68096 bytes executable
c:\windows\system32\hjgruiajyqapsl.dat 35334 bytes
c:\windows\system32\hjgruidcqbsbep.dll 43520 bytes executable
c:\windows\system32\hjgruilhngtfhg.dat 93 bytes
c:\windows\system32\hjgruiqrsaverq.dll 18944 bytes executable
c:\windows\TEMP\hjgruidxkvtpetui.tmp 93 bytes
c:\windows\TEMP\hjgruihoarxvvcbc.tmp 18944 bytes executable
c:\windows\TEMP\hjgruiuxhrrpikpj.tmp 18944 bytes executable

scan completed successfully
hidden files: 8

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hjgruiirlrepyn]
"imagepath"="\systemroot\system32\drivers\hjgruinqwnnsfn.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\Ati2evxx.dll
c:\program files\Cisco Systems\Secure Desktop\System.dll

- - - - - - - > 'lsass.exe'(904)
c:\program files\Cisco Systems\Secure Desktop\System.dll

- - - - - - - > 'csrss.exe'(816)
c:\program files\Cisco Systems\Secure Desktop\System.dll
.
Completion time: 2009-06-28 11:59
ComboFix-quarantined-files.txt 2009-06-28 16:57
ComboFix2.txt 2009-06-28 12:47

Pre-Run: 3,448,631,296 bytes free
Post-Run: 3,434,541,056 bytes free

200 --- E O F --- 2009-06-12 08:02


=======================================================================================


Below is a copy of the log generated by running Malwarebytes Anti-Malware:



=======================================================================================

Malwarebytes' Anti-Malware 1.38
Database version: 2346
Windows 5.1.2600 Service Pack 2

6/28/2009 12:10:57 PM
mbam-log-2009-06-28 (12-10-57).txt

Scan type: Quick Scan
Objects scanned: 93597
Time elapsed: 8 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\drivers\UACdcgdtryqoppblao.sys (Trojan.TDSS) -> Quarantined and deleted successfully.

====================================================================================================
=====

Sorry... some quick additional information. I noticed a lot of other posts include a HighackThis log, so below is mine. Thanks!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:22:39 PM, on 6/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\Secure Desktop\Storage.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://moneycentral.msn.com/investor/home.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {1aa96a54-ed7a-4e1e-906d-c70c35f0b1fc} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://216.229.34.68:81/cab/OCXChecker_6100.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://webvpn.usaa.com/CACHE/stc/1/binaries/vpnweb.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {705EC6D4-B138-4079-A307-EF13E40C2416} (InstallerWeb Control) - https://webmail.usaa.com/CACHE/sdesktop/ins...ies/instweb.cab
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate2.exe
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: Cisco Systems Secure Desktop (TwingoStorageService) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\Secure Desktop\Storage.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7376 bytes

Hello StinsonJ,

Please update Combofix and run it again. (COmbofix should check for updates if you run it again)

Thunderbird1988

Thunderbird1988 -- that absolutely did the trick! I guess I was a few days too early before!

Many thanks to you and all of the volunteer troubleshooters. You provide a really awesome service to so many!

John

This post has been edited by stinsonj: Jul 3 2009, 09:23 PM

Hello John,

Thank you very much for your kind words. They mean a lot to us.

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

Please read the link in my signature for hints and tips on how to protect your system against infections.

THunderbird1988

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.