Hello all. I tried posting this before but my post has vanished. I'm having a problem with my computer. Whenever I search with Google, it returns valid results but when I click the links I'm redirected to sites like "monstermarketplace", and other search sites. The link URL's are valid (if I type them in manually the sites come up fine) it's only when I click the links. I did some research and saw some posters having success with smitfraud, and other tools. I've downloaded and run nearly all of them and haven't had success. Many have discovered a file kdqya.exe , that I cannot seem to locate and delete. I have smitfraud, blacklight, and HJT logs but will wait to post them until requested. Also, I have a "silent runners" log if needed. PLEASE HELP. THANKS

Please post your logs.

Here are the logs I have: HJT Logfile of HijackThis v1.99.1 Scan saved at 3:43:14 PM, on 3/13/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe C:\Program Files\Sony\HotKey Utility\HKserv.exe C:\WINDOWS\System32\ezSP_Px.exe C:\WINDOWS\system32\ICO.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Sony\HotKey Utility\HKWnd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\system32\wuauclt.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin... R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Brennan\Application Data\Mozilla\Profiles\default\d7gebkwo.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/pa... O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/... O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/h... O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.co... O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sh... O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yah... O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pm... O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.c... O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resourc... O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows... O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/... O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/... O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msi... O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/active... O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ra... O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/i... O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\Brennan\Desktop\SFUninstaller.exe" service (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe Blacklight: 03/11/07 16:09:16 [Info]: BlackLight Engine 1.0.55 initialized 03/11/07 16:09:16 [Info]: OS: 5.1 build 2600 (Service Pack 2) 03/11/07 16:09:16 [Note]: 7019 4 03/11/07 16:09:16 [Note]: 7005 0 03/11/07 16:09:19 [Note]: 7006 0 03/11/07 16:09:19 [Note]: 7011 1972 03/11/07 16:09:20 [Note]: 7026 0 03/11/07 16:09:20 [Note]: 7026 0 03/11/07 16:09:37 [Note]: FSRAW library version 1.7.1021 03/11/07 16:16:45 [Info]: Hidden file: c:\WINDOWS\system32\kdqya.exe 03/11/07 16:16:45 [Note]: 7002 32 03/11/07 16:16:45 [Note]: 7003 1 03/11/07 16:16:45 [Note]: 10002 1 03/11/07 16:18:35 [Note]: 2000 1012 03/11/07 16:18:35 [Note]: 2000 1012 03/11/07 16:20:14 [Note]: 7007 0 Silent Runners "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: ---- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Apoint" = "C:\Program Files\Apoint\Apoint.exe" ["Alps Electric Co., Ltd."] "SigmaTel StacMon" = "C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe" [null data] "HKSERV.EXE" = "C:\Program Files\Sony\HotKey Utility\HKserv.exe" ["Sony Corporation"] "VAIO Recovery" = "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" ["Sony Electronics Inc"] "ezShieldProtector for Px" = "C:\WINDOWS\System32\ezSP_Px.exe" ["Easy Systems Japan Ltd."] "Mouse Suite 98 Daemon" = "ICO.EXE" ["Primax Electronics Ltd."] "ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"] "Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"] "SsAAD.exe" = "C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [null data] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = (no title provided) -> {HKLM...CLSID} = "CNavExtBho Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS] "{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard" -> {HKLM...CLSID} = "SpywareGuard.Handler" \InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."] "{3FCEF010-09A4-11D4-8D3B-D12F9D3D8B02}" = "TIShelEx Shell Extension" -> {HKLM...CLSID} = "FileTimeShlExt Class" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\TISHAR~1\TICONN~1\TIShlExt.dll" ["Texas Instruments Incorporated"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices" -> {HKLM...CLSID} = "Universal Plug and Play Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard" -> {HKLM...CLSID} = "SpywareGuard.Handler" \InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ <<!>> "System" = "kdqya.exe" [null data] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Group Policies {policy setting}: --- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoActiveDesktopChanges" = (REG_DWORD) hex:0x00000001 {Prohibit changes} "NoActiveDesktop" = (REG_DWORD) hex:0x00000001 {Disable Active Desktop} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoCDBurning" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "AllowLegacyWebView" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "AllowUnhashedWebView" = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "NoDispBackgroundPage" = (REG_DWORD) hex:0x00000001 {Hide Desktop tab} "NoDispAppearancePage" = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\System32\\wppp.html" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Brennan\My Documents\My Pictures\New Folder\ddddd.bmp" Active Desktop web content (hidden if disabled): HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\ "FriendlyName" = "" "Source" = "http://r04.webmail.aol.com/get-attachment.aspx?uid=1.12387434&folder=New+Mail&partId=2" "SubscribedURL" = "http://r04.webmail.aol.com/get-attachment.aspx?uid=1.12387434&folder=New+Mail&partId=2" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Startup items in "Brennan" & "All Users" startup folders: C:\Documents and Settings\Brennan\Start Menu\Programs\Startup "SpywareGuard" -> shortcut to: "C:\Program Files\SpywareGuard\sgmain.exe" [null data] C:\Documents and Settings\All Users\Start Menu\Programs\Startup "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.exe -b -l" [MS] Enabled Scheduled Tasks: ------------------------ "Norton AntiVirus - Scan my computer - Brennan" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"] Winsock2 Service Provider DLLs: -- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------- Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll" ["Yahoo! Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll" ["Yahoo! Inc."] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Internet Explorer Address Prefixes: ------ Prefix for specific service (i.e., "www") HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes\ <<H>> "SearchAssistant" = "http://213.159.118.226/sp.php" All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}): ----------------- Application Management, AppMgmt, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\appmgmts.dll" [file not found]} Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"] InstallDriver Table Manager, IDriverT, "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" ["Macrovision Corporation"] iPodService, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."] LiveUpdate, LiveUpdate, ""C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe"" ["Symantec Corporation"] Logical Disk Manager Administrative Service, dmadmin, "C:\WINDOWS\System32\dmadmin.exe /com" ["Microsoft Corp., Veritas Software"] MSCSPTISRV, MSCSPTISRV, "C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe" ["Sony Corporation"] Network Provisioning Service, xmlprov, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\xmlprov.dll" [MS]} Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"] Norton AntiVirus Firewall Monitor Service, NPFMntor, "C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe" ["Symantec Corporation"] PACSPTISVR, PACSPTISVR, "C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe" ["Sony Corporation"] Portable Media Serial Number Service, WmdmPmSN, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\MsPMSNSv.dll" [MS]} SAVScan, SAVScan, "C:\Program Files\Norton AntiVirus\SAVScan.exe" ["Symantec Corporation"] ScriptBlocking Service, SBService, "C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe" ["Symantec Corporation"] SmartFinder Uninstall, SmartFinder_Uninstall, ""C:\Documents and Settings\Brennan\Desktop\SFUninstaller.exe" service" [file not found] SonicStage SCSI Service, SSScsiSV, "C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe" ["Sony Corporation"] Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"] Symantec Network Drivers Service, SNDSrvc, "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" ["Symantec Corporation"] Symantec Password Validation, ccPwdSvc, ""C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"" ["Symantec Corporation"] Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"] Symantec SPBBCSvc, SPBBCSvc, "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" ["Symantec Corporation"] Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]} Windows Media Player Network Sharing Service, WMPNetworkSvc, ""C:\Program Files\Windows Media Player\WMPNetwk.exe"" [MS] WMI Performance Adapter, WmiApSrv, "C:\WINDOWS\System32\wbem\wmiapsrv.exe" [MS] ---------- <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 101 seconds, including 11 seconds for message boxes) GMER GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-03-14 01:47:25 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT 82ACB1A8 ZwConnectPort SSDT IPVNMon.sys ZwDeviceIoControlFile SSDT 82BAB478 ZwOpenProcess SSDT 82B8D5A0 ZwOpenThread SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess ---- Kernel code sections - GMER 1.0.12 ---- ? System32\Drivers\hiber_WMILIB.SYS The system cannot find the file specified. ---- User code sections - GMER 1.0.12 ---- .text C:\Documents and Settings\Brennan\Desktop\gmer\gmer.exe[120] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 003D4D5A .text C:\Documents and Settings\Brennan\Desktop\gmer\gmer.exe[120] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 003D4F72 .text C:\Documents and Settings\Brennan\Desktop\gmer\gmer.exe[120] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 003D508F .text C:\Documents and Settings\Brennan\Desktop\gmer\gmer.exe[120] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 003D4E74 .text C:\PROGRA~1\Sony\SONICS~1\SSAAD.exe[208] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00984D5A .text C:\PROGRA~1\Sony\SONICS~1\SSAAD.exe[208] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00984F72 .text C:\PROGRA~1\Sony\SONICS~1\SSAAD.exe[208] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0098508F .text C:\PROGRA~1\Sony\SONICS~1\SSAAD.exe[208] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00984E74 .text C:\Program Files\Apoint\ApntEx.exe[372] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00394D5A .text C:\Program Files\Apoint\ApntEx.exe[372] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00394F72 .text C:\Program Files\Apoint\ApntEx.exe[372] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0039508F .text C:\Program Files\Apoint\ApntEx.exe[372] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00394E74 .text C:\WINDOWS\system32\winlogon.exe[600] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00CB4D5A .text C:\WINDOWS\system32\winlogon.exe[600] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00CB4F72 .text C:\WINDOWS\system32\winlogon.exe[600] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00CB508F .text C:\WINDOWS\system32\winlogon.exe[600] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00CB4E74 .text C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe[792] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 003B4D5A .text C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe[792] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 003B4F72 .text C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe[792] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 003B508F .text C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe[792] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 003B4E74 .text C:\Program Files\Sony\HotKey Utility\HKServ.exe[1308] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00954D5A .text C:\Program Files\Sony\HotKey Utility\HKServ.exe[1308] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00954F72 .text C:\Program Files\Sony\HotKey Utility\HKServ.exe[1308] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0095508F .text C:\Program Files\Sony\HotKey Utility\HKServ.exe[1308] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00954E74 .text C:\WINDOWS\system32\ezSP_Px.exe[1472] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00974D5A .text C:\WINDOWS\system32\ezSP_Px.exe[1472] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00974F72 .text C:\WINDOWS\system32\ezSP_Px.exe[1472] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0097508F .text C:\WINDOWS\system32\ezSP_Px.exe[1472] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00974E74 .text C:\Program Files\Sony\HotKey Utility\HKWnd.exe[1540] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00994D5A .text C:\Program Files\Sony\HotKey Utility\HKWnd.exe[1540] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00994F72 .text C:\Program Files\Sony\HotKey Utility\HKWnd.exe[1540] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0099508F .text C:\Program Files\Sony\HotKey Utility\HKWnd.exe[1540] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00994E74 .text C:\WINDOWS\system32\ctfmon.exe[1616] ntdll.dll!NtCreateThread 7C90D7D2 3 Bytes JMP 00914D5A .text C:\WINDOWS\system32\ctfmon.exe[1616] ntdll.dll!NtCreateThread + 4 7C90D7D6 1 Byte [ 84 ] .text C:\WINDOWS\system32\ctfmon.exe[1616] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes JMP 00914F72 .text C:\WINDOWS\system32\ctfmon.exe[1616] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 1 Byte [ 84 ] .text C:\WINDOWS\system32\ctfmon.exe[1616] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 3 Bytes JMP 0091508F .text C:\WINDOWS\system32\ctfmon.exe[1616] ntdll.dll!NtQueryDirectoryFile + 4 7C90DF62 1 Byte [ 84 ] .text C:\WINDOWS\system32\ctfmon.exe[1616] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes JMP 00914E74 .text C:\WINDOWS\system32\ctfmon.exe[1616] ntdll.dll!NtSetValueKey + 4 7C90E7C0 1 Byte [ 84 ] .text C:\Program Files\SpywareGuard\sgmain.exe[1756] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00D44D5A .text C:\Program Files\SpywareGuard\sgmain.exe[1756] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00D44F72 .text C:\Program Files\SpywareGuard\sgmain.exe[1756] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D4508F .text C:\Program Files\SpywareGuard\sgmain.exe[1756] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00D44E74 .text C:\WINDOWS\explorer.exe[1796] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00B74D5A .text C:\WINDOWS\explorer.exe[1796] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00B74F72 .text C:\WINDOWS\explorer.exe[1796] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00B7508F .text C:\WINDOWS\explorer.exe[1796] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00B74E74 .text C:\Program Files\Apoint\Apoint.exe[1908] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00984D5A .text C:\Program Files\Apoint\Apoint.exe[1908] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00984F72 .text C:\Program Files\Apoint\Apoint.exe[1908] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0098508F .text C:\Program Files\Apoint\Apoint.exe[1908] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00984E74 .text C:\WINDOWS\system32\ico.exe[1992] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00394D5A .text C:\WINDOWS\system32\ico.exe[1992] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00394F72 .text C:\WINDOWS\system32\ico.exe[1992] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0039508F .text C:\WINDOWS\system32\ico.exe[1992] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00394E74 .text C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE[2024] ntdll.dll!NtCreateThread 7C90D7D2 3 Bytes JMP 00914D5A .text C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE[2024] ntdll.dll!NtCreateThread + 4 7C90D7D6 1 Byte [ 84 ] .text C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE[2024] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes JMP 00914F72 .text C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE[2024] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 1 Byte [ 84 ] .text C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE[2024] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 3 Bytes JMP 0091508F .text C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE[2024] ntdll.dll!NtQueryDirectoryFile + 4 7C90DF62 1 Byte [ 84 ] .text C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE[2024] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes JMP 00914E74 .text C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE[2024] ntdll.dll!NtSetValueKey + 4 7C90E7C0 1 Byte [ 84 ] .text C:\Program Files\SpywareGuard\sgbhp.exe[2100] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00D24D5A .text C:\Program Files\SpywareGuard\sgbhp.exe[2100] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00D24F72 .text C:\Program Files\SpywareGuard\sgbhp.exe[2100] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D2508F .text C:\Program Files\SpywareGuard\sgbhp.exe[2100] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00D24E74 ---- Devices - GMER 1.0.12 ---- Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F8BE6600] avgtdi.sys ---- Files - GMER 1.0.12 ---- File C:\WINDOWS\system32\kdqya.exe ---- EOF - GMER 1.0.12 ---- Smitfraud SmitFraudFix v2.148 Scan done at 1:48:47.37, Wed 03/14/2007 Run from C:\Documents and Settings\Brennan\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Brennan »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Brennan\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Brennan\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="http://r04.webmail.aol.com/get-attachment.aspx?uid=1.12387434&folder=New+Mail&partId=2" "SubscribedURL"="http://r04.webmail.aol.com/get-attachment.aspx?uid=1.12387434&folder=New+Mail&partId=2" "FriendlyName"="" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="kdqya.exe" kdqya.exe detected ! »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Thanks for helpin me out.

Please download ATF-Cleaner to your desktop from this link http://www.atribune.org/content/view/19/2/ We will need it later in safe mode Download and install AVG Anti-Spyware We will need this later in safe mode Be sure to update AVG Anti- Spyware Download Killbox to your desktop from this link Killbox by Option^Explicit. If you already have "Killbox" update to this newer version. We will need it later in safe mode Next, please reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account. Run Killbox from safe mode. Please double-click Killbox.exe to run it. Select: Delete on Reboot then Click on the All Files button. Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy): C:\WINDOWS\system32\kdqya.exe Return to Killbox, go to the File menu, and choose Paste from Clipboard. Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let us know if you receive this message!). If your computer does not restart automatically, please restart it manually. Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok. In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared. AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side. Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop). Post the AVG-AntiSpyware report and a new Gmer log please.