Solved Browser getting redirected. SZKGFS.dat?

Status
Not open for further replies.

Ruth15

Posts: 15   +0
Hi,

Some websites are getting redirected to searchportal.information.com on my browsers (both Opera and IE).

I use ESET Node32 antivirus. I have tried scanning with Malwarebytes, Superantispyware, Windows security essentials, Smitfraud and Combofix - none of them detected anything, and none of them could resolve the redirection issue.

Today I noticed a file called SZKGFS.dat in each of my hard drive folders. While searching for more info on the SZKGFS.dat, I landed here.

I hope someone can help me get rid of the redirection, and this malware.

Thanks,
Ruth.
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
 
Hi,

The GMER took a long time to scan, but all done, and here are the logs:

GMER:

GMER 1.0.15.15315 - http://www.gmer.net
Rootkit scan 2010-10-15 01:43:43
Windows 5.1.2600 Service Pack 3
Running: nkhekiqv.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwwiifob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xEDE9F610]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xEDE9FC10]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xEDE9F730]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xEDE9F4B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xEDE9F570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xEDE9F6D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xEDE9F690]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xEDE9F650]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xEDE9F7D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xEDE9F510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xEDE9F590]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xEDE9F4D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xEDE9F5D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xEDE9F750]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 8 Bytes JMP 6A43BB9E
.text ntoskrnl.exe!_abnormal_termination + 450 804E2ABC 8 Bytes JMP 6A43FBAE

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1844] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

---- EOF - GMER 1.0.15 ----


MBAM

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3982

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

10/14/2010 9:38:30 PM
mbam-log-2010-10-14 (21-38-30).txt

Scan type: Quick scan
Objects scanned: 99400
Time elapsed: 6 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


DDS

DDS (Ver_10-10-10.03) - NTFSx86
Run by Administrator at 4:35:28.59 on Fri 10/15/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.382.144 [GMT 5.5:30]

AV: ESET NOD32 Antivirus 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\Administrator\Desktop\dds.pif

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - e:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - e:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-3-29 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-3-29 95872]
R1 SASDIFSV;SASDIFSV;e:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;e:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-3-29 810120]
R3 es1969;ESS 1969 Audio Driver (WDM);c:\windows\system32\drivers\es1969.sys [2010-3-25 72192]

=============== Created Last 30 ================

2010-10-13 12:04:52 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-13 11:16:59 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-13 09:48:29 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 09:48:27 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-05 22:57:01 -------- d-sha-r- C:\cmdcons
2010-10-05 22:54:25 98816 ----a-w- c:\windows\sed.exe
2010-10-05 22:54:25 77312 ----a-w- c:\windows\MBR.exe
2010-10-05 22:54:25 256512 ----a-w- c:\windows\PEV.exe
2010-10-05 22:54:25 161792 ----a-w- c:\windows\SWREG.exe
2010-10-05 21:16:22 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-10-05 17:46:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2010-10-05 17:45:01 -------- d-----w- c:\program files\common files\iS3
2010-10-05 17:44:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-09-22 12:40:52 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2010-09-18 06:53:26 974848 -c----w- c:\windows\system32\dllcache\mfc42u.dll

==================== Find3M ====================

2010-09-18 06:53:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38:01 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38:00 17408 ------w- c:\windows\system32\corpol.dll
2010-09-08 15:57:57 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 4:36:31.65 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/26/2010 3:17:34 AM
System Uptime: 10/14/2010 8:04:02 PM (8 hours ago)

Motherboard: Intel Corporation | | D845GLLY
Processor: Intel(R) Pentium(R) 4 CPU 1.80GHz | X1 | 1799/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 39 GiB total, 29.909 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 39 GiB total, 26.201 GiB free.
F: is FIXED (NTFS) - 39 GiB total, 24.726 GiB free.
G: is FIXED (NTFS) - 32 GiB total, 31.778 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_134D&DEV_7896&SUBSYS_0001150D&REV_02\4&2AF9ED5&0&10F0
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_134D&DEV_7896&SUBSYS_0001150D&REV_02\4&2AF9ED5&0&10F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_24C5&SUBSYS_03038086&REV_01\3&267A616A&0&FD
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_24C5&SUBSYS_03038086&REV_01\3&267A616A&0&FD
Service:

==== System Restore Points ===================

RP121: 7/21/2010 7:17:04 PM - System Checkpoint
RP122: 7/22/2010 7:59:26 PM - System Checkpoint
RP123: 7/24/2010 10:54:52 AM - System Checkpoint
RP124: 7/26/2010 6:11:55 PM - System Checkpoint
RP125: 7/27/2010 6:14:16 PM - System Checkpoint
RP126: 7/28/2010 8:49:44 PM - System Checkpoint
RP127: 7/29/2010 11:55:10 PM - System Checkpoint
RP128: 7/30/2010 11:58:07 PM - Installed Windows XP Wdf01007.
RP129: 8/2/2010 11:33:56 PM - System Checkpoint
RP130: 8/4/2010 8:30:11 PM - System Checkpoint
RP131: 8/5/2010 9:18:59 PM - System Checkpoint
RP132: 8/7/2010 5:08:00 PM - System Checkpoint
RP133: 8/8/2010 10:41:24 PM - System Checkpoint
RP134: 8/9/2010 6:07:03 PM - Software Distribution Service 3.0
RP135: 8/10/2010 11:22:30 PM - System Checkpoint
RP136: 8/12/2010 11:54:37 AM - System Checkpoint
RP137: 8/12/2010 1:41:02 PM - Software Distribution Service 3.0
RP138: 8/13/2010 4:42:22 PM - System Checkpoint
RP139: 8/15/2010 6:06:21 PM - System Checkpoint
RP140: 8/16/2010 7:58:49 PM - System Checkpoint
RP141: 8/17/2010 8:45:27 PM - System Checkpoint
RP142: 8/19/2010 12:33:10 AM - System Checkpoint
RP143: 8/20/2010 1:18:32 AM - System Checkpoint
RP144: 8/21/2010 6:57:43 PM - System Checkpoint
RP145: 8/22/2010 7:07:10 PM - System Checkpoint
RP146: 8/24/2010 10:22:04 PM - System Checkpoint
RP147: 8/25/2010 11:33:25 PM - System Checkpoint
RP148: 8/27/2010 11:18:24 AM - System Checkpoint
RP149: 8/28/2010 2:38:25 PM - System Checkpoint
RP150: 8/29/2010 9:41:33 PM - System Checkpoint
RP151: 8/31/2010 11:42:56 AM - System Checkpoint
RP152: 9/1/2010 2:02:45 PM - System Checkpoint
RP153: 9/3/2010 3:58:15 PM - System Checkpoint
RP154: 9/4/2010 11:50:24 PM - System Checkpoint
RP155: 9/6/2010 5:29:10 PM - System Checkpoint
RP156: 9/7/2010 5:38:46 PM - System Checkpoint
RP157: 9/8/2010 6:37:09 PM - System Checkpoint
RP158: 9/9/2010 10:03:51 PM - System Checkpoint
RP159: 9/10/2010 11:48:41 PM - System Checkpoint
RP160: 9/12/2010 1:14:54 PM - System Checkpoint
RP161: 9/13/2010 6:05:41 PM - System Checkpoint
RP162: 9/14/2010 6:09:34 PM - Removed Opera 10.10.
RP163: 9/14/2010 6:09:51 PM - Installed Opera 10.62.
RP164: 9/15/2010 6:20:06 PM - System Checkpoint
RP165: 9/16/2010 1:54:23 AM - Software Distribution Service 3.0
RP166: 9/16/2010 11:41:08 AM - Software Distribution Service 3.0
RP167: 9/18/2010 9:24:30 PM - System Checkpoint
RP168: 9/19/2010 10:02:48 PM - System Checkpoint
RP169: 9/20/2010 11:01:22 PM - System Checkpoint
RP170: 9/22/2010 1:05:47 AM - System Checkpoint
RP171: 9/23/2010 7:27:04 PM - System Checkpoint
RP172: 9/24/2010 10:15:53 PM - System Checkpoint
RP173: 9/25/2010 11:25:30 PM - System Checkpoint
RP174: 9/27/2010 12:38:07 AM - System Checkpoint
RP175: 9/28/2010 8:59:11 PM - System Checkpoint
RP176: 9/29/2010 9:28:10 PM - System Checkpoint
RP177: 9/30/2010 5:07:43 AM - Software Distribution Service 3.0
RP178: 10/1/2010 10:24:05 AM - System Checkpoint
RP179: 10/2/2010 4:14:00 PM - System Checkpoint
RP180: 10/3/2010 9:53:07 PM - System Checkpoint
RP181: 10/4/2010 10:57:55 PM - Removed Agatha Christie - Death on the Nile
RP182: 10/5/2010 11:14:22 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP183: 10/6/2010 1:45:59 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP184: 10/6/2010 2:46:17 AM - Software Distribution Service 3.0
RP185: 10/7/2010 12:58:29 PM - Software Distribution Service 3.0
RP186: 10/8/2010 3:22:36 PM - System Checkpoint
RP187: 10/9/2010 4:12:15 PM - System Checkpoint
RP188: 10/11/2010 1:50:30 AM - System Checkpoint
RP189: 10/12/2010 5:16:30 PM - System Checkpoint
RP190: 10/13/2010 3:36:35 PM - Software Distribution Service 3.0
RP191: 10/13/2010 5:25:27 PM - Software Distribution Service 3.0
RP192: 10/14/2010 7:29:14 PM - System Checkpoint

==== Installed Programs ======================

7-Zip 4.65
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.4.0
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Application Support
Apple Software Update
Chuzzle Deluxe
Compatibility Pack for the 2007 Office system
Delicious Deluxe Winter
ESET NOD32 Antivirus
FileZilla Client 3.3.2.1
Guitar Pro 5.2
High Definition Audio Driver Package - KB888111
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics Driver
Java Auto Updater
Java(TM) 6 Update 20
jZip
Malwarebytes' Anti-Malware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSVC80_x86
MSVCRT
Nokia Connectivity Cable Driver
Nokia PC Suite
Office Genuine Advantage Validation 2.0.48.0 Cracked V3
OGA Notifier 2.0.0048.0
Opera 10.62
PC Connectivity Solution
PDF Settings
PicPick
PSPad editor
QuickTime
RealPlayer
RealUpgrade 1.0
Romance of Rome 1.00
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SUPERAntiSpyware
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VLC media player 1.0.5
WampServer 2.0
WebFldrs XP
Windows Driver Package - Nokia Modem (02/23/2009 7.01.0.2)
Windows Driver Package - Nokia Modem (02/24/2009 4.0)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows XP Service Pack 3
Youtube Downloader HD v. 2.1.1

==== Event Viewer Messages From Past Week ========

10/14/2010 8:02:11 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
10/14/2010 8:02:11 PM, error: Service Control Manager [7034] - The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated unexpectedly. It has done this 1 time(s).
10/14/2010 12:58:13 PM, error: Dhcp [1002] - The IP address lease 192.168.1.6 for the Network Card with network address 0030F11FCE8C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/13/2010 12:21:49 PM, error: System Error [1003] - Error code 1000008e, parameter1 c000001d, parameter2 f6fd5ec1, parameter3 ee6398a0, parameter4 00000000.
10/11/2010 5:24:22 PM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0030F11FCE8C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/10/2010 8:02:38 PM, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 0030F11FCE8C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/10/2010 3:06:30 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0030F11FCE8C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================



Thanks,
Ruth.
 

Attachments

  • Attach.txt
    13.8 KB · Views: 1
Please, do NOT wrap logs in quotes and also observe our new rule: https://www.techspot.com/vb/topic154928.html (all logs have to be pasted).
Thanks.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Bleepingcomputer.com is one of the sites that I can't access.

Here are the logs:

ComboFix 10-10-14.04 - Administrator 10/15/2010 23:51:47.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.382.147 [GMT 5.5:30]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Files Created from 2010-09-15 to 2010-10-15 )))))))))))))))))))))))))))))))
.

2010-10-13 12:04 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-13 11:16 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-13 09:48 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 09:48 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-05 21:16 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-10-05 17:46 . 2010-10-05 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-10-05 17:45 . 2010-10-05 17:45 -------- d-----w- c:\program files\Common Files\iS3
2010-10-05 17:44 . 2010-10-05 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-09-22 12:40 . 2010-09-22 12:40 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-09-18 06:53 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42u.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((( SnapShot@2010-10-05_23.03.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-15 14:23 . 2010-10-15 14:23 16384 c:\windows\Temp\Perflib_Perfdata_788.dat
+ 2004-08-03 19:26 . 2010-08-27 05:57 99840 c:\windows\system32\srvsvc.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 44544 c:\windows\system32\pngfilt.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 44544 c:\windows\system32\pngfilt.dll
- 2007-08-13 13:24 . 2010-06-24 12:15 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 13:24 . 2010-09-09 13:38 52224 c:\windows\system32\msfeedsbs.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 27648 c:\windows\system32\jsproxy.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 27648 c:\windows\system32\jsproxy.dll
- 2007-08-13 13:09 . 2010-06-23 12:06 13824 c:\windows\system32\ieudinit.exe
+ 2007-08-13 13:09 . 2010-09-08 15:57 13824 c:\windows\system32\ieudinit.exe
- 2004-08-03 19:26 . 2010-06-24 12:15 44544 c:\windows\system32\iernonce.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 44544 c:\windows\system32\iernonce.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 78336 c:\windows\system32\ieencode.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 78336 c:\windows\system32\ieencode.dll
+ 2004-08-03 19:26 . 2010-09-08 15:57 70656 c:\windows\system32\ie4uinit.exe
- 2004-08-03 19:26 . 2010-06-23 12:06 70656 c:\windows\system32\ie4uinit.exe
- 2007-08-13 13:06 . 2010-06-24 12:15 63488 c:\windows\system32\icardie.dll
+ 2007-08-13 13:06 . 2010-09-09 13:38 63488 c:\windows\system32\icardie.dll
+ 2010-08-27 05:57 . 2010-08-27 05:57 99840 c:\windows\system32\dllcache\srvsvc.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2010-03-31 15:56 . 2010-09-09 13:38 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2010-03-31 15:56 . 2010-06-24 12:15 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-03-31 15:56 . 2010-09-08 15:57 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2010-03-31 15:56 . 2010-06-23 12:06 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2004-08-03 19:26 . 2010-09-09 13:38 44544 c:\windows\system32\dllcache\iernonce.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 44544 c:\windows\system32\dllcache\iernonce.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 78336 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-03 19:26 . 2010-06-23 12:06 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-03 19:26 . 2010-09-08 15:57 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-03-31 15:56 . 2010-09-09 13:38 63488 c:\windows\system32\dllcache\icardie.dll
- 2010-03-31 15:56 . 2010-06-24 12:15 63488 c:\windows\system32\dllcache\icardie.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 17408 c:\windows\system32\dllcache\corpol.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 17408 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 17408 c:\windows\system32\corpol.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 17408 c:\windows\system32\corpol.dll
- 2010-09-15 20:27 . 2010-09-15 20:27 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-10-13 12:04 . 2010-10-13 12:04 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-03-26 04:08 . 2010-10-13 12:03 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2010-03-26 04:08 . 2010-09-15 20:32 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2010-03-26 04:08 . 2010-10-13 12:03 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2010-03-26 04:08 . 2010-09-15 20:32 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2010-03-26 04:08 . 2010-09-15 20:32 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2010-03-26 04:08 . 2010-10-13 12:03 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2010-03-26 04:08 . 2010-09-15 20:32 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2010-03-26 04:08 . 2010-10-13 12:03 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2010-03-26 04:08 . 2010-10-13 12:03 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2010-03-26 04:08 . 2010-09-15 20:32 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2010-03-26 04:08 . 2010-10-13 12:03 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2010-03-26 04:08 . 2010-09-15 20:32 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-10-13 12:05 . 2010-06-24 12:15 44544 c:\windows\ie7updates\KB2360131-IE7\pngfilt.dll
+ 2010-10-13 12:05 . 2010-06-24 12:15 52224 c:\windows\ie7updates\KB2360131-IE7\msfeedsbs.dll
+ 2010-10-13 12:05 . 2010-06-24 12:15 27648 c:\windows\ie7updates\KB2360131-IE7\jsproxy.dll
+ 2010-10-13 12:05 . 2010-06-23 12:06 13824 c:\windows\ie7updates\KB2360131-IE7\ieudinit.exe
+ 2010-10-13 12:05 . 2010-06-24 12:15 44544 c:\windows\ie7updates\KB2360131-IE7\iernonce.dll
+ 2010-10-13 12:05 . 2010-06-24 12:15 78336 c:\windows\ie7updates\KB2360131-IE7\ieencode.dll
+ 2010-10-13 12:05 . 2010-06-23 12:06 70656 c:\windows\ie7updates\KB2360131-IE7\ie4uinit.exe
+ 2010-10-13 12:05 . 2010-06-24 12:15 63488 c:\windows\ie7updates\KB2360131-IE7\icardie.dll
+ 2010-10-13 12:05 . 2010-06-24 12:15 17408 c:\windows\ie7updates\KB2360131-IE7\corpol.dll
- 2010-03-30 01:55 . 2010-07-22 05:57 5120 c:\windows\system32\xpsp4res.dll
+ 2010-03-30 01:55 . 2010-08-26 12:52 5120 c:\windows\system32\xpsp4res.dll
+ 2010-03-26 04:08 . 2010-10-13 12:03 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2010-03-26 04:08 . 2010-09-15 20:32 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2004-08-03 19:26 . 2010-09-09 13:38 832512 c:\windows\system32\wininet.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 832512 c:\windows\system32\wininet.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 233472 c:\windows\system32\webcheck.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 233472 c:\windows\system32\webcheck.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 105984 c:\windows\system32\url.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 105984 c:\windows\system32\url.dll
- 2004-08-03 19:26 . 2009-10-15 16:28 119808 c:\windows\system32\t2embed.dll
+ 2004-08-03 19:26 . 2010-08-27 08:02 119808 c:\windows\system32\t2embed.dll
+ 2004-08-03 19:26 . 2010-08-16 08:45 590848 c:\windows\system32\rpcrt4.dll
- 2004-08-03 19:26 . 2010-07-22 15:49 590848 c:\windows\system32\rpcrt4.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 102912 c:\windows\system32\occache.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 102912 c:\windows\system32\occache.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 671232 c:\windows\system32\mstime.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 671232 c:\windows\system32\mstime.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 193024 c:\windows\system32\msrating.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 193024 c:\windows\system32\msrating.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 478208 c:\windows\system32\mshtmled.dll
+ 2007-08-13 13:24 . 2010-09-09 13:38 468480 c:\windows\system32\msfeeds.dll
+ 2004-08-03 19:26 . 2010-09-18 06:53 974848 c:\windows\system32\mfc42u.dll
+ 2004-08-03 19:26 . 2010-09-18 06:53 974848 c:\windows\system32\mfc42.dll
+ 2001-08-23 06:30 . 2010-09-18 06:53 953856 c:\windows\system32\mfc40u.dll
+ 2001-08-23 06:30 . 2010-09-18 06:53 954368 c:\windows\system32\mfc40.dll
+ 2007-08-13 13:04 . 2010-09-09 13:38 268288 c:\windows\system32\iertutil.dll
- 2007-08-13 13:04 . 2010-06-24 12:15 268288 c:\windows\system32\iertutil.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 192512 c:\windows\system32\iepeers.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 192512 c:\windows\system32\iepeers.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 384512 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 06:57 . 2010-09-09 13:38 380928 c:\windows\system32\ieapfltr.dll
- 2007-07-11 06:57 . 2010-06-24 12:15 380928 c:\windows\system32\ieapfltr.dll
- 2001-08-23 06:30 . 2010-06-17 15:11 161792 c:\windows\system32\ieakui.dll
+ 2001-08-23 06:30 . 2010-08-25 11:29 161792 c:\windows\system32\ieakui.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 230400 c:\windows\system32\ieaksie.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 133120 c:\windows\system32\extmgr.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 133120 c:\windows\system32\extmgr.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 347136 c:\windows\system32\dxtmsft.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-03 17:44 . 2010-08-26 13:39 357248 c:\windows\system32\drivers\srv.sys
+ 2010-03-30 01:55 . 2010-07-12 12:55 218112 c:\windows\system32\dllcache\wordpad.exe
- 2004-08-03 19:26 . 2010-06-24 12:15 832512 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 832512 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 105984 c:\windows\system32\dllcache\url.dll
- 2010-03-29 21:21 . 2009-10-15 16:28 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2010-03-29 21:21 . 2010-08-27 08:02 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2010-03-29 21:14 . 2010-08-26 13:39 357248 c:\windows\system32\dllcache\srv.sys
+ 2009-04-15 14:51 . 2010-08-16 08:45 590848 c:\windows\system32\dllcache\rpcrt4.dll
- 2009-04-15 14:51 . 2010-07-22 15:49 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 102912 c:\windows\system32\dllcache\occache.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 102912 c:\windows\system32\dllcache\occache.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 671232 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 671232 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 193024 c:\windows\system32\dllcache\msrating.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 193024 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 478208 c:\windows\system32\dllcache\mshtmled.dll
+ 2010-03-31 15:56 . 2010-09-09 13:38 468480 c:\windows\system32\dllcache\msfeeds.dll
+ 2001-08-23 06:30 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll
+ 2010-03-25 21:39 . 2010-08-25 11:30 634648 c:\windows\system32\dllcache\iexplore.exe
+ 2010-03-31 15:56 . 2010-09-09 13:38 268288 c:\windows\system32\dllcache\iertutil.dll
- 2010-03-31 15:56 . 2010-06-24 12:15 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 192512 c:\windows\system32\dllcache\iepeers.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 384512 c:\windows\system32\dllcache\iedkcs32.dll
+ 2010-03-31 15:56 . 2010-09-09 13:38 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2010-03-31 15:56 . 2010-06-24 12:15 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2001-08-23 06:30 . 2010-08-25 11:29 161792 c:\windows\system32\dllcache\ieakui.dll
- 2001-08-23 06:30 . 2010-06-17 15:11 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 133120 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2010-04-20 05:30 . 2010-09-01 11:51 285824 c:\windows\system32\dllcache\atmfd.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 124928 c:\windows\system32\dllcache\advpack.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-03 19:26 . 2010-08-23 16:12 617472 c:\windows\system32\comctl32.dll
- 2004-08-03 19:26 . 2008-04-14 00:11 617472 c:\windows\system32\comctl32.dll
+ 2004-08-03 19:26 . 2010-09-01 11:51 285824 c:\windows\system32\atmfd.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 124928 c:\windows\system32\advpack.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 124928 c:\windows\system32\advpack.dll
+ 2010-03-26 04:08 . 2010-10-13 12:03 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2010-03-26 04:08 . 2010-09-15 20:32 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2010-03-26 04:08 . 2010-09-15 20:32 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2010-03-26 04:08 . 2010-10-13 12:03 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2010-03-26 04:08 . 2010-10-13 12:03 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2010-03-26 04:08 . 2010-09-15 20:32 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2010-03-26 04:08 . 2010-10-13 12:03 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2010-03-26 04:08 . 2010-09-15 20:32 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2010-03-26 04:08 . 2010-10-13 12:03 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2010-03-26 04:08 . 2010-09-15 20:32 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2010-03-26 04:08 . 2010-10-13 12:03 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2010-03-26 04:08 . 2010-09-15 20:32 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-10-13 12:05 . 2010-06-24 12:15 832512 c:\windows\ie7updates\KB2360131-IE7\wininet.dll
+ 2010-10-13 12:05 . 2010-06-24 12:15 233472 c:\windows\ie7updates\KB2360131-IE7\webcheck.dll
+ 2010-10-13 12:05 . 2010-06-24 12:15 105984 c:\windows\ie7updates\KB2360131-IE7\url.dll
+ 2010-10-13 12:05 . 2010-02-22 14:23 382840 c:\windows\ie7updates\KB2360131-IE7\spuninst\updspapi.dll
+ 2010-10-13 12:05 . 2010-02-22 14:23 231288 c:\windows\ie7updates\KB2360131-IE7\spuninst\spuninst.exe
+ 2010-10-13 12:05 . 2010-06-24 12:15 102912 c:\windows\ie7updates\KB2360131-IE7\occache.dll
+ 2010-10-13 12:05 . 2010-06-24 12:15 671232 c:\windows\ie7updates\KB2360131-IE7\mstime.dll
+ 2010-10-13 12:05 . 2010-06-24 12:15 193024 c:\windows\ie7updates\KB2360131-IE7\msrating.dll
+ 2010-10-13 12:05 . 2010-06-24 12:15 477696 c:\windows\ie7updates\KB2360131-IE7\mshtmled.dll
+ 2010-10-13 12:05 . 2010-06-24 12:15 459264 c:\windows\ie7updates\KB2360131-IE7\msfeeds.dll
+ 2010-10-13 12:05 . 2010-06-17 15:12 634656 c:\windows\ie7updates\KB2360131-IE7\iexplore.exe
+ 2010-10-13 12:05 . 2010-06-24 12:15 268288 c:\windows\ie7updates\KB2360131-IE7\iertutil.dll
+ 2010-10-13 12:05 . 2010-06-24 12:15 192512 c:\windows\ie7updates\KB2360131-IE7\iepeers.dll
+ 2010-10-13 12:05 . 2010-06-24 12:15 385024 c:\windows\ie7updates\KB2360131-IE7\iedkcs32.dll
+ 2010-10-13 12:05 . 2010-06-24 12:15 380928 c:\windows\ie7updates\KB2360131-IE7\ieapfltr.dll
+ 2010-10-13 12:05 . 2010-06-17 15:11 161792 c:\windows\ie7updates\KB2360131-IE7\ieakui.dll
+ 2010-10-13 12:05 . 2010-06-24 12:15 230400 c:\windows\ie7updates\KB2360131-IE7\ieaksie.dll
+ 2010-10-13 12:05 . 2010-06-24 12:15 153088 c:\windows\ie7updates\KB2360131-IE7\ieakeng.dll
+ 2010-10-13 12:05 . 2010-06-24 12:15 133120 c:\windows\ie7updates\KB2360131-IE7\extmgr.dll
+ 2010-10-13 12:05 . 2010-06-24 12:15 214528 c:\windows\ie7updates\KB2360131-IE7\dxtrans.dll
+ 2010-10-13 12:05 . 2010-06-24 12:15 347136 c:\windows\ie7updates\KB2360131-IE7\dxtmsft.dll
+ 2010-10-13 12:05 . 2010-06-24 12:15 124928 c:\windows\ie7updates\KB2360131-IE7\advpack.dll
+ 2010-10-13 11:17 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
+ 2004-08-03 19:26 . 2010-08-26 11:46 4886528 c:\windows\system32\wmp.dll
+ 2004-08-03 17:47 . 2010-08-31 13:42 1852800 c:\windows\system32\win32k.sys
+ 2004-08-03 19:26 . 2010-09-09 13:38 1168384 c:\windows\system32\urlmon.dll
- 2004-08-03 19:26 . 2010-06-24 12:15 1168384 c:\windows\system32\urlmon.dll
+ 2004-08-03 19:26 . 2010-07-16 12:05 1288192 c:\windows\system32\ole32.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 3601920 c:\windows\system32\mshtml.dll
+ 2007-08-13 13:24 . 2010-09-09 13:38 6075904 c:\windows\system32\ieframe.dll
- 2010-03-25 13:29 . 2010-08-27 19:47 1505288 c:\windows\system32\FNTCACHE.DAT
+ 2010-03-25 13:29 . 2010-10-13 13:45 1505288 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-03 19:26 . 2010-08-26 11:46 4886528 c:\windows\system32\dllcache\wmp.dll
+ 2009-08-14 13:21 . 2010-08-31 13:42 1852800 c:\windows\system32\dllcache\win32k.sys
- 2004-08-03 19:26 . 2010-06-24 12:15 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2010-07-16 12:05 . 2010-07-16 12:05 1288192 c:\windows\system32\dllcache\ole32.dll
+ 2004-08-03 19:26 . 2010-09-09 13:38 3601920 c:\windows\system32\dllcache\mshtml.dll
+ 2010-03-31 15:56 . 2010-09-09 13:38 6075904 c:\windows\system32\dllcache\ieframe.dll
+ 2010-10-07 07:26 . 2010-10-07 07:26 3940864 c:\windows\Installer\64732.msi
+ 2010-08-13 12:29 . 2010-08-13 12:29 8182272 c:\windows\Installer\3e88f7.msp
+ 2010-08-13 12:32 . 2010-08-13 12:32 2545664 c:\windows\Installer\3e88ec.msp
+ 2010-08-23 11:39 . 2010-08-23 11:39 7673344 c:\windows\Installer\3e88e1.msp
+ 2010-10-04 11:02 . 2010-10-04 11:02 5517824 c:\windows\Installer\3e88c9.msp
+ 2010-08-24 04:19 . 2010-08-24 04:19 6825472 c:\windows\Installer\3e88b1.msp
+ 2010-10-13 12:05 . 2010-06-24 12:15 1168384 c:\windows\ie7updates\KB2360131-IE7\urlmon.dll
+ 2010-10-13 12:05 . 2010-06-24 12:15 3600896 c:\windows\ie7updates\KB2360131-IE7\mshtml.dll
+ 2010-10-13 12:05 . 2010-06-24 12:15 6067200 c:\windows\ie7updates\KB2360131-IE7\ieframe.dll
+ 2010-03-30 03:43 . 2010-10-13 11:58 35385288 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-16 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SuperAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- e:\program files\SuperAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\engine\\6\\Intel 32\\iKernel.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/29/2010 5:12 PM 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/29/2010 5:13 PM 95872]
R1 SASDIFSV;SASDIFSV;e:\program files\SuperAntiSpyware\sasdifsv.sys [2/17/2010 11:55 PM 12872]
R1 SASKUTIL;SASKUTIL;e:\program files\SuperAntiSpyware\SASKUTIL.SYS [5/11/2010 12:11 AM 67656]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [3/29/2010 5:12 PM 810120]
R3 es1969;ESS 1969 Audio Driver (WDM);c:\windows\system32\drivers\es1969.sys [3/25/2010 7:03 PM 72192]
.
Contents of the 'Scheduled Tasks' folder

2010-10-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-527237240-1177238915-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 16:39]

2010-10-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-527237240-1177238915-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 16:39]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(528)
e:\program files\SuperAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2704)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-10-16 00:01:27
ComboFix-quarantined-files.txt 2010-10-15 18:31
ComboFix2.txt 2010-10-05 23:07

Pre-Run: 34,445,979,648 bytes free
Post-Run: 34,440,183,808 bytes free

- - End Of File - - 63C29219B1E35FAE565E379CAE3AB32D


MBRCheck

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000007d

Kernel Drivers (total 113):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7C75000 \WINDOWS\system32\KDCOM.DLL
0xF7B85000 \WINDOWS\system32\BOOTVID.dll
0xF7726000 ACPI.sys
0xF7C77000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7715000 pci.sys
0xF7775000 isapnp.sys
0xF7D3D000 pciide.sys
0xF79F5000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7C79000 intelide.sys
0xF7785000 MountMgr.sys
0xF76F6000 ftdisk.sys
0xF7C7B000 dmload.sys
0xF76D0000 dmio.sys
0xF79FD000 PartMgr.sys
0xF7795000 VolSnap.sys
0xF76B8000 atapi.sys
0xF77A5000 disk.sys
0xF77B5000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7698000 fltmgr.sys
0xF7686000 sr.sys
0xF766F000 KSecDD.sys
0xF75E2000 Ntfs.sys
0xF75B5000 NDIS.sys
0xF759B000 Mup.sys
0xF7855000 \SystemRoot\system32\DRIVERS\processr.sys
0xF6FAD000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF6F99000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7A6D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6F75000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7A75000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6F63000 \SystemRoot\system32\drivers\es1969.sys
0xF6F3F000 \SystemRoot\system32\drivers\portcls.sys
0xF7865000 \SystemRoot\system32\drivers\drmk.sys
0xF6F1C000 \SystemRoot\system32\drivers\ks.sys
0xF7A7D000 \SystemRoot\system32\DRIVERS\RTL8139.SYS
0xF7875000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7C09000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7A85000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF6F08000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7885000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7A8D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7A95000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7895000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF78A5000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7E47000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF78B5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7C11000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6D81000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF78C5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF78D5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7A9D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6D70000 \SystemRoot\system32\DRIVERS\psched.sys
0xF78E5000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7AA5000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7AAD000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6D40000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7915000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7C8B000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6CE2000 \SystemRoot\system32\DRIVERS\update.sys
0xF7C2D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7925000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7945000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7C8F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7C55000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xF7ADD000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7C93000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D86000 \SystemRoot\System32\Drivers\Null.SYS
0xF7C95000 \SystemRoot\System32\Drivers\Beep.SYS
0xEDE93000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0xF7AED000 \SystemRoot\System32\drivers\vga.sys
0xF7C97000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7C99000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7AF5000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7AFD000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7097000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEDE60000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEDE07000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEDDDF000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEDDC7000 \SystemRoot\system32\DRIVERS\epfwtdir.sys
0xEDDA5000 \SystemRoot\System32\drivers\afd.sys
0xF7995000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEDD83000 \??\E:\Program Files\SuperAntiSpyware\SASKUTIL.SYS
0xEDD5D000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF79C5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7B0D000 \??\E:\Program Files\SuperAntiSpyware\SASDIFSV.SYS
0xEDD32000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEDCC2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF79E5000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7805000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEDCAA000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7CA7000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6CBA000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7B1D000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7E6B000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF03F000 \SystemRoot\System32\ialmdev5.DLL
0xBF06B000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEDAA8000 \SystemRoot\system32\DRIVERS\eamon.sys
0xEDB6E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xED773000 \SystemRoot\system32\drivers\wdmaud.sys
0xED8D0000 \SystemRoot\system32\drivers\sysaudio.sys
0xED498000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7CB9000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xED3F0000 \SystemRoot\system32\DRIVERS\srv.sys
0xED17F000 \SystemRoot\System32\Drivers\HTTP.sys
0xECF4C000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 27):
0 System Idle Process
4 System
444 C:\WINDOWS\system32\smss.exe
500 csrss.exe
528 C:\WINDOWS\system32\winlogon.exe
572 C:\WINDOWS\system32\services.exe
584 C:\WINDOWS\system32\lsass.exe
736 C:\WINDOWS\system32\svchost.exe
796 svchost.exe
860 C:\WINDOWS\system32\svchost.exe
908 svchost.exe
1012 svchost.exe
1312 C:\WINDOWS\explorer.exe
1392 C:\WINDOWS\system32\spoolsv.exe
1512 C:\WINDOWS\system32\igfxtray.exe
1528 C:\WINDOWS\system32\hkcmd.exe
1540 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1552 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
1608 C:\WINDOWS\system32\ctfmon.exe
1800 svchost.exe
1836 C:\Program Files\Bonjour\mDNSResponder.exe
1868 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
1928 C:\Program Files\Java\jre6\bin\jqs.exe
2036 C:\WINDOWS\system32\svchost.exe
756 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
2200 E:\Program Files\Opera\opera.exe
2980 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000009`c3dcd400 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000013`87b92a00 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x0000001d`4b958000 (NTFS)

PhysicalDrive0 Model Number: ST3160215A, Rev: 3.AAD

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

Thanks,
Ruth.
 
MBRCheck looks good :)

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
Folder::
c:\documents and settings\All Users\Application Data\SITEguard
c:\program files\Common Files\iS3
c:\documents and settings\All Users\Application Data\STOPzilla!


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Combofix didn't ask to reboot.

Here is the log:


ComboFix 10-10-14.04 - Administrator 10/16/2010 3:48.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.382.215 [GMT 5.5:30]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\SITEguard
c:\documents and settings\All Users\Application Data\SITEguard\siteguard.db
c:\documents and settings\All Users\Application Data\STOPzilla!
c:\documents and settings\All Users\Application Data\STOPzilla!\modules_scanned.db
c:\documents and settings\All Users\Application Data\STOPzilla!\modules_scanned.db.bak
c:\documents and settings\All Users\Application Data\STOPzilla!\scanner.log
c:\documents and settings\All Users\Application Data\STOPzilla!\sgdefs.db
c:\documents and settings\All Users\Application Data\STOPzilla!\sgdwc.db
c:\documents and settings\All Users\Application Data\STOPzilla!\userdata.db
c:\documents and settings\All Users\Application Data\STOPzilla!\zilla5.log
c:\program files\Common Files\iS3
c:\program files\Common Files\iS3\Anti-Spyware\sgdfull.rsf

.
((((((((((((((((((((((((( Files Created from 2010-09-15 to 2010-10-15 )))))))))))))))))))))))))))))))
.

2010-10-13 12:04 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-13 11:16 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-13 09:48 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 09:48 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-05 21:16 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 12:40 . 2010-09-22 12:40 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-09-18 06:53 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42u.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((( SnapShot_2010-10-15_18.27.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-15 21:38 . 2010-10-15 21:38 16384 c:\windows\Temp\Perflib_Perfdata_130.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-16 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SuperAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- e:\program files\SuperAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\engine\\6\\Intel 32\\iKernel.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/29/2010 5:12 PM 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/29/2010 5:13 PM 95872]
R1 SASDIFSV;SASDIFSV;e:\program files\SuperAntiSpyware\sasdifsv.sys [2/17/2010 11:55 PM 12872]
R1 SASKUTIL;SASKUTIL;e:\program files\SuperAntiSpyware\SASKUTIL.SYS [5/11/2010 12:11 AM 67656]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [3/29/2010 5:12 PM 810120]
R3 es1969;ESS 1969 Audio Driver (WDM);c:\windows\system32\drivers\es1969.sys [3/25/2010 7:03 PM 72192]
.
Contents of the 'Scheduled Tasks' folder

2010-10-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-527237240-1177238915-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 16:39]

2010-10-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-527237240-1177238915-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 16:39]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(532)
e:\program files\SuperAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2010-10-16 03:56:56
ComboFix-quarantined-files.txt 2010-10-15 22:26
ComboFix2.txt 2010-10-15 18:31
ComboFix3.txt 2010-10-05 23:07

Pre-Run: 34,460,979,200 bytes free
Post-Run: 34,451,644,416 bytes free

- - End Of File - - E497CDCA3CE20D64775378432424FC96


Thanks,
Ruth.
 
How is redirection?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Browsers still getting redirected :(




OTL logfile created on: 10/16/2010 12:46:28 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.00 Mb Total Physical Memory | 225.00 Mb Available Physical Memory | 59.00% Memory free
542.00 Mb Paging File | 348.00 Mb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 32.22 Gb Free Space | 82.49% Space Free | Partition Type: NTFS
Drive E: | 39.06 Gb Total Space | 26.69 Gb Free Space | 68.33% Space Free | Partition Type: NTFS
Drive F: | 39.06 Gb Total Space | 25.43 Gb Free Space | 65.09% Space Free | Partition Type: NTFS
Drive G: | 31.86 Gb Total Space | 31.78 Gb Free Space | 99.75% Space Free | Partition Type: NTFS

Computer Name: SHRUTHI-B041522 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/16 12:44:53 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/04/16 13:28:24 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/29 17:12:18 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010/03/29 17:11:50 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/04/14 05:42:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/10/16 12:44:53 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/23 21:42:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/14 05:40:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/04/16 12:54:28 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/29 17:16:36 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/03/29 17:12:18 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2009/03/04 11:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/05/11 00:11:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Program Files\SuperAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/29 17:13:44 | 000,095,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010/03/29 17:12:00 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/03/29 17:07:30 | 000,140,216 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/02/17 23:55:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Program Files\SuperAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/02/09 07:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 07:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 07:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 07:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/14 00:15:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/04 04:01:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 17:49:58 | 000,072,192 | ---- | M] (ESS Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1969.sys -- (es1969) ESS 1969 Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/06/11 18:00:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/04/12 23:07:05 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/10/16 03:53:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - E:\Program Files\SuperAntiSpyware\SASWINLO.DLL - E:\Program Files\SuperAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Program Files\SuperAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/26 03:13:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/16 12:44:20 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/10/16 03:46:22 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/10/14 01:48:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder
[2010/10/07 12:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2010/10/06 04:27:01 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/06 04:24:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/06 04:24:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/06 04:24:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/06 04:24:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/06 04:24:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/06 04:23:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/21 14:14:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Phone Browser
[2010/08/06 03:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\PicPick
[2010/07/25 12:15:16 | 000,000,000 | ---D | C] -- C:\Program Files\ReflexiveArcade
[2010/07/24 15:55:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Youtube Downloader HD

========== Files - Modified Within 90 Days ==========

[2010/10/16 12:44:53 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/10/16 12:31:31 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-583907252-527237240-1177238915-500.job
[2010/10/16 12:31:27 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-527237240-1177238915-500.job
[2010/10/16 12:30:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/16 03:53:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/15 23:47:11 | 003,878,824 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/10/15 23:43:54 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
[2010/10/13 19:15:06 | 001,505,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/13 17:36:08 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/06 04:27:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/06 02:21:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/06 00:02:09 | 000,001,400 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/10/06 00:00:27 | 000,000,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2010/10/01 22:25:56 | 007,410,699 | ---- | M] () -- E:\My Documents\Flex Effect Third Edition.part2.rar
[2010/09/26 19:20:41 | 007,395,301 | ---- | M] () -- E:\My Documents\cyber-shot.pdf
[2010/09/16 11:41:21 | 000,008,511 | ---- | M] () -- E:\My Documents\day3code.zip
[2010/09/15 17:21:06 | 000,047,616 | ---- | M] () -- E:\My Documents\Nageshwara_Rao_LEASE_DEED_DA.doc
[2010/09/14 18:10:04 | 000,000,498 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/09/14 01:46:14 | 001,509,929 | ---- | M] () -- E:\My Documents\HomespunBride.pdf
[2010/09/14 01:42:14 | 001,749,036 | ---- | M] () -- E:\My Documents\HisLadyMistress.pdf
[2010/09/14 01:36:40 | 002,086,921 | ---- | M] () -- E:\My Documents\APassionToDieFor.pdf
[2010/09/14 01:35:18 | 001,716,439 | ---- | M] () -- E:\My Documents\IrresistibleForces.pdf
[2010/09/12 18:23:48 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/12 18:23:48 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/03 19:40:22 | 000,193,729 | ---- | M] () -- E:\My Documents\Image0268.jpg
[2010/08/30 14:29:04 | 000,067,584 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/07 16:19:11 | 000,206,876 | ---- | M] () -- E:\My Documents\physics_syllabus.pdf
[2010/08/06 19:19:47 | 042,683,031 | ---- | M] () -- E:\My Documents\Origami Lotus Flower Instructions_(360p).mp4
[2010/07/30 23:58:34 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010/07/30 23:58:32 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

========== Files Created - No Company Name ==========

[2010/10/15 23:44:38 | 003,878,824 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/10/15 23:43:54 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
[2010/10/06 04:27:07 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/06 04:27:04 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/06 04:24:25 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/06 04:24:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/06 04:24:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/06 04:24:25 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/06 04:24:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/06 00:00:13 | 000,000,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2010/10/05 23:59:22 | 000,001,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/10/01 22:09:25 | 007,410,699 | ---- | C] () -- E:\My Documents\Flex Effect Third Edition.part2.rar
[2010/09/27 02:22:02 | 007,395,301 | ---- | C] () -- E:\My Documents\cyber-shot.pdf
[2010/09/22 22:37:34 | 000,008,511 | ---- | C] () -- E:\My Documents\day3code.zip
[2010/09/16 12:33:49 | 000,047,616 | ---- | C] () -- E:\My Documents\Nageshwara_Rao_LEASE_DEED_DA.doc
[2010/09/14 18:10:04 | 000,000,498 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/09/14 04:21:19 | 001,749,036 | ---- | C] () -- E:\My Documents\HisLadyMistress.pdf
[2010/09/14 04:21:18 | 002,086,921 | ---- | C] () -- E:\My Documents\APassionToDieFor.pdf
[2010/09/14 04:21:17 | 001,716,439 | ---- | C] () -- E:\My Documents\IrresistibleForces.pdf
[2010/09/14 04:21:16 | 001,509,929 | ---- | C] () -- E:\My Documents\HomespunBride.pdf
[2010/09/07 04:48:27 | 000,193,729 | ---- | C] () -- E:\My Documents\Image0268.jpg
[2010/09/01 00:11:23 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-583907252-527237240-1177238915-500.job
[2010/09/01 00:11:22 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-527237240-1177238915-500.job
[2010/08/12 04:30:01 | 000,206,876 | ---- | C] () -- E:\My Documents\physics_syllabus.pdf
[2010/08/12 04:29:57 | 042,683,031 | ---- | C] () -- E:\My Documents\Origami Lotus Flower Instructions_(360p).mp4
[2010/07/30 23:58:34 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010/07/30 23:58:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/03/27 02:33:09 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6e.DLL
[2010/03/27 02:19:45 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\drivers\service.ini
[2010/03/27 01:22:39 | 000,006,067 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/03/27 01:22:34 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/03/26 09:39:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/03/26 05:49:59 | 000,067,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/25 19:01:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/03 15:07:42 | 000,667,136 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2003/01/08 04:35:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/06/26 14:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Big Fish Games
[2010/05/17 17:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Braintonik
[2010/09/12 15:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileZilla
[2010/06/11 02:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FloodLightGames
[2010/06/26 01:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gamelab
[2010/06/11 18:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2010/03/28 13:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2010/06/11 18:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2010/07/25 12:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Playrix Entertainment
[2010/04/27 23:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SpinTop Games
[2010/07/24 18:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Youtube Downloader HD
[2010/07/01 02:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Awem
[2010/04/14 21:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games Vancouver
[2010/07/05 09:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brainiversity2
[2010/05/17 17:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Braintonik
[2010/04/12 23:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/06/11 02:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames
[2010/05/19 14:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/06/11 17:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/04/29 10:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2010/07/14 01:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2010/06/11 18:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/05/31 10:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Princess Isabella
[2010/07/25 12:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/10 16:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/03/26 03:13:21 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/03/26 03:06:27 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/10/06 04:27:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/10/16 03:56:57 | 000,005,994 | ---- | M] () -- C:\ComboFix.txt
[2010/03/26 03:13:21 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/03/26 03:13:21 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/26 03:13:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 22:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/04/06 14:33:21 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/16 12:43:39 | 206,569,472 | -HS- | M] () -- C:\pagefile.sys
[2010/10/05 21:40:52 | 000,002,252 | ---- | M] () -- C:\rapport.txt

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/03/26 03:12:29 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2004/04/23 10:30:00 | 000,017,920 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD6e.DLL
[2004/04/23 10:30:00 | 000,054,272 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP6e.DLL
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/03/25 18:56:33 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/03/25 18:56:33 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/03/25 18:56:33 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/04/06 14:56:16 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/03/26 03:19:24 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/03/26 03:19:23 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/10/15 23:47:11 | 003,878,824 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/10/15 23:43:54 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
[2010/10/16 12:44:53 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/03/26 03:19:23 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/10/15 22:59:48 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Administrator\Cookies\desktop.ini
[2010/10/16 12:31:03 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Administrator\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/14 05:42:38 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 05:41:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 14:36:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 14:36:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 19:31:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 23:00:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 05:42:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 23:37:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 23:37:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 23:37:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 14:36:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 14:36:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8011787
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:354E094D

< End of report >
 
Sorry if this is a double post. The post was over 50000 characters, so I tried to post the logs in 2 posts, and now I am being moderated!

Here is the OTL Extras log:

OTL Extras logfile created on: 10/16/2010 12:46:28 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.00 Mb Total Physical Memory | 225.00 Mb Available Physical Memory | 59.00% Memory free
542.00 Mb Paging File | 348.00 Mb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 32.22 Gb Free Space | 82.49% Space Free | Partition Type: NTFS
Drive E: | 39.06 Gb Total Space | 26.69 Gb Free Space | 68.33% Space Free | Partition Type: NTFS
Drive F: | 39.06 Gb Total Space | 25.43 Gb Free Space | 65.09% Space Free | Partition Type: NTFS
Drive G: | 31.86 Gb Total Space | 31.78 Gb Free Space | 99.75% Space Free | Partition Type: NTFS

Computer Name: SHRUTHI-B041522 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files\VLC media player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VLC media player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\iKernel.exe" = C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\iKernel.exe:*:Enabled:ipsec -- (InstallShield Software Corporation)
"E:\Program Files\Opera\opera.exe" = E:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe" = C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{66377DF8-960A-4199-AD92-A3323B5DCD5D}" = Delicious Deluxe Winter
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}" = Nokia PC Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{B91B4988-2671-4C7A-9B84-5FE9E38EDDE0}" = ESET NOD32 Antivirus
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BF01A2F5-5199-4ECB-8CA5-A93D3E88B731}" = Office Genuine Advantage Validation 2.0.48.0 Cracked V3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Chuzzle Deluxe" = Chuzzle Deluxe
"D978F69D5F15B845BD6BC6F8BF9BCD36982A2087" = Windows Driver Package - Nokia Modem (02/24/2009 4.0)
"E7F682214B951640C9C539C41FDA1A7F836FF7B6" = Windows Driver Package - Nokia Modem (02/23/2009 7.01.0.2)
"FileZilla Client" = FileZilla Client 3.3.2.1
"Guitar Pro 5_is1" = Guitar Pro 5.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"jZip" = jZip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"Office Genuine Advantage Validation 2.0.48.0 Cracked V3" = Office Genuine Advantage Validation 2.0.48.0 Cracked V3
"PicPick" = PicPick
"PSPad editor_is1" = PSPad editor
"RealPlayer 12.0" = RealPlayer
"Romance of Rome 1.00" = Romance of Rome 1.00
"VLC media player" = VLC media player 1.0.5
"WampServer 2_is1" = WampServer 2.0
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.1.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/25/2010 4:16:03 PM | Computer Name = SHRUTHI-B041522 | Source = Application Error | ID = 1000
Description = Faulting application play.exe, version 1.0.7.1, faulting module play.exe,
version 1.0.7.1, fault address 0x001bf2aa.

Error - 6/25/2010 11:37:53 PM | Computer Name = SHRUTHI-B041522 | Source = Application Error | ID = 1000
Description = Faulting application delicious4.exe, version 1.0.8.29324, faulting
module delicious4.exe, version 1.0.8.29324, fault address 0x001e4576.

Error - 6/26/2010 12:57:04 AM | Computer Name = SHRUTHI-B041522 | Source = Application Error | ID = 1000
Description = Faulting application delicious4.exe, version 1.0.8.29324, faulting
module delicious4.exe, version 1.0.8.29324, fault address 0x0028fcb4.

Error - 6/27/2010 3:52:30 PM | Computer Name = SHRUTHI-B041522 | Source = Application Error | ID = 1000
Description = Faulting application play.exe, version 1.0.7.1, faulting module play.exe,
version 1.0.7.1, fault address 0x000bec6b.

Error - 7/3/2010 8:59:54 AM | Computer Name = SHRUTHI-B041522 | Source = Application Error | ID = 1000
Description = Faulting application delicious4.exe, version 1.0.8.29324, faulting
module delicious4.exe, version 1.0.8.29324, fault address 0x001e4576.

Error - 7/25/2010 2:40:20 AM | Computer Name = SHRUTHI-B041522 | Source = Application Error | ID = 1000
Description = Faulting application deliciousemilytea.exe, version 1.1.0.0, faulting
module deliciousemilytea.exe, version 1.1.0.0, fault address 0x001b68c5.

Error - 7/26/2010 8:24:19 AM | Computer Name = SHRUTHI-B041522 | Source = Application Error | ID = 1000
Description = Faulting application opera.exe, version 10.10.1893.0, faulting module
unknown, version 0.0.0.0, fault address 0x01d22323.

Error - 7/27/2010 5:51:20 AM | Computer Name = SHRUTHI-B041522 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 7/29/2010 2:57:51 AM | Computer Name = SHRUTHI-B041522 | Source = Application Error | ID = 1000
Description = Faulting application delicious4.exe, version 1.0.8.29324, faulting
module delicious4.exe, version 1.0.8.29324, fault address 0x001e4576.

Error - 7/29/2010 2:58:11 AM | Computer Name = SHRUTHI-B041522 | Source = Application Error | ID = 1000
Description = Faulting application delicious4.exe, version 1.0.8.29324, faulting
module delicious4.exe, version 1.0.8.29324, fault address 0x001e4576.

[ System Events ]
Error - 10/13/2010 2:51:49 AM | Computer Name = SHRUTHI-B041522 | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c000001d, parameter2 f6fd5ec1, parameter3
ee6398a0, parameter4 00000000.

Error - 10/13/2010 6:47:47 AM | Computer Name = SHRUTHI-B041522 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 0030F11FCE8C has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/14/2010 3:28:13 AM | Computer Name = SHRUTHI-B041522 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.6 for the Network Card with network
address 0030F11FCE8C has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/14/2010 10:32:11 AM | Computer Name = SHRUTHI-B041522 | Source = Service Control Manager | ID = 7034
Description = The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated
unexpectedly. It has done this 1 time(s).

Error - 10/14/2010 10:32:11 AM | Computer Name = SHRUTHI-B041522 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/14/2010 7:08:34 PM | Computer Name = SHRUTHI-B041522 | Source = Service Control Manager | ID = 7034
Description = The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated
unexpectedly. It has done this 1 time(s).

Error - 10/14/2010 7:08:34 PM | Computer Name = SHRUTHI-B041522 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/15/2010 2:25:16 AM | Computer Name = SHRUTHI-B041522 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0030F11FCE8C has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/15/2010 10:23:00 AM | Computer Name = SHRUTHI-B041522 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 0030F11FCE8C has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/16/2010 3:01:02 AM | Computer Name = SHRUTHI-B041522 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
address 0030F11FCE8C has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >
 
Which browser is getting redirected?

You have very little of RAM:
382.00 Mb Total Physical Memory
Your computer would greatly benefit from adding more RAM.

======================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/reso...an8/oscan8.cab (Reg Error: Key error.)
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8011787
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:354E094D
    
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
 
Both I.E and Opera are getting redirected.

Here is the OTL log:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Starting removal of ActiveX control {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
C:\WINDOWS\Downloaded Program Files\oscan8.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B8011787 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:354E094D deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 9257236 bytes
->Temporary Internet Files folder emptied: 423979 bytes
->Java cache emptied: 2027 bytes
->Opera cache emptied: 4547685 bytes
->Flash cache emptied: 3993 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 511 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 14.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.15.2 log created on 10182010_013758

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Thanks a lot for your help.
Ruth.
 
Your router may be infected.

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
Restart computer and check for redirections.

NOTE. You may need to re-check your router security settings, as described HERE
 
Sorry for the delay in responding. I had lost my internet password, and so had to call my ISP to reset it.

Both IE and Opera are still getting redirected. I did the commands and router reset twice.

What do I do now?

Thanks a lot for all your help,
Ruth.

Edit: This redirect doesn't happen on my laptop. Same router, but wireless. Don't know if this is relevant info?
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
There were no infections, no suspicious files, no reboot required. Here is the log:

2010/10/20 13:32:34.0171 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/20 13:32:34.0171 ================================================================================
2010/10/20 13:32:34.0171 SystemInfo:
2010/10/20 13:32:34.0171
2010/10/20 13:32:34.0171 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/20 13:32:34.0171 Product type: Workstation
2010/10/20 13:32:34.0171 ComputerName: SHRUTHI-B041522
2010/10/20 13:32:34.0171 UserName: Administrator
2010/10/20 13:32:34.0171 Windows directory: C:\WINDOWS
2010/10/20 13:32:34.0171 System windows directory: C:\WINDOWS
2010/10/20 13:32:34.0171 Processor architecture: Intel x86
2010/10/20 13:32:34.0171 Number of processors: 1
2010/10/20 13:32:34.0171 Page size: 0x1000
2010/10/20 13:32:34.0171 Boot type: Normal boot
2010/10/20 13:32:34.0171 ================================================================================
2010/10/20 13:32:35.0031 Initialize success
2010/10/20 13:32:39.0859 ================================================================================
2010/10/20 13:32:39.0859 Scan started
2010/10/20 13:32:39.0859 Mode: Manual;
2010/10/20 13:32:39.0859 ================================================================================
2010/10/20 13:32:41.0640 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/20 13:32:41.0796 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/20 13:32:42.0062 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/20 13:32:42.0234 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/20 13:32:43.0328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/20 13:32:43.0500 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/20 13:32:43.0703 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/20 13:32:43.0843 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/20 13:32:43.0984 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/20 13:32:44.0250 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/20 13:32:44.0515 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/20 13:32:44.0718 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/20 13:32:44.0859 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/20 13:32:45.0656 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/20 13:32:45.0843 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/20 13:32:46.0046 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/20 13:32:46.0218 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/20 13:32:46.0343 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/20 13:32:46.0656 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/20 13:32:46.0781 eamon (4094e23a8dcd947f8f0f762d0630f4ac) C:\WINDOWS\system32\DRIVERS\eamon.sys
2010/10/20 13:32:46.0953 ehdrv (0fc7f6be889a747b1d0edfe4c58e487b) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2010/10/20 13:32:47.0125 epfwtdir (5d8d0d9b78fb21bfb3f2ca97d41ea4ca) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2010/10/20 13:32:47.0265 es1969 (b9f03760af557348e17a5bb5ffeb73c0) C:\WINDOWS\system32\drivers\es1969.sys
2010/10/20 13:32:47.0468 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/20 13:32:47.0640 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/20 13:32:47.0796 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/20 13:32:47.0953 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/20 13:32:48.0093 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/20 13:32:48.0265 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/20 13:32:48.0390 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/20 13:32:48.0562 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/10/20 13:32:48.0687 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/20 13:32:48.0984 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/20 13:32:49.0359 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/20 13:32:49.0562 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/10/20 13:32:49.0718 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/20 13:32:50.0015 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/20 13:32:50.0125 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/20 13:32:50.0281 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/20 13:32:50.0421 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/20 13:32:50.0578 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/20 13:32:50.0750 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/20 13:32:50.0875 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/20 13:32:51.0031 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/20 13:32:51.0171 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/20 13:32:51.0312 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/20 13:32:51.0453 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/20 13:32:51.0796 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/20 13:32:51.0968 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/20 13:32:52.0156 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/20 13:32:52.0281 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/20 13:32:52.0562 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/20 13:32:52.0734 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/20 13:32:52.0937 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/20 13:32:53.0078 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/20 13:32:53.0234 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/20 13:32:53.0390 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/20 13:32:53.0546 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/20 13:32:53.0703 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/20 13:32:53.0890 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/20 13:32:54.0046 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/20 13:32:54.0171 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/20 13:32:54.0328 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/20 13:32:54.0468 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/20 13:32:54.0593 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/20 13:32:54.0734 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/20 13:32:54.0968 nmwcd (4a8a2aa0706b659175169decf198e9d7) C:\WINDOWS\system32\drivers\ccdcmb.sys
2010/10/20 13:32:55.0109 nmwcdc (fd3e61831095ac62e6840d986b5a2016) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2010/10/20 13:32:55.0234 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/20 13:32:55.0406 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/20 13:32:55.0593 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/20 13:32:55.0734 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/20 13:32:55.0875 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/20 13:32:56.0046 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/20 13:32:56.0171 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/20 13:32:56.0312 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/20 13:32:56.0453 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/10/20 13:32:56.0593 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/20 13:32:56.0906 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/20 13:32:57.0062 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/20 13:32:57.0906 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/20 13:32:58.0062 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/10/20 13:32:58.0203 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/20 13:32:58.0328 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/20 13:32:58.0953 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/20 13:32:59.0093 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/20 13:32:59.0234 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/20 13:32:59.0390 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/20 13:32:59.0578 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/20 13:32:59.0718 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/20 13:32:59.0859 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/20 13:33:00.0062 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/20 13:33:00.0218 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/20 13:33:00.0437 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/10/20 13:33:00.0609 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) E:\Program Files\SuperAntiSpyware\SASDIFSV.SYS
2010/10/20 13:33:00.0750 SASKUTIL (61db0d0756a99506207fd724e3692b25) E:\Program Files\SuperAntiSpyware\SASKUTIL.SYS
2010/10/20 13:33:00.0937 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/20 13:33:01.0125 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/20 13:33:01.0265 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/20 13:33:01.0453 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/20 13:33:01.0843 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/20 13:33:02.0015 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/20 13:33:02.0187 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/20 13:33:02.0406 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/20 13:33:02.0531 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/20 13:33:03.0171 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/20 13:33:03.0343 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/20 13:33:03.0546 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/20 13:33:03.0718 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/20 13:33:03.0859 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/20 13:33:04.0218 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/20 13:33:04.0484 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/20 13:33:04.0671 upperdev (587e643a4e2ffd9a00f114b057ceb773) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2010/10/20 13:33:04.0859 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/20 13:33:05.0015 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/20 13:33:05.0171 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/20 13:33:05.0359 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/20 13:33:05.0515 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2010/10/20 13:33:05.0671 UsbserFilt (fca6a196d47cb972a0e4adc0db9cd17c) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2010/10/20 13:33:05.0812 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/20 13:33:05.0953 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/20 13:33:06.0125 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/20 13:33:06.0375 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/20 13:33:06.0609 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/20 13:33:06.0843 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/10/20 13:33:07.0171 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/20 13:33:07.0671 ================================================================================
2010/10/20 13:33:07.0671 Scan finished
2010/10/20 13:33:07.0671 ================================================================================
 
Yes!!!!

Finally the redirect is gone. Broni, thank you, thank you, thank you :)

Edit:
The opendns was making my internet connection slow, so I decided to give resetting the modem another go. This time I not only disconnected the modem from my computer, but also switched off the power supply for a while. And then reset it.

I am happy to say the redirect is not happening, even without using the opendns.

Thank you, Broni for your endless patience and help.

Edit #2:
The redirect is back. How can I remove this thing for good?
 
I think, you did reset incorrectly.
We're talking here about resetting router, not modem.
Please, re-read my reply #13 and proceed accordingly.
Disconnecting router from power source is not enough.
 
We're almost there :)

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Here is the Security Check log:

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET NOD32 Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.82.76
Adobe Reader 9.4.0
````````````````````````````````
Process Check:
objlist.exe by Laurent

````````````````````````````````
DNS Vulnerability Check:

Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````



Eset Node32 is my regular anti-virus, still the online scan detected this:

C:\Qoobox\Quarantine\C\WINDOWS\system32\setup.ini.vir INF/Autorun virus
 
Oh, I didn't see your Eset report.
That file is in Combofix quarantine folder (safe).
Combofix folder will be removed anyway in one of our next, last steps...

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.
 
Status
Not open for further replies.
Back