TechSpot

Browser getting redirected. SZKGFS.dat?

Solved
By Ruth15
Oct 13, 2010
  1. Hi,

    Some websites are getting redirected to searchportal.information.com on my browsers (both Opera and IE).

    I use ESET Node32 antivirus. I have tried scanning with Malwarebytes, Superantispyware, Windows security essentials, Smitfraud and Combofix - none of them detected anything, and none of them could resolve the redirection issue.

    Today I noticed a file called SZKGFS.dat in each of my hard drive folders. While searching for more info on the SZKGFS.dat, I landed here.

    I hope someone can help me get rid of the redirection, and this malware.

    Thanks,
    Ruth.
     
  2. Broni

    Broni Malware Annihilator Posts: 48,033   +271

  3. Ruth15

    Ruth15 TS Rookie Topic Starter

    Hi,

    The GMER took a long time to scan, but all done, and here are the logs:

    GMER:

    GMER 1.0.15.15315 - http://www.gmer.net
    Rootkit scan 2010-10-15 01:43:43
    Windows 5.1.2600 Service Pack 3
    Running: nkhekiqv.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwwiifob.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xEDE9F610]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xEDE9FC10]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xEDE9F730]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xEDE9F4B0]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xEDE9F570]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xEDE9F6D0]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xEDE9F690]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xEDE9F650]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xEDE9F7D0]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xEDE9F510]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xEDE9F590]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xEDE9F4D0]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xEDE9F5D0]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xEDE9F750]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 8 Bytes JMP 6A43BB9E
    .text ntoskrnl.exe!_abnormal_termination + 450 804E2ABC 8 Bytes JMP 6A43FBAE

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1844] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
    AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
    AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

    ---- EOF - GMER 1.0.15 ----


    MBAM

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 3982

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    10/14/2010 9:38:30 PM
    mbam-log-2010-10-14 (21-38-30).txt

    Scan type: Quick scan
    Objects scanned: 99400
    Time elapsed: 6 minute(s), 42 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    DDS

    DDS (Ver_10-10-10.03) - NTFSx86
    Run by Administrator at 4:35:28.59 on Fri 10/15/2010
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.382.144 [GMT 5.5:30]

    AV: ESET NOD32 Antivirus 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    svchost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Documents and Settings\Administrator\Desktop\dds.pif

    ============== Pseudo HJT Report ===============

    uInternet Settings,ProxyOverride = *.local
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Notify: !SASWinLogon - e:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxsrvc.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - e:\program files\superantispyware\SASSEH.DLL

    ============= SERVICES / DRIVERS ===============

    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-3-29 114984]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-3-29 95872]
    R1 SASDIFSV;SASDIFSV;e:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;e:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
    R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-3-29 810120]
    R3 es1969;ESS 1969 Audio Driver (WDM);c:\windows\system32\drivers\es1969.sys [2010-3-25 72192]

    =============== Created Last 30 ================

    2010-10-13 12:04:52 221184 ----a-w- c:\windows\system32\wmpns.dll
    2010-10-13 11:16:59 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2010-10-13 09:48:29 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-13 09:48:27 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-05 22:57:01 -------- d-sha-r- C:\cmdcons
    2010-10-05 22:54:25 98816 ----a-w- c:\windows\sed.exe
    2010-10-05 22:54:25 77312 ----a-w- c:\windows\MBR.exe
    2010-10-05 22:54:25 256512 ----a-w- c:\windows\PEV.exe
    2010-10-05 22:54:25 161792 ----a-w- c:\windows\SWREG.exe
    2010-10-05 21:16:22 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-05 17:46:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
    2010-10-05 17:45:01 -------- d-----w- c:\program files\common files\iS3
    2010-10-05 17:44:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
    2010-09-22 12:40:52 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    2010-09-18 06:53:26 974848 -c----w- c:\windows\system32\dllcache\mfc42u.dll

    ==================== Find3M ====================

    2010-09-18 06:53:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-09-09 13:38:01 1830912 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-09-09 13:38:00 17408 ------w- c:\windows\system32\corpol.dll
    2010-09-08 15:57:57 389120 ----a-w- c:\windows\system32\html.iec
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

    ============= FINISH: 4:36:31.65 ===============



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-10.03)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/26/2010 3:17:34 AM
    System Uptime: 10/14/2010 8:04:02 PM (8 hours ago)

    Motherboard: Intel Corporation | | D845GLLY
    Processor: Intel(R) Pentium(R) 4 CPU 1.80GHz | X1 | 1799/100mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 39 GiB total, 29.909 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 39 GiB total, 26.201 GiB free.
    F: is FIXED (NTFS) - 39 GiB total, 24.726 GiB free.
    G: is FIXED (NTFS) - 32 GiB total, 31.778 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: PCI Modem
    Device ID: PCI\VEN_134D&DEV_7896&SUBSYS_0001150D&REV_02\4&2AF9ED5&0&10F0
    Manufacturer:
    Name: PCI Modem
    PNP Device ID: PCI\VEN_134D&DEV_7896&SUBSYS_0001150D&REV_02\4&2AF9ED5&0&10F0
    Service:

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Multimedia Audio Controller
    Device ID: PCI\VEN_8086&DEV_24C5&SUBSYS_03038086&REV_01\3&267A616A&0&FD
    Manufacturer:
    Name: Multimedia Audio Controller
    PNP Device ID: PCI\VEN_8086&DEV_24C5&SUBSYS_03038086&REV_01\3&267A616A&0&FD
    Service:

    ==== System Restore Points ===================

    RP121: 7/21/2010 7:17:04 PM - System Checkpoint
    RP122: 7/22/2010 7:59:26 PM - System Checkpoint
    RP123: 7/24/2010 10:54:52 AM - System Checkpoint
    RP124: 7/26/2010 6:11:55 PM - System Checkpoint
    RP125: 7/27/2010 6:14:16 PM - System Checkpoint
    RP126: 7/28/2010 8:49:44 PM - System Checkpoint
    RP127: 7/29/2010 11:55:10 PM - System Checkpoint
    RP128: 7/30/2010 11:58:07 PM - Installed Windows XP Wdf01007.
    RP129: 8/2/2010 11:33:56 PM - System Checkpoint
    RP130: 8/4/2010 8:30:11 PM - System Checkpoint
    RP131: 8/5/2010 9:18:59 PM - System Checkpoint
    RP132: 8/7/2010 5:08:00 PM - System Checkpoint
    RP133: 8/8/2010 10:41:24 PM - System Checkpoint
    RP134: 8/9/2010 6:07:03 PM - Software Distribution Service 3.0
    RP135: 8/10/2010 11:22:30 PM - System Checkpoint
    RP136: 8/12/2010 11:54:37 AM - System Checkpoint
    RP137: 8/12/2010 1:41:02 PM - Software Distribution Service 3.0
    RP138: 8/13/2010 4:42:22 PM - System Checkpoint
    RP139: 8/15/2010 6:06:21 PM - System Checkpoint
    RP140: 8/16/2010 7:58:49 PM - System Checkpoint
    RP141: 8/17/2010 8:45:27 PM - System Checkpoint
    RP142: 8/19/2010 12:33:10 AM - System Checkpoint
    RP143: 8/20/2010 1:18:32 AM - System Checkpoint
    RP144: 8/21/2010 6:57:43 PM - System Checkpoint
    RP145: 8/22/2010 7:07:10 PM - System Checkpoint
    RP146: 8/24/2010 10:22:04 PM - System Checkpoint
    RP147: 8/25/2010 11:33:25 PM - System Checkpoint
    RP148: 8/27/2010 11:18:24 AM - System Checkpoint
    RP149: 8/28/2010 2:38:25 PM - System Checkpoint
    RP150: 8/29/2010 9:41:33 PM - System Checkpoint
    RP151: 8/31/2010 11:42:56 AM - System Checkpoint
    RP152: 9/1/2010 2:02:45 PM - System Checkpoint
    RP153: 9/3/2010 3:58:15 PM - System Checkpoint
    RP154: 9/4/2010 11:50:24 PM - System Checkpoint
    RP155: 9/6/2010 5:29:10 PM - System Checkpoint
    RP156: 9/7/2010 5:38:46 PM - System Checkpoint
    RP157: 9/8/2010 6:37:09 PM - System Checkpoint
    RP158: 9/9/2010 10:03:51 PM - System Checkpoint
    RP159: 9/10/2010 11:48:41 PM - System Checkpoint
    RP160: 9/12/2010 1:14:54 PM - System Checkpoint
    RP161: 9/13/2010 6:05:41 PM - System Checkpoint
    RP162: 9/14/2010 6:09:34 PM - Removed Opera 10.10.
    RP163: 9/14/2010 6:09:51 PM - Installed Opera 10.62.
    RP164: 9/15/2010 6:20:06 PM - System Checkpoint
    RP165: 9/16/2010 1:54:23 AM - Software Distribution Service 3.0
    RP166: 9/16/2010 11:41:08 AM - Software Distribution Service 3.0
    RP167: 9/18/2010 9:24:30 PM - System Checkpoint
    RP168: 9/19/2010 10:02:48 PM - System Checkpoint
    RP169: 9/20/2010 11:01:22 PM - System Checkpoint
    RP170: 9/22/2010 1:05:47 AM - System Checkpoint
    RP171: 9/23/2010 7:27:04 PM - System Checkpoint
    RP172: 9/24/2010 10:15:53 PM - System Checkpoint
    RP173: 9/25/2010 11:25:30 PM - System Checkpoint
    RP174: 9/27/2010 12:38:07 AM - System Checkpoint
    RP175: 9/28/2010 8:59:11 PM - System Checkpoint
    RP176: 9/29/2010 9:28:10 PM - System Checkpoint
    RP177: 9/30/2010 5:07:43 AM - Software Distribution Service 3.0
    RP178: 10/1/2010 10:24:05 AM - System Checkpoint
    RP179: 10/2/2010 4:14:00 PM - System Checkpoint
    RP180: 10/3/2010 9:53:07 PM - System Checkpoint
    RP181: 10/4/2010 10:57:55 PM - Removed Agatha Christie - Death on the Nile
    RP182: 10/5/2010 11:14:22 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
    RP183: 10/6/2010 1:45:59 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
    RP184: 10/6/2010 2:46:17 AM - Software Distribution Service 3.0
    RP185: 10/7/2010 12:58:29 PM - Software Distribution Service 3.0
    RP186: 10/8/2010 3:22:36 PM - System Checkpoint
    RP187: 10/9/2010 4:12:15 PM - System Checkpoint
    RP188: 10/11/2010 1:50:30 AM - System Checkpoint
    RP189: 10/12/2010 5:16:30 PM - System Checkpoint
    RP190: 10/13/2010 3:36:35 PM - Software Distribution Service 3.0
    RP191: 10/13/2010 5:25:27 PM - Software Distribution Service 3.0
    RP192: 10/14/2010 7:29:14 PM - System Checkpoint

    ==== Installed Programs ======================

    7-Zip 4.65
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader 9.4.0
    Adobe Setup
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Apple Application Support
    Apple Software Update
    Chuzzle Deluxe
    Compatibility Pack for the 2007 Office system
    Delicious Deluxe Winter
    ESET NOD32 Antivirus
    FileZilla Client 3.3.2.1
    Guitar Pro 5.2
    High Definition Audio Driver Package - KB888111
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) Extreme Graphics Driver
    Java Auto Updater
    Java(TM) 6 Update 20
    jZip
    Malwarebytes' Anti-Malware
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    MSVC80_x86
    MSVCRT
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    Office Genuine Advantage Validation 2.0.48.0 Cracked V3
    OGA Notifier 2.0.0048.0
    Opera 10.62
    PC Connectivity Solution
    PDF Settings
    PicPick
    PSPad editor
    QuickTime
    RealPlayer
    RealUpgrade 1.0
    Romance of Rome 1.00
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    SUPERAntiSpyware
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    VLC media player 1.0.5
    WampServer 2.0
    WebFldrs XP
    Windows Driver Package - Nokia Modem (02/23/2009 7.01.0.2)
    Windows Driver Package - Nokia Modem (02/24/2009 4.0)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows XP Service Pack 3
    Youtube Downloader HD v. 2.1.1

    ==== Event Viewer Messages From Past Week ========

    10/14/2010 8:02:11 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    10/14/2010 8:02:11 PM, error: Service Control Manager [7034] - The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated unexpectedly. It has done this 1 time(s).
    10/14/2010 12:58:13 PM, error: Dhcp [1002] - The IP address lease 192.168.1.6 for the Network Card with network address 0030F11FCE8C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    10/13/2010 12:21:49 PM, error: System Error [1003] - Error code 1000008e, parameter1 c000001d, parameter2 f6fd5ec1, parameter3 ee6398a0, parameter4 00000000.
    10/11/2010 5:24:22 PM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0030F11FCE8C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    10/10/2010 8:02:38 PM, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 0030F11FCE8C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    10/10/2010 3:06:30 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0030F11FCE8C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

    ==== End Of File ===========================



    Thanks,
    Ruth.
     

    Attached Files:

  4. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Please, do NOT wrap logs in quotes and also observe our new rule: http://www.techspot.com/vb/topic154928.html (all logs have to be pasted).
    Thanks.

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. Ruth15

    Ruth15 TS Rookie Topic Starter

    Bleepingcomputer.com is one of the sites that I can't access.

    Here are the logs:

    ComboFix 10-10-14.04 - Administrator 10/15/2010 23:51:47.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.382.147 [GMT 5.5:30]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    .

    ((((((((((((((((((((((((( Files Created from 2010-09-15 to 2010-10-15 )))))))))))))))))))))))))))))))
    .

    2010-10-13 12:04 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
    2010-10-13 11:16 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2010-10-13 09:48 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-13 09:48 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-05 21:16 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-05 17:46 . 2010-10-05 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
    2010-10-05 17:45 . 2010-10-05 17:45 -------- d-----w- c:\program files\Common Files\iS3
    2010-10-05 17:44 . 2010-10-05 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
    2010-09-22 12:40 . 2010-09-22 12:40 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
    2010-09-18 06:53 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42u.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-10-05_23.03.47 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-10-15 14:23 . 2010-10-15 14:23 16384 c:\windows\Temp\Perflib_Perfdata_788.dat
    + 2004-08-03 19:26 . 2010-08-27 05:57 99840 c:\windows\system32\srvsvc.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 44544 c:\windows\system32\pngfilt.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 44544 c:\windows\system32\pngfilt.dll
    - 2007-08-13 13:24 . 2010-06-24 12:15 52224 c:\windows\system32\msfeedsbs.dll
    + 2007-08-13 13:24 . 2010-09-09 13:38 52224 c:\windows\system32\msfeedsbs.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 27648 c:\windows\system32\jsproxy.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 27648 c:\windows\system32\jsproxy.dll
    - 2007-08-13 13:09 . 2010-06-23 12:06 13824 c:\windows\system32\ieudinit.exe
    + 2007-08-13 13:09 . 2010-09-08 15:57 13824 c:\windows\system32\ieudinit.exe
    - 2004-08-03 19:26 . 2010-06-24 12:15 44544 c:\windows\system32\iernonce.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 44544 c:\windows\system32\iernonce.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 78336 c:\windows\system32\ieencode.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 78336 c:\windows\system32\ieencode.dll
    + 2004-08-03 19:26 . 2010-09-08 15:57 70656 c:\windows\system32\ie4uinit.exe
    - 2004-08-03 19:26 . 2010-06-23 12:06 70656 c:\windows\system32\ie4uinit.exe
    - 2007-08-13 13:06 . 2010-06-24 12:15 63488 c:\windows\system32\icardie.dll
    + 2007-08-13 13:06 . 2010-09-09 13:38 63488 c:\windows\system32\icardie.dll
    + 2010-08-27 05:57 . 2010-08-27 05:57 99840 c:\windows\system32\dllcache\srvsvc.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 44544 c:\windows\system32\dllcache\pngfilt.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 44544 c:\windows\system32\dllcache\pngfilt.dll
    + 2010-03-31 15:56 . 2010-09-09 13:38 52224 c:\windows\system32\dllcache\msfeedsbs.dll
    - 2010-03-31 15:56 . 2010-06-24 12:15 52224 c:\windows\system32\dllcache\msfeedsbs.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 27648 c:\windows\system32\dllcache\jsproxy.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 27648 c:\windows\system32\dllcache\jsproxy.dll
    + 2010-03-31 15:56 . 2010-09-08 15:57 13824 c:\windows\system32\dllcache\ieudinit.exe
    - 2010-03-31 15:56 . 2010-06-23 12:06 13824 c:\windows\system32\dllcache\ieudinit.exe
    + 2004-08-03 19:26 . 2010-09-09 13:38 44544 c:\windows\system32\dllcache\iernonce.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 44544 c:\windows\system32\dllcache\iernonce.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 78336 c:\windows\system32\dllcache\ieencode.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 78336 c:\windows\system32\dllcache\ieencode.dll
    - 2004-08-03 19:26 . 2010-06-23 12:06 70656 c:\windows\system32\dllcache\ie4uinit.exe
    + 2004-08-03 19:26 . 2010-09-08 15:57 70656 c:\windows\system32\dllcache\ie4uinit.exe
    + 2010-03-31 15:56 . 2010-09-09 13:38 63488 c:\windows\system32\dllcache\icardie.dll
    - 2010-03-31 15:56 . 2010-06-24 12:15 63488 c:\windows\system32\dllcache\icardie.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 17408 c:\windows\system32\dllcache\corpol.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 17408 c:\windows\system32\dllcache\corpol.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 17408 c:\windows\system32\corpol.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 17408 c:\windows\system32\corpol.dll
    - 2010-09-15 20:27 . 2010-09-15 20:27 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
    + 2010-10-13 12:04 . 2010-10-13 12:04 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
    + 2010-03-26 04:08 . 2010-10-13 12:03 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2010-03-26 04:08 . 2010-09-15 20:32 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    + 2010-03-26 04:08 . 2010-10-13 12:03 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
    - 2010-03-26 04:08 . 2010-09-15 20:32 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
    - 2010-03-26 04:08 . 2010-09-15 20:32 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2010-03-26 04:08 . 2010-10-13 12:03 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2010-03-26 04:08 . 2010-09-15 20:32 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2010-03-26 04:08 . 2010-10-13 12:03 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2010-03-26 04:08 . 2010-10-13 12:03 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
    - 2010-03-26 04:08 . 2010-09-15 20:32 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
    + 2010-03-26 04:08 . 2010-10-13 12:03 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    - 2010-03-26 04:08 . 2010-09-15 20:32 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2010-10-13 12:05 . 2010-06-24 12:15 44544 c:\windows\ie7updates\KB2360131-IE7\pngfilt.dll
    + 2010-10-13 12:05 . 2010-06-24 12:15 52224 c:\windows\ie7updates\KB2360131-IE7\msfeedsbs.dll
    + 2010-10-13 12:05 . 2010-06-24 12:15 27648 c:\windows\ie7updates\KB2360131-IE7\jsproxy.dll
    + 2010-10-13 12:05 . 2010-06-23 12:06 13824 c:\windows\ie7updates\KB2360131-IE7\ieudinit.exe
    + 2010-10-13 12:05 . 2010-06-24 12:15 44544 c:\windows\ie7updates\KB2360131-IE7\iernonce.dll
    + 2010-10-13 12:05 . 2010-06-24 12:15 78336 c:\windows\ie7updates\KB2360131-IE7\ieencode.dll
    + 2010-10-13 12:05 . 2010-06-23 12:06 70656 c:\windows\ie7updates\KB2360131-IE7\ie4uinit.exe
    + 2010-10-13 12:05 . 2010-06-24 12:15 63488 c:\windows\ie7updates\KB2360131-IE7\icardie.dll
    + 2010-10-13 12:05 . 2010-06-24 12:15 17408 c:\windows\ie7updates\KB2360131-IE7\corpol.dll
    - 2010-03-30 01:55 . 2010-07-22 05:57 5120 c:\windows\system32\xpsp4res.dll
    + 2010-03-30 01:55 . 2010-08-26 12:52 5120 c:\windows\system32\xpsp4res.dll
    + 2010-03-26 04:08 . 2010-10-13 12:03 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2010-03-26 04:08 . 2010-09-15 20:32 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2004-08-03 19:26 . 2010-09-09 13:38 832512 c:\windows\system32\wininet.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 832512 c:\windows\system32\wininet.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 233472 c:\windows\system32\webcheck.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 233472 c:\windows\system32\webcheck.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 105984 c:\windows\system32\url.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 105984 c:\windows\system32\url.dll
    - 2004-08-03 19:26 . 2009-10-15 16:28 119808 c:\windows\system32\t2embed.dll
    + 2004-08-03 19:26 . 2010-08-27 08:02 119808 c:\windows\system32\t2embed.dll
    + 2004-08-03 19:26 . 2010-08-16 08:45 590848 c:\windows\system32\rpcrt4.dll
    - 2004-08-03 19:26 . 2010-07-22 15:49 590848 c:\windows\system32\rpcrt4.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 102912 c:\windows\system32\occache.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 102912 c:\windows\system32\occache.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 671232 c:\windows\system32\mstime.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 671232 c:\windows\system32\mstime.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 193024 c:\windows\system32\msrating.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 193024 c:\windows\system32\msrating.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 478208 c:\windows\system32\mshtmled.dll
    + 2007-08-13 13:24 . 2010-09-09 13:38 468480 c:\windows\system32\msfeeds.dll
    + 2004-08-03 19:26 . 2010-09-18 06:53 974848 c:\windows\system32\mfc42u.dll
    + 2004-08-03 19:26 . 2010-09-18 06:53 974848 c:\windows\system32\mfc42.dll
    + 2001-08-23 06:30 . 2010-09-18 06:53 953856 c:\windows\system32\mfc40u.dll
    + 2001-08-23 06:30 . 2010-09-18 06:53 954368 c:\windows\system32\mfc40.dll
    + 2007-08-13 13:04 . 2010-09-09 13:38 268288 c:\windows\system32\iertutil.dll
    - 2007-08-13 13:04 . 2010-06-24 12:15 268288 c:\windows\system32\iertutil.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 192512 c:\windows\system32\iepeers.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 192512 c:\windows\system32\iepeers.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 384512 c:\windows\system32\iedkcs32.dll
    + 2007-07-11 06:57 . 2010-09-09 13:38 380928 c:\windows\system32\ieapfltr.dll
    - 2007-07-11 06:57 . 2010-06-24 12:15 380928 c:\windows\system32\ieapfltr.dll
    - 2001-08-23 06:30 . 2010-06-17 15:11 161792 c:\windows\system32\ieakui.dll
    + 2001-08-23 06:30 . 2010-08-25 11:29 161792 c:\windows\system32\ieakui.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 230400 c:\windows\system32\ieaksie.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 230400 c:\windows\system32\ieaksie.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 153088 c:\windows\system32\ieakeng.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 153088 c:\windows\system32\ieakeng.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 133120 c:\windows\system32\extmgr.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 133120 c:\windows\system32\extmgr.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 214528 c:\windows\system32\dxtrans.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 214528 c:\windows\system32\dxtrans.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 347136 c:\windows\system32\dxtmsft.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 347136 c:\windows\system32\dxtmsft.dll
    + 2004-08-03 17:44 . 2010-08-26 13:39 357248 c:\windows\system32\drivers\srv.sys
    + 2010-03-30 01:55 . 2010-07-12 12:55 218112 c:\windows\system32\dllcache\wordpad.exe
    - 2004-08-03 19:26 . 2010-06-24 12:15 832512 c:\windows\system32\dllcache\wininet.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 832512 c:\windows\system32\dllcache\wininet.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 233472 c:\windows\system32\dllcache\webcheck.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 233472 c:\windows\system32\dllcache\webcheck.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 105984 c:\windows\system32\dllcache\url.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 105984 c:\windows\system32\dllcache\url.dll
    - 2010-03-29 21:21 . 2009-10-15 16:28 119808 c:\windows\system32\dllcache\t2embed.dll
    + 2010-03-29 21:21 . 2010-08-27 08:02 119808 c:\windows\system32\dllcache\t2embed.dll
    + 2010-03-29 21:14 . 2010-08-26 13:39 357248 c:\windows\system32\dllcache\srv.sys
    + 2009-04-15 14:51 . 2010-08-16 08:45 590848 c:\windows\system32\dllcache\rpcrt4.dll
    - 2009-04-15 14:51 . 2010-07-22 15:49 590848 c:\windows\system32\dllcache\rpcrt4.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 102912 c:\windows\system32\dllcache\occache.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 102912 c:\windows\system32\dllcache\occache.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 671232 c:\windows\system32\dllcache\mstime.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 671232 c:\windows\system32\dllcache\mstime.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 193024 c:\windows\system32\dllcache\msrating.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 193024 c:\windows\system32\dllcache\msrating.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 478208 c:\windows\system32\dllcache\mshtmled.dll
    + 2010-03-31 15:56 . 2010-09-09 13:38 468480 c:\windows\system32\dllcache\msfeeds.dll
    + 2001-08-23 06:30 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll
    + 2010-03-25 21:39 . 2010-08-25 11:30 634648 c:\windows\system32\dllcache\iexplore.exe
    + 2010-03-31 15:56 . 2010-09-09 13:38 268288 c:\windows\system32\dllcache\iertutil.dll
    - 2010-03-31 15:56 . 2010-06-24 12:15 268288 c:\windows\system32\dllcache\iertutil.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 192512 c:\windows\system32\dllcache\iepeers.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 192512 c:\windows\system32\dllcache\iepeers.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 384512 c:\windows\system32\dllcache\iedkcs32.dll
    + 2010-03-31 15:56 . 2010-09-09 13:38 380928 c:\windows\system32\dllcache\ieapfltr.dll
    - 2010-03-31 15:56 . 2010-06-24 12:15 380928 c:\windows\system32\dllcache\ieapfltr.dll
    + 2001-08-23 06:30 . 2010-08-25 11:29 161792 c:\windows\system32\dllcache\ieakui.dll
    - 2001-08-23 06:30 . 2010-06-17 15:11 161792 c:\windows\system32\dllcache\ieakui.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 230400 c:\windows\system32\dllcache\ieaksie.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 230400 c:\windows\system32\dllcache\ieaksie.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 153088 c:\windows\system32\dllcache\ieakeng.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 153088 c:\windows\system32\dllcache\ieakeng.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 133120 c:\windows\system32\dllcache\extmgr.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 133120 c:\windows\system32\dllcache\extmgr.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 214528 c:\windows\system32\dllcache\dxtrans.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 214528 c:\windows\system32\dllcache\dxtrans.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 347136 c:\windows\system32\dllcache\dxtmsft.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 347136 c:\windows\system32\dllcache\dxtmsft.dll
    + 2010-04-20 05:30 . 2010-09-01 11:51 285824 c:\windows\system32\dllcache\atmfd.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 124928 c:\windows\system32\dllcache\advpack.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 124928 c:\windows\system32\dllcache\advpack.dll
    + 2004-08-03 19:26 . 2010-08-23 16:12 617472 c:\windows\system32\comctl32.dll
    - 2004-08-03 19:26 . 2008-04-14 00:11 617472 c:\windows\system32\comctl32.dll
    + 2004-08-03 19:26 . 2010-09-01 11:51 285824 c:\windows\system32\atmfd.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 124928 c:\windows\system32\advpack.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 124928 c:\windows\system32\advpack.dll
    + 2010-03-26 04:08 . 2010-10-13 12:03 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    - 2010-03-26 04:08 . 2010-09-15 20:32 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    - 2010-03-26 04:08 . 2010-09-15 20:32 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2010-03-26 04:08 . 2010-10-13 12:03 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2010-03-26 04:08 . 2010-10-13 12:03 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    - 2010-03-26 04:08 . 2010-09-15 20:32 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    + 2010-03-26 04:08 . 2010-10-13 12:03 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    - 2010-03-26 04:08 . 2010-09-15 20:32 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2010-03-26 04:08 . 2010-10-13 12:03 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2010-03-26 04:08 . 2010-09-15 20:32 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2010-03-26 04:08 . 2010-10-13 12:03 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
    - 2010-03-26 04:08 . 2010-09-15 20:32 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2010-10-13 12:05 . 2010-06-24 12:15 832512 c:\windows\ie7updates\KB2360131-IE7\wininet.dll
    + 2010-10-13 12:05 . 2010-06-24 12:15 233472 c:\windows\ie7updates\KB2360131-IE7\webcheck.dll
    + 2010-10-13 12:05 . 2010-06-24 12:15 105984 c:\windows\ie7updates\KB2360131-IE7\url.dll
    + 2010-10-13 12:05 . 2010-02-22 14:23 382840 c:\windows\ie7updates\KB2360131-IE7\spuninst\updspapi.dll
    + 2010-10-13 12:05 . 2010-02-22 14:23 231288 c:\windows\ie7updates\KB2360131-IE7\spuninst\spuninst.exe
    + 2010-10-13 12:05 . 2010-06-24 12:15 102912 c:\windows\ie7updates\KB2360131-IE7\occache.dll
    + 2010-10-13 12:05 . 2010-06-24 12:15 671232 c:\windows\ie7updates\KB2360131-IE7\mstime.dll
    + 2010-10-13 12:05 . 2010-06-24 12:15 193024 c:\windows\ie7updates\KB2360131-IE7\msrating.dll
    + 2010-10-13 12:05 . 2010-06-24 12:15 477696 c:\windows\ie7updates\KB2360131-IE7\mshtmled.dll
    + 2010-10-13 12:05 . 2010-06-24 12:15 459264 c:\windows\ie7updates\KB2360131-IE7\msfeeds.dll
    + 2010-10-13 12:05 . 2010-06-17 15:12 634656 c:\windows\ie7updates\KB2360131-IE7\iexplore.exe
    + 2010-10-13 12:05 . 2010-06-24 12:15 268288 c:\windows\ie7updates\KB2360131-IE7\iertutil.dll
    + 2010-10-13 12:05 . 2010-06-24 12:15 192512 c:\windows\ie7updates\KB2360131-IE7\iepeers.dll
    + 2010-10-13 12:05 . 2010-06-24 12:15 385024 c:\windows\ie7updates\KB2360131-IE7\iedkcs32.dll
    + 2010-10-13 12:05 . 2010-06-24 12:15 380928 c:\windows\ie7updates\KB2360131-IE7\ieapfltr.dll
    + 2010-10-13 12:05 . 2010-06-17 15:11 161792 c:\windows\ie7updates\KB2360131-IE7\ieakui.dll
    + 2010-10-13 12:05 . 2010-06-24 12:15 230400 c:\windows\ie7updates\KB2360131-IE7\ieaksie.dll
    + 2010-10-13 12:05 . 2010-06-24 12:15 153088 c:\windows\ie7updates\KB2360131-IE7\ieakeng.dll
    + 2010-10-13 12:05 . 2010-06-24 12:15 133120 c:\windows\ie7updates\KB2360131-IE7\extmgr.dll
    + 2010-10-13 12:05 . 2010-06-24 12:15 214528 c:\windows\ie7updates\KB2360131-IE7\dxtrans.dll
    + 2010-10-13 12:05 . 2010-06-24 12:15 347136 c:\windows\ie7updates\KB2360131-IE7\dxtmsft.dll
    + 2010-10-13 12:05 . 2010-06-24 12:15 124928 c:\windows\ie7updates\KB2360131-IE7\advpack.dll
    + 2010-10-13 11:17 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    + 2004-08-03 19:26 . 2010-08-26 11:46 4886528 c:\windows\system32\wmp.dll
    + 2004-08-03 17:47 . 2010-08-31 13:42 1852800 c:\windows\system32\win32k.sys
    + 2004-08-03 19:26 . 2010-09-09 13:38 1168384 c:\windows\system32\urlmon.dll
    - 2004-08-03 19:26 . 2010-06-24 12:15 1168384 c:\windows\system32\urlmon.dll
    + 2004-08-03 19:26 . 2010-07-16 12:05 1288192 c:\windows\system32\ole32.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 3601920 c:\windows\system32\mshtml.dll
    + 2007-08-13 13:24 . 2010-09-09 13:38 6075904 c:\windows\system32\ieframe.dll
    - 2010-03-25 13:29 . 2010-08-27 19:47 1505288 c:\windows\system32\FNTCACHE.DAT
    + 2010-03-25 13:29 . 2010-10-13 13:45 1505288 c:\windows\system32\FNTCACHE.DAT
    + 2004-08-03 19:26 . 2010-08-26 11:46 4886528 c:\windows\system32\dllcache\wmp.dll
    + 2009-08-14 13:21 . 2010-08-31 13:42 1852800 c:\windows\system32\dllcache\win32k.sys
    - 2004-08-03 19:26 . 2010-06-24 12:15 1168384 c:\windows\system32\dllcache\urlmon.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 1168384 c:\windows\system32\dllcache\urlmon.dll
    + 2010-07-16 12:05 . 2010-07-16 12:05 1288192 c:\windows\system32\dllcache\ole32.dll
    + 2004-08-03 19:26 . 2010-09-09 13:38 3601920 c:\windows\system32\dllcache\mshtml.dll
    + 2010-03-31 15:56 . 2010-09-09 13:38 6075904 c:\windows\system32\dllcache\ieframe.dll
    + 2010-10-07 07:26 . 2010-10-07 07:26 3940864 c:\windows\Installer\64732.msi
    + 2010-08-13 12:29 . 2010-08-13 12:29 8182272 c:\windows\Installer\3e88f7.msp
    + 2010-08-13 12:32 . 2010-08-13 12:32 2545664 c:\windows\Installer\3e88ec.msp
    + 2010-08-23 11:39 . 2010-08-23 11:39 7673344 c:\windows\Installer\3e88e1.msp
    + 2010-10-04 11:02 . 2010-10-04 11:02 5517824 c:\windows\Installer\3e88c9.msp
    + 2010-08-24 04:19 . 2010-08-24 04:19 6825472 c:\windows\Installer\3e88b1.msp
    + 2010-10-13 12:05 . 2010-06-24 12:15 1168384 c:\windows\ie7updates\KB2360131-IE7\urlmon.dll
    + 2010-10-13 12:05 . 2010-06-24 12:15 3600896 c:\windows\ie7updates\KB2360131-IE7\mshtml.dll
    + 2010-10-13 12:05 . 2010-06-24 12:15 6067200 c:\windows\ie7updates\KB2360131-IE7\ieframe.dll
    + 2010-03-30 03:43 . 2010-10-13 11:58 35385288 c:\windows\system32\MRT.exe
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-16 202256]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SuperAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- e:\program files\SuperAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\InstallShield\\engine\\6\\Intel 32\\iKernel.exe"=
    "e:\\Program Files\\Opera\\opera.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=

    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/29/2010 5:12 PM 114984]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/29/2010 5:13 PM 95872]
    R1 SASDIFSV;SASDIFSV;e:\program files\SuperAntiSpyware\sasdifsv.sys [2/17/2010 11:55 PM 12872]
    R1 SASKUTIL;SASKUTIL;e:\program files\SuperAntiSpyware\SASKUTIL.SYS [5/11/2010 12:11 AM 67656]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [3/29/2010 5:12 PM 810120]
    R3 es1969;ESS 1969 Audio Driver (WDM);c:\windows\system32\drivers\es1969.sys [3/25/2010 7:03 PM 72192]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-527237240-1177238915-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 16:39]

    2010-10-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-527237240-1177238915-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 16:39]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
    .
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(528)
    e:\program files\SuperAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll

    - - - - - - - > 'explorer.exe'(2704)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    .
    Completion time: 2010-10-16 00:01:27
    ComboFix-quarantined-files.txt 2010-10-15 18:31
    ComboFix2.txt 2010-10-05 23:07

    Pre-Run: 34,445,979,648 bytes free
    Post-Run: 34,440,183,808 bytes free

    - - End Of File - - 63C29219B1E35FAE565E379CAE3AB32D


    MBRCheck

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000007d

    Kernel Drivers (total 113):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806EE000 \WINDOWS\system32\hal.dll
    0xF7C75000 \WINDOWS\system32\KDCOM.DLL
    0xF7B85000 \WINDOWS\system32\BOOTVID.dll
    0xF7726000 ACPI.sys
    0xF7C77000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF7715000 pci.sys
    0xF7775000 isapnp.sys
    0xF7D3D000 pciide.sys
    0xF79F5000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF7C79000 intelide.sys
    0xF7785000 MountMgr.sys
    0xF76F6000 ftdisk.sys
    0xF7C7B000 dmload.sys
    0xF76D0000 dmio.sys
    0xF79FD000 PartMgr.sys
    0xF7795000 VolSnap.sys
    0xF76B8000 atapi.sys
    0xF77A5000 disk.sys
    0xF77B5000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF7698000 fltmgr.sys
    0xF7686000 sr.sys
    0xF766F000 KSecDD.sys
    0xF75E2000 Ntfs.sys
    0xF75B5000 NDIS.sys
    0xF759B000 Mup.sys
    0xF7855000 \SystemRoot\system32\DRIVERS\processr.sys
    0xF6FAD000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
    0xF6F99000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF7A6D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF6F75000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF7A75000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF6F63000 \SystemRoot\system32\drivers\es1969.sys
    0xF6F3F000 \SystemRoot\system32\drivers\portcls.sys
    0xF7865000 \SystemRoot\system32\drivers\drmk.sys
    0xF6F1C000 \SystemRoot\system32\drivers\ks.sys
    0xF7A7D000 \SystemRoot\system32\DRIVERS\RTL8139.SYS
    0xF7875000 \SystemRoot\system32\DRIVERS\serial.sys
    0xF7C09000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xF7A85000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xF6F08000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF7885000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF7A8D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF7A95000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF7895000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF78A5000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF7E47000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF78B5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7C11000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF6D81000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF78C5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF78D5000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF7A9D000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF6D70000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF78E5000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF7AA5000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF7AAD000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF6D40000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF7915000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF7C8B000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF6CE2000 \SystemRoot\system32\DRIVERS\update.sys
    0xF7C2D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF7925000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF7945000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF7C8F000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF7C55000 \SystemRoot\system32\DRIVERS\gameenum.sys
    0xF7ADD000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xF7C93000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7D86000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7C95000 \SystemRoot\System32\Drivers\Beep.SYS
    0xEDE93000 \SystemRoot\system32\DRIVERS\ehdrv.sys
    0xF7AED000 \SystemRoot\System32\drivers\vga.sys
    0xF7C97000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7C99000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF7AF5000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF7AFD000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF7097000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xEDE60000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xEDE07000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xEDDDF000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xEDDC7000 \SystemRoot\system32\DRIVERS\epfwtdir.sys
    0xEDDA5000 \SystemRoot\System32\drivers\afd.sys
    0xF7995000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xEDD83000 \??\E:\Program Files\SuperAntiSpyware\SASKUTIL.SYS
    0xEDD5D000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF79C5000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF7B0D000 \??\E:\Program Files\SuperAntiSpyware\SASDIFSV.SYS
    0xEDD32000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xEDCC2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF79E5000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF7805000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xEDCAA000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF7CA7000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF6CBA000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF7B1D000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7E6B000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF020000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF03F000 \SystemRoot\System32\ialmdev5.DLL
    0xBF06B000 \SystemRoot\System32\ialmdd5.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xEDAA8000 \SystemRoot\system32\DRIVERS\eamon.sys
    0xEDB6E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xED773000 \SystemRoot\system32\drivers\wdmaud.sys
    0xED8D0000 \SystemRoot\system32\drivers\sysaudio.sys
    0xED498000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xF7CB9000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xED3F0000 \SystemRoot\system32\DRIVERS\srv.sys
    0xED17F000 \SystemRoot\System32\Drivers\HTTP.sys
    0xECF4C000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 27):
    0 System Idle Process
    4 System
    444 C:\WINDOWS\system32\smss.exe
    500 csrss.exe
    528 C:\WINDOWS\system32\winlogon.exe
    572 C:\WINDOWS\system32\services.exe
    584 C:\WINDOWS\system32\lsass.exe
    736 C:\WINDOWS\system32\svchost.exe
    796 svchost.exe
    860 C:\WINDOWS\system32\svchost.exe
    908 svchost.exe
    1012 svchost.exe
    1312 C:\WINDOWS\explorer.exe
    1392 C:\WINDOWS\system32\spoolsv.exe
    1512 C:\WINDOWS\system32\igfxtray.exe
    1528 C:\WINDOWS\system32\hkcmd.exe
    1540 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    1552 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    1608 C:\WINDOWS\system32\ctfmon.exe
    1800 svchost.exe
    1836 C:\Program Files\Bonjour\mDNSResponder.exe
    1868 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    1928 C:\Program Files\Java\jre6\bin\jqs.exe
    2036 C:\WINDOWS\system32\svchost.exe
    756 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    2200 E:\Program Files\Opera\opera.exe
    2980 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000009`c3dcd400 (NTFS)
    \\.\F: --> \\.\PhysicalDrive0 at offset 0x00000013`87b92a00 (NTFS)
    \\.\G: --> \\.\PhysicalDrive0 at offset 0x0000001d`4b958000 (NTFS)

    PhysicalDrive0 Model Number: ST3160215A, Rev: 3.AAD

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!

    Thanks,
    Ruth.
     
  6. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    MBRCheck looks good :)

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Folder::
    c:\documents and settings\All Users\Application Data\SITEguard
    c:\program files\Common Files\iS3
    c:\documents and settings\All Users\Application Data\STOPzilla!
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  7. Ruth15

    Ruth15 TS Rookie Topic Starter

    Combofix didn't ask to reboot.

    Here is the log:


    ComboFix 10-10-14.04 - Administrator 10/16/2010 3:48.3.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.382.215 [GMT 5.5:30]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
    AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\SITEguard
    c:\documents and settings\All Users\Application Data\SITEguard\siteguard.db
    c:\documents and settings\All Users\Application Data\STOPzilla!
    c:\documents and settings\All Users\Application Data\STOPzilla!\modules_scanned.db
    c:\documents and settings\All Users\Application Data\STOPzilla!\modules_scanned.db.bak
    c:\documents and settings\All Users\Application Data\STOPzilla!\scanner.log
    c:\documents and settings\All Users\Application Data\STOPzilla!\sgdefs.db
    c:\documents and settings\All Users\Application Data\STOPzilla!\sgdwc.db
    c:\documents and settings\All Users\Application Data\STOPzilla!\userdata.db
    c:\documents and settings\All Users\Application Data\STOPzilla!\zilla5.log
    c:\program files\Common Files\iS3
    c:\program files\Common Files\iS3\Anti-Spyware\sgdfull.rsf

    .
    ((((((((((((((((((((((((( Files Created from 2010-09-15 to 2010-10-15 )))))))))))))))))))))))))))))))
    .

    2010-10-13 12:04 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
    2010-10-13 11:16 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2010-10-13 09:48 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-13 09:48 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-05 21:16 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-22 12:40 . 2010-09-22 12:40 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
    2010-09-18 06:53 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42u.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((( SnapShot_2010-10-15_18.27.55 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-10-15 21:38 . 2010-10-15 21:38 16384 c:\windows\Temp\Perflib_Perfdata_130.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-16 202256]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SuperAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- e:\program files\SuperAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\InstallShield\\engine\\6\\Intel 32\\iKernel.exe"=
    "e:\\Program Files\\Opera\\opera.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=

    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/29/2010 5:12 PM 114984]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/29/2010 5:13 PM 95872]
    R1 SASDIFSV;SASDIFSV;e:\program files\SuperAntiSpyware\sasdifsv.sys [2/17/2010 11:55 PM 12872]
    R1 SASKUTIL;SASKUTIL;e:\program files\SuperAntiSpyware\SASKUTIL.SYS [5/11/2010 12:11 AM 67656]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [3/29/2010 5:12 PM 810120]
    R3 es1969;ESS 1969 Audio Driver (WDM);c:\windows\system32\drivers\es1969.sys [3/25/2010 7:03 PM 72192]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-527237240-1177238915-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 16:39]

    2010-10-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-527237240-1177238915-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 16:39]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
    .
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(532)
    e:\program files\SuperAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    Completion time: 2010-10-16 03:56:56
    ComboFix-quarantined-files.txt 2010-10-15 22:26
    ComboFix2.txt 2010-10-15 18:31
    ComboFix3.txt 2010-10-05 23:07

    Pre-Run: 34,460,979,200 bytes free
    Post-Run: 34,451,644,416 bytes free

    - - End Of File - - E497CDCA3CE20D64775378432424FC96


    Thanks,
    Ruth.
     
  8. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    How is redirection?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. Ruth15

    Ruth15 TS Rookie Topic Starter

    Browsers still getting redirected :(




    OTL logfile created on: 10/16/2010 12:46:28 PM - Run 1
    OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    382.00 Mb Total Physical Memory | 225.00 Mb Available Physical Memory | 59.00% Memory free
    542.00 Mb Paging File | 348.00 Mb Available in Paging File | 64.00% Paging File free
    Paging file location(s): C:\pagefile.sys 192 384 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 39.06 Gb Total Space | 32.22 Gb Free Space | 82.49% Space Free | Partition Type: NTFS
    Drive E: | 39.06 Gb Total Space | 26.69 Gb Free Space | 68.33% Space Free | Partition Type: NTFS
    Drive F: | 39.06 Gb Total Space | 25.43 Gb Free Space | 65.09% Space Free | Partition Type: NTFS
    Drive G: | 31.86 Gb Total Space | 31.78 Gb Free Space | 99.75% Space Free | Partition Type: NTFS

    Computer Name: SHRUTHI-B041522 | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/10/16 12:44:53 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    PRC - [2010/04/16 13:28:24 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2010/03/29 17:12:18 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    PRC - [2010/03/29 17:11:50 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    PRC - [2008/04/14 05:42:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/10/16 12:44:53 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    MOD - [2010/08/23 21:42:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2008/04/14 05:40:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - [2010/04/16 12:54:28 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/03/29 17:16:36 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
    SRV - [2010/03/29 17:12:18 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
    SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
    SRV - [2009/03/04 11:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/05/11 00:11:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Program Files\SuperAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/03/29 17:13:44 | 000,095,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
    DRV - [2010/03/29 17:12:00 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
    DRV - [2010/03/29 17:07:30 | 000,140,216 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
    DRV - [2010/02/17 23:55:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Program Files\SuperAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009/02/09 07:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2009/02/09 07:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2009/02/09 07:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2009/02/09 07:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2008/04/14 00:15:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2004/08/04 04:01:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2001/08/17 17:49:58 | 000,072,192 | ---- | M] (ESS Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1969.sys -- (es1969) ESS 1969 Audio Driver (WDM)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/06/11 18:00:34 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/04/12 23:07:05 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2010/10/16 03:53:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - E:\Program Files\SuperAntiSpyware\SASWINLO.DLL - E:\Program Files\SuperAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Program Files\SuperAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/03/26 03:13:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/10/16 12:44:20 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/10/16 03:46:22 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2010/10/14 01:48:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder
    [2010/10/07 12:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
    [2010/10/06 04:27:01 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/10/06 04:24:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/10/06 04:24:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/10/06 04:24:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/10/06 04:24:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/10/06 04:24:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/10/06 04:23:48 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/08/21 14:14:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Phone Browser
    [2010/08/06 03:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\PicPick
    [2010/07/25 12:15:16 | 000,000,000 | ---D | C] -- C:\Program Files\ReflexiveArcade
    [2010/07/24 15:55:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Youtube Downloader HD

    ========== Files - Modified Within 90 Days ==========

    [2010/10/16 12:44:53 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/10/16 12:31:31 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-583907252-527237240-1177238915-500.job
    [2010/10/16 12:31:27 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-527237240-1177238915-500.job
    [2010/10/16 12:30:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/10/16 03:53:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/10/15 23:47:11 | 003,878,824 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2010/10/15 23:43:54 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
    [2010/10/13 19:15:06 | 001,505,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/10/13 17:36:08 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/10/06 04:27:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/10/06 02:21:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/10/06 00:02:09 | 000,001,400 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
    [2010/10/06 00:00:27 | 000,000,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
    [2010/10/01 22:25:56 | 007,410,699 | ---- | M] () -- E:\My Documents\Flex Effect Third Edition.part2.rar
    [2010/09/26 19:20:41 | 007,395,301 | ---- | M] () -- E:\My Documents\cyber-shot.pdf
    [2010/09/16 11:41:21 | 000,008,511 | ---- | M] () -- E:\My Documents\day3code.zip
    [2010/09/15 17:21:06 | 000,047,616 | ---- | M] () -- E:\My Documents\Nageshwara_Rao_LEASE_DEED_DA.doc
    [2010/09/14 18:10:04 | 000,000,498 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
    [2010/09/14 01:46:14 | 001,509,929 | ---- | M] () -- E:\My Documents\HomespunBride.pdf
    [2010/09/14 01:42:14 | 001,749,036 | ---- | M] () -- E:\My Documents\HisLadyMistress.pdf
    [2010/09/14 01:36:40 | 002,086,921 | ---- | M] () -- E:\My Documents\APassionToDieFor.pdf
    [2010/09/14 01:35:18 | 001,716,439 | ---- | M] () -- E:\My Documents\IrresistibleForces.pdf
    [2010/09/12 18:23:48 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/09/12 18:23:48 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/09/03 19:40:22 | 000,193,729 | ---- | M] () -- E:\My Documents\Image0268.jpg
    [2010/08/30 14:29:04 | 000,067,584 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/07 16:19:11 | 000,206,876 | ---- | M] () -- E:\My Documents\physics_syllabus.pdf
    [2010/08/06 19:19:47 | 042,683,031 | ---- | M] () -- E:\My Documents\Origami Lotus Flower Instructions_(360p).mp4
    [2010/07/30 23:58:34 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
    [2010/07/30 23:58:32 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

    ========== Files Created - No Company Name ==========

    [2010/10/15 23:44:38 | 003,878,824 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2010/10/15 23:43:54 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
    [2010/10/06 04:27:07 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/10/06 04:27:04 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/10/06 04:24:25 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/10/06 04:24:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/10/06 04:24:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/10/06 04:24:25 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/10/06 04:24:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/10/06 00:00:13 | 000,000,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
    [2010/10/05 23:59:22 | 000,001,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
    [2010/10/01 22:09:25 | 007,410,699 | ---- | C] () -- E:\My Documents\Flex Effect Third Edition.part2.rar
    [2010/09/27 02:22:02 | 007,395,301 | ---- | C] () -- E:\My Documents\cyber-shot.pdf
    [2010/09/22 22:37:34 | 000,008,511 | ---- | C] () -- E:\My Documents\day3code.zip
    [2010/09/16 12:33:49 | 000,047,616 | ---- | C] () -- E:\My Documents\Nageshwara_Rao_LEASE_DEED_DA.doc
    [2010/09/14 18:10:04 | 000,000,498 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
    [2010/09/14 04:21:19 | 001,749,036 | ---- | C] () -- E:\My Documents\HisLadyMistress.pdf
    [2010/09/14 04:21:18 | 002,086,921 | ---- | C] () -- E:\My Documents\APassionToDieFor.pdf
    [2010/09/14 04:21:17 | 001,716,439 | ---- | C] () -- E:\My Documents\IrresistibleForces.pdf
    [2010/09/14 04:21:16 | 001,509,929 | ---- | C] () -- E:\My Documents\HomespunBride.pdf
    [2010/09/07 04:48:27 | 000,193,729 | ---- | C] () -- E:\My Documents\Image0268.jpg
    [2010/09/01 00:11:23 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-583907252-527237240-1177238915-500.job
    [2010/09/01 00:11:22 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-527237240-1177238915-500.job
    [2010/08/12 04:30:01 | 000,206,876 | ---- | C] () -- E:\My Documents\physics_syllabus.pdf
    [2010/08/12 04:29:57 | 042,683,031 | ---- | C] () -- E:\My Documents\Origami Lotus Flower Instructions_(360p).mp4
    [2010/07/30 23:58:34 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
    [2010/07/30 23:58:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
    [2010/03/27 02:33:09 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6e.DLL
    [2010/03/27 02:19:45 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\drivers\service.ini
    [2010/03/27 01:22:39 | 000,006,067 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
    [2010/03/27 01:22:34 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
    [2010/03/26 09:39:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2010/03/26 05:49:59 | 000,067,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/03/25 19:01:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2009/08/03 15:07:42 | 000,667,136 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
    [2003/01/08 04:35:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2010/06/26 14:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Big Fish Games
    [2010/05/17 17:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Braintonik
    [2010/09/12 15:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileZilla
    [2010/06/11 02:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FloodLightGames
    [2010/06/26 01:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gamelab
    [2010/06/11 18:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
    [2010/03/28 13:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
    [2010/06/11 18:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
    [2010/07/25 12:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Playrix Entertainment
    [2010/04/27 23:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SpinTop Games
    [2010/07/24 18:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Youtube Downloader HD
    [2010/07/01 02:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Awem
    [2010/04/14 21:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games Vancouver
    [2010/07/05 09:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brainiversity2
    [2010/05/17 17:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Braintonik
    [2010/04/12 23:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
    [2010/06/11 02:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames
    [2010/05/19 14:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
    [2010/06/11 17:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2010/04/29 10:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
    [2010/07/14 01:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
    [2010/06/11 18:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2010/05/31 10:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Princess Isabella
    [2010/07/25 12:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/07/10 16:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/03/26 03:13:21 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/03/26 03:06:27 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/10/06 04:27:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/10/16 03:56:57 | 000,005,994 | ---- | M] () -- C:\ComboFix.txt
    [2010/03/26 03:13:21 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/03/26 03:13:21 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/03/26 03:13:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/03 22:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2010/04/06 14:33:21 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/10/16 12:43:39 | 206,569,472 | -HS- | M] () -- C:\pagefile.sys
    [2010/10/05 21:40:52 | 000,002,252 | ---- | M] () -- C:\rapport.txt

    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2010/03/26 03:12:29 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2004/04/23 10:30:00 | 000,017,920 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD6e.DLL
    [2004/04/23 10:30:00 | 000,054,272 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP6e.DLL
    [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2010/03/25 18:56:33 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2010/03/25 18:56:33 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2010/03/25 18:56:33 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2010/04/06 14:56:16 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/03/26 03:19:24 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2010/03/26 03:19:23 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/10/15 23:47:11 | 003,878,824 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2010/10/15 23:43:54 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
    [2010/10/16 12:44:53 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/03/26 03:19:23 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/10/15 22:59:48 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Administrator\Cookies\desktop.ini
    [2010/10/16 12:31:03 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Administrator\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2008/04/14 05:42:38 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 05:41:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 14:36:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 14:36:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 19:31:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 23:00:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 05:42:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/02 23:37:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/02 23:37:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/02 23:37:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 14:36:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 14:36:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8011787
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:354E094D

    < End of report >
     
  10. Ruth15

    Ruth15 TS Rookie Topic Starter

    Sorry if this is a double post. The post was over 50000 characters, so I tried to post the logs in 2 posts, and now I am being moderated!

    Here is the OTL Extras log:

    OTL Extras logfile created on: 10/16/2010 12:46:28 PM - Run 1
    OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    382.00 Mb Total Physical Memory | 225.00 Mb Available Physical Memory | 59.00% Memory free
    542.00 Mb Paging File | 348.00 Mb Available in Paging File | 64.00% Paging File free
    Paging file location(s): C:\pagefile.sys 192 384 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 39.06 Gb Total Space | 32.22 Gb Free Space | 82.49% Space Free | Partition Type: NTFS
    Drive E: | 39.06 Gb Total Space | 26.69 Gb Free Space | 68.33% Space Free | Partition Type: NTFS
    Drive F: | 39.06 Gb Total Space | 25.43 Gb Free Space | 65.09% Space Free | Partition Type: NTFS
    Drive G: | 31.86 Gb Total Space | 31.78 Gb Free Space | 99.75% Space Free | Partition Type: NTFS

    Computer Name: SHRUTHI-B041522 | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "E:\Program Files\VLC media player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "E:\Program Files\VLC media player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\iKernel.exe" = C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\iKernel.exe:*:Enabled:ipsec -- (InstallShield Software Corporation)
    "E:\Program Files\Opera\opera.exe" = E:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
    "C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe" = C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{66377DF8-960A-4199-AD92-A3323B5DCD5D}" = Delicious Deluxe Winter
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}" = Nokia PC Suite
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
    "{B91B4988-2671-4C7A-9B84-5FE9E38EDDE0}" = ESET NOD32 Antivirus
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{BF01A2F5-5199-4ECB-8CA5-A93D3E88B731}" = Office Genuine Advantage Validation 2.0.48.0 Cracked V3
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "7-Zip" = 7-Zip 4.65
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
    "Chuzzle Deluxe" = Chuzzle Deluxe
    "D978F69D5F15B845BD6BC6F8BF9BCD36982A2087" = Windows Driver Package - Nokia Modem (02/24/2009 4.0)
    "E7F682214B951640C9C539C41FDA1A7F836FF7B6" = Windows Driver Package - Nokia Modem (02/23/2009 7.01.0.2)
    "FileZilla Client" = FileZilla Client 3.3.2.1
    "Guitar Pro 5_is1" = Guitar Pro 5.2
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "jZip" = jZip
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Nokia PC Suite" = Nokia PC Suite
    "Office Genuine Advantage Validation 2.0.48.0 Cracked V3" = Office Genuine Advantage Validation 2.0.48.0 Cracked V3
    "PicPick" = PicPick
    "PSPad editor_is1" = PSPad editor
    "RealPlayer 12.0" = RealPlayer
    "Romance of Rome 1.00" = Romance of Rome 1.00
    "VLC media player" = VLC media player 1.0.5
    "WampServer 2_is1" = WampServer 2.0
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.1.1

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 6/25/2010 4:16:03 PM | Computer Name = SHRUTHI-B041522 | Source = Application Error | ID = 1000
    Description = Faulting application play.exe, version 1.0.7.1, faulting module play.exe,
    version 1.0.7.1, fault address 0x001bf2aa.

    Error - 6/25/2010 11:37:53 PM | Computer Name = SHRUTHI-B041522 | Source = Application Error | ID = 1000
    Description = Faulting application delicious4.exe, version 1.0.8.29324, faulting
    module delicious4.exe, version 1.0.8.29324, fault address 0x001e4576.

    Error - 6/26/2010 12:57:04 AM | Computer Name = SHRUTHI-B041522 | Source = Application Error | ID = 1000
    Description = Faulting application delicious4.exe, version 1.0.8.29324, faulting
    module delicious4.exe, version 1.0.8.29324, fault address 0x0028fcb4.

    Error - 6/27/2010 3:52:30 PM | Computer Name = SHRUTHI-B041522 | Source = Application Error | ID = 1000
    Description = Faulting application play.exe, version 1.0.7.1, faulting module play.exe,
    version 1.0.7.1, fault address 0x000bec6b.

    Error - 7/3/2010 8:59:54 AM | Computer Name = SHRUTHI-B041522 | Source = Application Error | ID = 1000
    Description = Faulting application delicious4.exe, version 1.0.8.29324, faulting
    module delicious4.exe, version 1.0.8.29324, fault address 0x001e4576.

    Error - 7/25/2010 2:40:20 AM | Computer Name = SHRUTHI-B041522 | Source = Application Error | ID = 1000
    Description = Faulting application deliciousemilytea.exe, version 1.1.0.0, faulting
    module deliciousemilytea.exe, version 1.1.0.0, fault address 0x001b68c5.

    Error - 7/26/2010 8:24:19 AM | Computer Name = SHRUTHI-B041522 | Source = Application Error | ID = 1000
    Description = Faulting application opera.exe, version 10.10.1893.0, faulting module
    unknown, version 0.0.0.0, fault address 0x01d22323.

    Error - 7/27/2010 5:51:20 AM | Computer Name = SHRUTHI-B041522 | Source = JavaQuickStarterService | ID = 1
    Description =

    Error - 7/29/2010 2:57:51 AM | Computer Name = SHRUTHI-B041522 | Source = Application Error | ID = 1000
    Description = Faulting application delicious4.exe, version 1.0.8.29324, faulting
    module delicious4.exe, version 1.0.8.29324, fault address 0x001e4576.

    Error - 7/29/2010 2:58:11 AM | Computer Name = SHRUTHI-B041522 | Source = Application Error | ID = 1000
    Description = Faulting application delicious4.exe, version 1.0.8.29324, faulting
    module delicious4.exe, version 1.0.8.29324, fault address 0x001e4576.

    [ System Events ]
    Error - 10/13/2010 2:51:49 AM | Computer Name = SHRUTHI-B041522 | Source = System Error | ID = 1003
    Description = Error code 1000008e, parameter1 c000001d, parameter2 f6fd5ec1, parameter3
    ee6398a0, parameter4 00000000.

    Error - 10/13/2010 6:47:47 AM | Computer Name = SHRUTHI-B041522 | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.3 for the Network Card with network
    address 0030F11FCE8C has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 10/14/2010 3:28:13 AM | Computer Name = SHRUTHI-B041522 | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.6 for the Network Card with network
    address 0030F11FCE8C has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 10/14/2010 10:32:11 AM | Computer Name = SHRUTHI-B041522 | Source = Service Control Manager | ID = 7034
    Description = The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated
    unexpectedly. It has done this 1 time(s).

    Error - 10/14/2010 10:32:11 AM | Computer Name = SHRUTHI-B041522 | Source = Service Control Manager | ID = 7034
    Description = The Java Quick Starter service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 10/14/2010 7:08:34 PM | Computer Name = SHRUTHI-B041522 | Source = Service Control Manager | ID = 7034
    Description = The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated
    unexpectedly. It has done this 1 time(s).

    Error - 10/14/2010 7:08:34 PM | Computer Name = SHRUTHI-B041522 | Source = Service Control Manager | ID = 7034
    Description = The Java Quick Starter service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 10/15/2010 2:25:16 AM | Computer Name = SHRUTHI-B041522 | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.2 for the Network Card with network
    address 0030F11FCE8C has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 10/15/2010 10:23:00 AM | Computer Name = SHRUTHI-B041522 | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.3 for the Network Card with network
    address 0030F11FCE8C has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 10/16/2010 3:01:02 AM | Computer Name = SHRUTHI-B041522 | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.4 for the Network Card with network
    address 0030F11FCE8C has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).


    < End of report >
     
  11. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Which browser is getting redirected?

    You have very little of RAM:
    Your computer would greatly benefit from adding more RAM.

    ======================================================================

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/reso...an8/oscan8.cab (Reg Error: Key error.)
      @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8011787
      @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:354E094D
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
     
     
  12. Ruth15

    Ruth15 TS Rookie Topic Starter

    Both I.E and Opera are getting redirected.

    Here is the OTL log:

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Starting removal of ActiveX control {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
    C:\WINDOWS\Downloaded Program Files\oscan8.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:B8011787 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:354E094D deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 9257236 bytes
    ->Temporary Internet Files folder emptied: 423979 bytes
    ->Java cache emptied: 2027 bytes
    ->Opera cache emptied: 4547685 bytes
    ->Flash cache emptied: 3993 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 511 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 14.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.15.2 log created on 10182010_013758

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

    Thanks a lot for your help.
    Ruth.
     
  13. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Your router may be infected.

    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Turn the computer off.

    On your router, you'll find a pinhole marked "Reset".
    Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
    Restart computer and check for redirections.

    NOTE. You may need to re-check your router security settings, as described HERE
     
  14. Ruth15

    Ruth15 TS Rookie Topic Starter

    Sorry for the delay in responding. I had lost my internet password, and so had to call my ISP to reset it.

    Both IE and Opera are still getting redirected. I did the commands and router reset twice.

    What do I do now?

    Thanks a lot for all your help,
    Ruth.

    Edit: This redirect doesn't happen on my laptop. Same router, but wireless. Don't know if this is relevant info?
     
  15. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  16. Ruth15

    Ruth15 TS Rookie Topic Starter

    There were no infections, no suspicious files, no reboot required. Here is the log:

    2010/10/20 13:32:34.0171 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
    2010/10/20 13:32:34.0171 ================================================================================
    2010/10/20 13:32:34.0171 SystemInfo:
    2010/10/20 13:32:34.0171
    2010/10/20 13:32:34.0171 OS Version: 5.1.2600 ServicePack: 3.0
    2010/10/20 13:32:34.0171 Product type: Workstation
    2010/10/20 13:32:34.0171 ComputerName: SHRUTHI-B041522
    2010/10/20 13:32:34.0171 UserName: Administrator
    2010/10/20 13:32:34.0171 Windows directory: C:\WINDOWS
    2010/10/20 13:32:34.0171 System windows directory: C:\WINDOWS
    2010/10/20 13:32:34.0171 Processor architecture: Intel x86
    2010/10/20 13:32:34.0171 Number of processors: 1
    2010/10/20 13:32:34.0171 Page size: 0x1000
    2010/10/20 13:32:34.0171 Boot type: Normal boot
    2010/10/20 13:32:34.0171 ================================================================================
    2010/10/20 13:32:35.0031 Initialize success
    2010/10/20 13:32:39.0859 ================================================================================
    2010/10/20 13:32:39.0859 Scan started
    2010/10/20 13:32:39.0859 Mode: Manual;
    2010/10/20 13:32:39.0859 ================================================================================
    2010/10/20 13:32:41.0640 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/10/20 13:32:41.0796 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/10/20 13:32:42.0062 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/10/20 13:32:42.0234 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/10/20 13:32:43.0328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/10/20 13:32:43.0500 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/10/20 13:32:43.0703 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/10/20 13:32:43.0843 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/10/20 13:32:43.0984 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/10/20 13:32:44.0250 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/10/20 13:32:44.0515 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/10/20 13:32:44.0718 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/10/20 13:32:44.0859 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/10/20 13:32:45.0656 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/10/20 13:32:45.0843 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/10/20 13:32:46.0046 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/10/20 13:32:46.0218 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/10/20 13:32:46.0343 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/10/20 13:32:46.0656 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/10/20 13:32:46.0781 eamon (4094e23a8dcd947f8f0f762d0630f4ac) C:\WINDOWS\system32\DRIVERS\eamon.sys
    2010/10/20 13:32:46.0953 ehdrv (0fc7f6be889a747b1d0edfe4c58e487b) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
    2010/10/20 13:32:47.0125 epfwtdir (5d8d0d9b78fb21bfb3f2ca97d41ea4ca) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
    2010/10/20 13:32:47.0265 es1969 (b9f03760af557348e17a5bb5ffeb73c0) C:\WINDOWS\system32\drivers\es1969.sys
    2010/10/20 13:32:47.0468 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/10/20 13:32:47.0640 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2010/10/20 13:32:47.0796 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/10/20 13:32:47.0953 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2010/10/20 13:32:48.0093 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2010/10/20 13:32:48.0265 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/10/20 13:32:48.0390 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/10/20 13:32:48.0562 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
    2010/10/20 13:32:48.0687 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/10/20 13:32:48.0984 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/10/20 13:32:49.0359 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/10/20 13:32:49.0562 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    2010/10/20 13:32:49.0718 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/10/20 13:32:50.0015 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2010/10/20 13:32:50.0125 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2010/10/20 13:32:50.0281 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/10/20 13:32:50.0421 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/10/20 13:32:50.0578 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/10/20 13:32:50.0750 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/10/20 13:32:50.0875 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/10/20 13:32:51.0031 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/10/20 13:32:51.0171 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/10/20 13:32:51.0312 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/10/20 13:32:51.0453 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/10/20 13:32:51.0796 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/10/20 13:32:51.0968 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/10/20 13:32:52.0156 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/10/20 13:32:52.0281 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/10/20 13:32:52.0562 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/10/20 13:32:52.0734 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/10/20 13:32:52.0937 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/10/20 13:32:53.0078 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/10/20 13:32:53.0234 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/10/20 13:32:53.0390 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/10/20 13:32:53.0546 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/10/20 13:32:53.0703 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/10/20 13:32:53.0890 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/10/20 13:32:54.0046 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/10/20 13:32:54.0171 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/10/20 13:32:54.0328 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/10/20 13:32:54.0468 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/10/20 13:32:54.0593 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/10/20 13:32:54.0734 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/10/20 13:32:54.0968 nmwcd (4a8a2aa0706b659175169decf198e9d7) C:\WINDOWS\system32\drivers\ccdcmb.sys
    2010/10/20 13:32:55.0109 nmwcdc (fd3e61831095ac62e6840d986b5a2016) C:\WINDOWS\system32\drivers\ccdcmbo.sys
    2010/10/20 13:32:55.0234 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/10/20 13:32:55.0406 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/10/20 13:32:55.0593 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/10/20 13:32:55.0734 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/10/20 13:32:55.0875 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/10/20 13:32:56.0046 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2010/10/20 13:32:56.0171 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/10/20 13:32:56.0312 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/10/20 13:32:56.0453 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
    2010/10/20 13:32:56.0593 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/10/20 13:32:56.0906 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/10/20 13:32:57.0062 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2010/10/20 13:32:57.0906 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/10/20 13:32:58.0062 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    2010/10/20 13:32:58.0203 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/10/20 13:32:58.0328 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/10/20 13:32:58.0953 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/10/20 13:32:59.0093 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/10/20 13:32:59.0234 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/10/20 13:32:59.0390 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/10/20 13:32:59.0578 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/10/20 13:32:59.0718 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/10/20 13:32:59.0859 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/10/20 13:33:00.0062 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/10/20 13:33:00.0218 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/10/20 13:33:00.0437 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    2010/10/20 13:33:00.0609 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) E:\Program Files\SuperAntiSpyware\SASDIFSV.SYS
    2010/10/20 13:33:00.0750 SASKUTIL (61db0d0756a99506207fd724e3692b25) E:\Program Files\SuperAntiSpyware\SASKUTIL.SYS
    2010/10/20 13:33:00.0937 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/10/20 13:33:01.0125 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/10/20 13:33:01.0265 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/10/20 13:33:01.0453 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/10/20 13:33:01.0843 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/10/20 13:33:02.0015 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/10/20 13:33:02.0187 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/10/20 13:33:02.0406 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/10/20 13:33:02.0531 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/10/20 13:33:03.0171 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/10/20 13:33:03.0343 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/10/20 13:33:03.0546 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/10/20 13:33:03.0718 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/10/20 13:33:03.0859 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/10/20 13:33:04.0218 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/10/20 13:33:04.0484 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/10/20 13:33:04.0671 upperdev (587e643a4e2ffd9a00f114b057ceb773) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
    2010/10/20 13:33:04.0859 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/10/20 13:33:05.0015 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/10/20 13:33:05.0171 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2010/10/20 13:33:05.0359 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/10/20 13:33:05.0515 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
    2010/10/20 13:33:05.0671 UsbserFilt (fca6a196d47cb972a0e4adc0db9cd17c) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
    2010/10/20 13:33:05.0812 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/10/20 13:33:05.0953 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/10/20 13:33:06.0125 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/10/20 13:33:06.0375 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/10/20 13:33:06.0609 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/10/20 13:33:06.0843 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
    2010/10/20 13:33:07.0171 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/10/20 13:33:07.0671 ================================================================================
    2010/10/20 13:33:07.0671 Scan finished
    2010/10/20 13:33:07.0671 ================================================================================
     
  17. Broni

    Broni Malware Annihilator Posts: 48,033   +271

  18. Ruth15

    Ruth15 TS Rookie Topic Starter

    Yes!!!!

    Finally the redirect is gone. Broni, thank you, thank you, thank you :)

    Edit:
    The opendns was making my internet connection slow, so I decided to give resetting the modem another go. This time I not only disconnected the modem from my computer, but also switched off the power supply for a while. And then reset it.

    I am happy to say the redirect is not happening, even without using the opendns.

    Thank you, Broni for your endless patience and help.

    Edit #2:
    The redirect is back. How can I remove this thing for good?
     
  19. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    I think, you did reset incorrectly.
    We're talking here about resetting router, not modem.
    Please, re-read my reply #13 and proceed accordingly.
    Disconnecting router from power source is not enough.
     
  20. Ruth15

    Ruth15 TS Rookie Topic Starter

    Everythings working fine now. Thanks Broni.

    Please mark this thread as solved :D
     
  21. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    We're almost there :)

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  22. Ruth15

    Ruth15 TS Rookie Topic Starter

    Here is the Security Check log:

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    ESET NOD32 Antivirus
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.1.82.76
    Adobe Reader 9.4.0
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ````````````````````````````````
    DNS Vulnerability Check:

    Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

    ``````````End of Log````````````



    Eset Node32 is my regular anti-virus, still the online scan detected this:

    C:\Qoobox\Quarantine\C\WINDOWS\system32\setup.ini.vir INF/Autorun virus
     
  23. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Looks good :)
    Go on....
     
  24. Ruth15

    Ruth15 TS Rookie Topic Starter

    What should I do next?
     
  25. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Oh, I didn't see your Eset report.
    That file is in Combofix quarantine folder (safe).
    Combofix folder will be removed anyway in one of our next, last steps...

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.