Kold, the pirated programs likely didn't directly cause your problem. However, we don't support piracy so I had to request that you remove them to continue.
The Iran connection?
O17 - HKLM\System\CCS\Services\Tcpip\..\{D80E8DC9-59B8-4D94-B1E3-D9E5BB3C8269}: NameServer = 85.15.1.10,85.15.1.12
Checking the arinwhois database referred me to the RIPE backbone. The IP 85.15.1.10 belongs to:
descr: SHATEL Network Infrastructure
country: IR
So verifying your location would appear to make this a valid entry.
A DSN Changer will usually cause multiple lines of this type, with a foreign IP.
The directories? I take it you mean the following:
E:\DOWNLOADS\UTILITY\3DMARK 2005\KEYGEN.EXE
E:\MARJAN\BACK UP\GAME\MAGIC RINGS 1.12\CRACK\KEYGEN.EXE
Open the Superantispyware log> you will see that this
Trojan.Agent/Gen-FSG has been found in the above. So while the programs themselves might not be a cause of the problem, the 'junk' that usually comes with these type of sites usually is.
Here are the legitimate downloads for this program. Using a crack/key would indicate privacy.
For private use:
3DMark05 Pro (Download):
$14.95 CLICK TO BUY!
3DMark05 Pro (CD-ROM):
$24.95 CLICK TO BUY!
While there is a 3DMark®05 Free Version (Build 1.3.0), it is a limited version to be followed by purchase. You wouldn't have needed a key or license.
http://www.futuremark.com/download/3dmark05/
So please remove the program, game, backup and other files that are associated.
IF you decide to do this, follow with:
Please download ComboFix
HERE:
- With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
- Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
- Run Combo-Fix.exe and follow the prompts.
(Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
- Wait for the scan to be completed.
- If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Then a new scan with HijackThis. Please paste this one log into the next reply.
But attach the Combofix report.
