Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser keeps getting redirected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browser keeps getting redirected

Unread postby splatified » June 21st, 2010, 10:44 am

Every time I search on google on either Firefox or Internet Explorer, the page gets redirected to some other site that I was not asking for. I have ran scans with multiple virus scanners such as Avast, Spybot, Nod32, and a few others.

The following are my log and uninstall files:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:34 AM, on 6/21/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Documents and Settings\Kenneth\Local Settings\Apps\2.0\VDKPGJ3Z.AHV\GTWJ47TJ.3X5\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\CurseClient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ATI\WebPAM\jetty\extra\win32\Wrapper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ATI\WebPAM\_jvm\bin\java.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Logitech Vid\LU\LULnchr.exe
C:\Program Files\Logitech\Logitech Vid\LU\LogitechUpdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ASUS Update Checker] C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: CurseClientStartup.ccip
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI WebPAM (ATIWebPAM) - Unknown owner - C:\Program Files\ATI\WebPAM\jetty\extra\win32\Wrapper.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7557 bytes



@BIOS B07.0302.01
7-Zip 4.65
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
AIM 7
Akamai NetSession Interface
AMD Processor Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ares 2.1.5
ASUSUpdate
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
Audacity 1.2.6
Bonjour
Call of Duty 4: Modern Warfare
CCleaner
CDDRV_Installer
Download Updater (AOL LLC)
Garmin City Navigator North America NT 2010.40
Heroes of Newerth
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
i-Cool
iTunes
Java(TM) 6 Update 18
KhalInstallWrapper
Left 4 Dead
Logitech Registration
Logitech SetPoint
Logitech Vid
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework Client Profile
Microsoft Choice Guard
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Monitor Asset Manager
Movavi Video Suite 8
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 6 Service Pack 2 (KB973686)
Naruto The Way of the Ninja 2.0
Nikon View 5
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
OpenOffice.org 3.2
Pando Media Booster
PC Wizard 2010.1.94
Pcsx2 0.9.6
QuickTime
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
RocketDock 1.3.5
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Segoe UI
Skype Toolbars
SkypeCap
Skype™ 4.2
Spybot - Search & Destroy
StarCraft II Beta
Steam
System Requirements Lab
Team Fortress 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB925720)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Ventrilo Client
ViiKii Desktop Plug-in
ViiKii Desktop Plug-in
VLC media player 1.0.5
Vuze
WebPAM
WinAVI Video Converter
Windows Driver Package - Hanns.G Monitor (01/03/2007 1.00)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
World of Warcraft
splatified
Active Member
 
Posts: 10
Joined: June 21st, 2010, 10:35 am
Advertisement
Register to Remove

Re: Browser keeps getting redirected

Unread postby melboy » June 23rd, 2010, 3:43 pm

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


=============================================


With reference to Malware Removal's P2P Programs Policy, please uninstall the following programs before we continue:
Ares 2.1.5
Vuze

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.
We see no purpose in cleaning your machine if you use P2P programmes, as it is pretty much certain that if you continue to use them then you will get infected again.

  • Click on Start > Control Panel and double click on Add/Remove Programs.
  • Locate Ares 2.1.5 and click on the Change/Remove button to uninstall it.
  • Repeat for Vuze
  • Close Add/Remove Programs and Control Panel when done.



CKScanner
Download CKScanner from here
  • Important - Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.



DDS

Please disable any anti-malware program that will block scripts from running before running DDS.

Please download DDS from one of the links below and save it to your desktop:

Link1
Link2
Link3

Disable any script blocker, and then double click dds.scr to run the tool. A command window will appear, this is normal.

Image
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.

Please copy & paste the contents of :
  • DDS.txt
  • Attach.txt
And post them in your next reply.




In your next reply:
  1. CKFiles.txt
  2. DDS.txt
  3. Attach.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Browser keeps getting redirected

Unread postby splatified » June 24th, 2010, 5:06 am

Hi melboy,

Thanks for taking the time to help me fix these problems. Here are the logs you have asked for. I have uninstalled Vuze but it seems to be showing up in the ckfile.txt list.

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\kenneth\my documents\vuze downloads\starcraft2-mpcrack-update\mpcrack2\launcher.exe
c:\documents and settings\kenneth\my documents\vuze downloads\starcraft2-mpcrack-update\mpcrack2\readme.txt
scanner sequence 3.AA.11
----- EOF -----





DDS (Ver_10-03-17.01) - NTFSx86
Run by Kenneth at 4:59:37.21 on Thu 06/24/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1791.1137 [GMT -4:00]

AV: ESET NOD32 Antivirus 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Documents and Settings\Kenneth\Local Settings\Apps\2.0\VDKPGJ3Z.AHV\GTWJ47TJ.3X5\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\CurseClient.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ATI\WebPAM\jetty\extra\win32\Wrapper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ATI\WebPAM\_jvm\bin\java.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Logitech\Logitech Vid\LU\LULnchr.exe
C:\Program Files\Logitech\Logitech Vid\LU\LogitechUpdate.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kenneth\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ASUS Update Checker] c:\program files\asus\asusupdate\updatechecker\UpdateChecker.exe
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [RTHDCPL] RTHDCPL.EXE
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\documents and settings\kenneth\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/sho ... wflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kenneth\applic~1\mozilla\firefox\profiles\76asb9c3.default\
FF - plugin: c:\documents and settings\kenneth\application data\mozilla\firefox\profiles\76asb9c3.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\kenneth\application data\mozilla\firefox\profiles\76asb9c3.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\documents and settings\kenneth\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-6-18 11448]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-3-29 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-3-29 95872]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2001-8-23 14336]
R2 ATIWebPAM;ATI WebPAM;c:\program files\ati\webpam\jetty\extra\win32\Wrapper.exe [2010-3-27 110592]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-3-29 810120]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-6-18 1691480]
S3 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [2007-5-3 12112]
S3 XDva346;XDva346;\??\c:\windows\system32\xdva346.sys --> c:\windows\system32\XDva346.sys [?]

=============== Created Last 30 ================

2010-06-21 14:01:10 0 d-----w- c:\program files\Trend Micro
2010-06-21 03:01:19 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-06-21 02:58:35 0 d-----w- c:\windows\SHELLNEW
2010-06-21 02:48:45 0 d-----w- c:\program files\CCleaner
2010-06-21 02:45:25 0 d-----w- c:\program files\AIM
2010-06-21 02:45:24 0 d-----w- c:\program files\common files\Software Update Utility
2010-06-20 23:14:11 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-20 23:14:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-06-20 21:35:08 0 d-----w- c:\program files\ESET
2010-06-20 17:40:46 0 d-----w- c:\docume~1\kenneth\applic~1\Malwarebytes
2010-06-20 17:40:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-20 17:40:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-20 17:40:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-20 17:40:32 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-19 00:00:53 1048576 ----a-w- c:\windows\M2N68-AM-Plus-1702.ROM
2010-06-18 23:27:05 888320 ----a-r- c:\windows\system32\NEW18.tmp
2010-06-18 23:27:05 888320 ----a-r- c:\windows\system32\fdco1ins.dll
2010-06-18 23:27:05 888320 ----a-r- c:\windows\system32\fdco1.dll
2010-06-18 23:27:05 66688 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2010-06-18 23:27:03 7090 ----a-w- c:\windows\system32\nvnrm.nvu
2010-06-18 23:27:02 207872 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2010-06-18 23:27:02 151552 ----a-r- c:\windows\system32\nvconrm.dll
2010-06-18 23:27:02 13824 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2010-06-18 23:27:02 11264 ----a-r- c:\windows\system32\NEWF.tmp
2010-06-18 23:27:02 11264 ----a-r- c:\windows\system32\bdco1ins.dll
2010-06-18 23:27:02 11264 ----a-r- c:\windows\system32\bdco1.dll
2010-06-18 23:24:03 0 d-----w- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2010-06-18 19:20:45 0 d-----w- c:\program files\ATI Technologies
2010-06-18 12:31:47 562989 ----a-w- c:\windows\M2N68-AM-Plus-1702.zip
2010-06-18 12:30:12 11448 ----a-r- c:\windows\system32\drivers\AsUpIO.sys
2010-06-18 12:30:11 24576 ----a-r- c:\windows\system32\AsIO.dll
2010-06-18 12:30:11 11296 ----a-r- c:\windows\system32\drivers\AsIO.sys
2010-06-18 12:30:07 0 d-----w- c:\program files\ASUS
2010-06-18 11:38:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-06-18 11:37:49 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-06-18 11:35:26 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-06-18 11:33:32 359016 ----a-w- c:\windows\vncutil.exe
2010-06-18 11:33:31 52840 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-06-18 11:33:31 129640 ----a-w- c:\windows\RtkAudioService.exe
2010-06-18 11:33:25 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2010-06-18 11:33:22 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2010-06-18 11:32:33 0 d-----w- c:\program files\AMD
2010-06-18 11:32:04 25668 ----a-w- c:\windows\Ascd_log.ini
2010-06-18 11:31:28 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys
2010-06-18 11:31:24 1769 ----a-w- c:\windows\Language_trs.ini
2010-06-18 11:31:20 19226 ----a-w- c:\windows\Ascd_tmp.ini
2010-06-18 11:31:20 10296 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2010-06-18 04:00:11 888320 ----a-r- c:\windows\system32\NEW16.tmp
2010-06-18 04:00:11 888320 ----a-r- c:\windows\system32\NEW15.tmp
2010-06-18 04:00:05 11264 ----a-r- c:\windows\system32\NEWD.tmp
2010-06-17 14:40:17 0 d-----w- c:\program files\Microsoft
2010-06-17 14:40:00 0 d-----w- c:\program files\Windows Live SkyDrive
2010-06-17 13:50:26 0 d--h--w- c:\windows\msdownld.tmp
2010-06-16 19:42:42 98304 ----a-w- c:\windows\DUMP5e9a.tmp
2010-06-16 16:29:05 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-06-16 16:29:05 215920 ----a-w- c:\windows\system32\muweb.dll
2010-06-16 16:23:23 0 d-----w- c:\windows\system32\wbem\Repository
2010-06-11 07:07:52 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-08 16:28:14 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-06-08 13:08:09 0 d-----w- c:\documents and settings\kenneth\Tracing
2010-06-08 12:45:10 0 d-----w- c:\program files\common files\Windows Live
2010-06-07 21:34:52 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-06-07 21:34:42 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-06-07 21:34:42 13902440 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-07 21:34:42 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-07 21:34:40 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2010-06-07 21:34:40 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-05-27 13:32:11 0 d-----w- c:\docume~1\kenneth\applic~1\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1
2010-05-27 13:32:09 0 d-----w- c:\program files\ViiKiiDesktopPlugin
2010-05-27 13:21:55 2520488 ----a-w- c:\windows\setupapi.log.1.old

==================== Find3M ====================

2010-06-24 01:07:18 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-06-24 01:07:16 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-06-21 01:12:15 217388 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-06-21 01:12:11 217388 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-06-08 21:16:38 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2010-06-08 21:16:38 1833576 ----a-w- c:\windows\SkyTel.exe
2010-06-08 21:16:32 9721960 ----a-w- c:\windows\RTLCPL.EXE
2010-06-08 21:16:32 1489512 ----a-w- c:\windows\RtlUpd.exe
2010-06-08 21:16:26 6056040 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-06-08 21:16:20 19552872 ----a-w- c:\windows\RTHDCPL.EXE
2010-06-08 21:16:14 2180712 ----a-w- c:\windows\MicCal.exe
2010-06-08 21:16:08 64104 ----a-w- c:\windows\ALCMTR.EXE
2010-06-08 21:16:08 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2010-06-07 23:57:00 6300544 ----a-w- c:\windows\system32\nv4_disp.dll
2010-06-07 23:57:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-06-07 23:57:00 4554752 ----a-w- c:\windows\system32\nvcuda.dll
2010-06-07 23:57:00 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-06-07 23:57:00 232040 ----a-w- c:\windows\system32\nvcodins.dll
2010-06-07 23:57:00 232040 ----a-w- c:\windows\system32\nvcod.dll
2010-06-07 23:57:00 2186342 ----a-w- c:\windows\system32\nvdata.bin
2010-06-07 23:57:00 2165352 ----a-w- c:\windows\system32\nvcuvid.dll
2010-06-07 23:57:00 15192064 ----a-w- c:\windows\system32\nvoglnt.dll
2010-06-07 23:57:00 1359872 ----a-w- c:\windows\system32\nvapi.dll
2010-06-07 23:57:00 10531200 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-06-07 23:57:00 10256384 ----a-w- c:\windows\system32\nvcompiler.dll
2010-06-02 08:55:30 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 08:55:30 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 08:55:30 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-28 16:58:26 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-05-26 15:41:02 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 15:41:02 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 15:41:02 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 15:41:02 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-26 15:41:02 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 22:45:24 1251872 ----a-w- c:\windows\RtlExUpd.dll
2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd(2).dll
2010-04-17 02:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-04-16 15:36:49 662016 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 15:36:45 81920 ------w- c:\windows\system32\ieencode.dll
2010-04-16 12:33:36 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-05 15:28:15 77365 ----a-w- c:\windows\War3Unin.dat
2010-03-30 04:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-29 22:12:05 2829 ----a-w- c:\windows\War3Unin.pif
2010-03-29 22:12:05 139264 ----a-w- c:\windows\War3Unin.exe
2010-03-27 03:29:35 21640 ----a-w- c:\windows\system32\emptyregdb.dat

============= FINISH: 5:00:04.20 ===============










UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/26/2010 11:33:23 PM
System Uptime: 6/23/2010 9:06:51 PM (8 hours ago)

Motherboard: ASUSTeK Computer INC. | | M2N68-AM Plus
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | AM2 | 2611/200mhz
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | AM2 | 2611/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 932 GiB total, 810.467 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 3/26/2010 11:35:08 PM - System Checkpoint
RP2: 3/26/2010 11:53:54 PM - Installed Realtek High Definition Audio Driver
RP3: 3/26/2010 11:54:15 PM - Installed Windows XP KB888111WXP.
RP4: 3/26/2010 11:56:12 PM - Installed REALTEK GbE & FE Ethernet PCI NIC Driver
RP5: 3/26/2010 11:11:40 PM - Installed DirectX 9.0
RP6: 3/26/2010 11:17:00 PM - Installed Adobe Reader 6.0.1
RP7: 3/27/2010 12:17:49 AM - Installed @BIOS B07.0302.01
RP8: 3/27/2010 12:20:32 AM - Installed Windows Installer KB893803v2.
RP9: 3/27/2010 12:20:46 AM - Logitech SetPoint Mouse and Keyboard Device Drivers
RP10: 3/27/2010 1:39:48 AM - avast! Free Antivirus Setup
RP11: 3/27/2010 2:09:49 AM - Software Distribution Service 3.0
RP12: 3/27/2010 2:09:52 AM - Installed Windows XP KB898461.
RP13: 3/27/2010 2:09:59 AM - Installed Windows XP KB842773.
RP14: 3/27/2010 7:41:16 PM - Software Distribution Service 3.0
RP15: 3/27/2010 7:41:20 PM - Installed Windows XP KB890859.
RP16: 3/27/2010 7:41:38 PM - Installed Windows XP KB914389.
RP17: 3/27/2010 7:41:46 PM - Installed Windows XP KB920683.
RP18: 3/27/2010 7:41:52 PM - Installed Windows XP KB908519.
RP19: 3/27/2010 7:41:57 PM - Installed Windows XP KB835409.
RP20: 3/27/2010 7:42:03 PM - Installed Windows XP KB896428.
RP21: 3/27/2010 7:42:09 PM - Installed Windows XP KB913580.
RP22: 3/27/2010 7:42:14 PM - Installed Windows XP KB905749.
RP23: 3/27/2010 7:42:20 PM - Installed Windows XP KB908531.
RP24: 3/27/2010 7:42:29 PM - Installed Windows XP KB911567.
RP25: 3/27/2010 7:42:37 PM - Installed Windows XP KB918899.
RP26: 3/27/2010 7:42:44 PM - Installed Windows XP KB912919.
RP27: 3/27/2010 7:42:51 PM - Installed Windows XP KB900725.
RP28: 3/27/2010 7:42:58 PM - Installed Windows XP KB888302.
RP29: 3/27/2010 7:43:36 PM - Installed Windows XP KB892944.
RP30: 3/27/2010 7:43:43 PM - Installed Windows XP KB917422.
RP31: 3/27/2010 7:43:50 PM - Installed Windows XP KB923191.
RP32: 3/27/2010 7:43:57 PM - Installed Windows XP KB901214.
RP33: 3/27/2010 7:44:10 PM - Installed Windows Media Player 8 KB917734_WMP8.
RP34: 3/27/2010 7:44:21 PM - Installed Windows XP KB917953.
RP35: 3/27/2010 7:44:28 PM - Installed Windows XP KB905414.
RP36: 3/27/2010 7:44:34 PM - Installed Windows XP KB917344.
RP37: 3/27/2010 7:44:44 PM - Installed Windows XP KB904706.
RP38: 3/27/2010 7:44:51 PM - Installed Windows XP KB914388.
RP39: 3/27/2010 7:44:58 PM - Installed Windows XP KB919007.
RP40: 3/27/2010 7:45:05 PM - Installed Windows XP KB890046.
RP41: 3/27/2010 7:45:11 PM - Installed Windows XP KB891781.
RP42: 3/27/2010 7:45:18 PM - Installed Windows XP KB920670.
RP43: 3/27/2010 7:45:27 PM - Installed Windows XP KB902400.
RP44: 3/27/2010 7:45:40 PM - Installed Windows Media Player KB911564.
RP45: 3/27/2010 7:45:48 PM - Installed Windows XP KB905495.
RP46: 3/27/2010 7:45:55 PM - Installed Windows XP KB910437.
RP47: 3/27/2010 7:46:03 PM - Installed Windows XP KB896358.
RP48: 3/27/2010 7:46:10 PM - Installed Windows XP KB918439.
RP49: 3/27/2010 7:46:17 PM - Installed Windows XP KB921398.
RP50: 3/27/2010 7:46:25 PM - Installed Windows XP KB925486.
RP51: 3/27/2010 7:46:32 PM - Installed Windows XP KB924496.
RP52: 3/27/2010 7:46:39 PM - Installed Windows XP KB914798.
RP53: 3/27/2010 7:46:44 PM - Installed Windows XP KB873339.
RP54: 3/27/2010 7:46:52 PM - Installed Windows XP KB896423.
RP55: 3/27/2010 7:47:00 PM - Installed Windows XP KB911562.
RP56: 3/27/2010 7:47:08 PM - Installed Windows XP KB911280.
RP57: 3/27/2010 7:47:16 PM - Installed Windows XP KB893756.
RP58: 3/27/2010 7:47:25 PM - Installed Windows XP KB896424.
RP59: 3/27/2010 7:47:33 PM - Installed Windows XP KB920685.
RP60: 3/27/2010 7:47:41 PM - Installed Windows XP KB899591.
RP61: 3/27/2010 7:47:49 PM - Installed Windows XP KB901017.
RP62: 3/27/2010 7:47:56 PM - Installed Windows XP KB922616.
RP63: 3/27/2010 7:48:04 PM - Installed Windows XP KB911927.
RP64: 3/27/2010 7:48:12 PM - Installed Windows XP KB921883.
RP65: 3/27/2010 7:48:20 PM - Installed Windows XP KB923414.
RP66: 3/27/2010 7:48:26 PM - Installed Windows XP KB885836.
RP67: 3/27/2010 7:48:37 PM - Installed Windows XP KB885835.
RP68: 3/27/2010 7:48:48 PM - Installed Windows XP KB922819.
RP69: 3/27/2010 7:48:56 PM - Installed Windows XP KB924191.
RP70: 3/27/2010 7:49:04 PM - Installed Windows XP KB899587.
RP71: 3/27/2010 7:57:03 PM - Software Distribution Service 3.0
RP72: 3/27/2010 8:10:43 PM - Software Distribution Service 3.0
RP73: 3/27/2010 8:10:50 PM - Installed Windows XP KB892130.
RP74: 3/27/2010 8:32:06 PM - Installed Windows XP Service Pack 2.
RP75: 3/27/2010 8:36:48 PM - Installed Windows XP KB873339.
RP76: 3/27/2010 8:36:56 PM - Installed Windows XP KB885835.
RP77: 3/27/2010 8:37:05 PM - Installed Windows XP KB885836.
RP78: 3/27/2010 8:37:12 PM - Installed Windows XP KB888302.
RP79: 3/27/2010 8:37:21 PM - Installed Windows XP KB890046.
RP80: 3/27/2010 8:37:29 PM - Installed Windows XP KB890859.
RP81: 3/27/2010 8:37:37 PM - Installed Windows XP KB891781.
RP82: 3/27/2010 8:37:45 PM - Installed Windows XP KB893756.
RP83: 3/27/2010 8:37:52 PM - Installed Windows XP KB896358.
RP84: 3/27/2010 8:38:00 PM - Installed Windows XP KB896423.
RP85: 3/27/2010 8:38:09 PM - Installed Windows XP KB896424.
RP86: 3/27/2010 8:38:16 PM - Installed Windows XP KB896428.
RP87: 3/27/2010 8:38:24 PM - Installed Windows XP KB899587.
RP88: 3/27/2010 8:38:31 PM - Installed Windows XP KB899591.
RP89: 3/27/2010 8:38:39 PM - Installed Windows XP KB900725.
RP90: 3/27/2010 8:38:48 PM - Installed Windows XP KB901017.
RP91: 3/27/2010 8:38:56 PM - Installed Windows XP KB901214.
RP92: 3/27/2010 8:39:04 PM - Installed Windows XP KB902400.
RP93: 3/27/2010 8:39:13 PM - Installed Windows XP KB905414.
RP94: 3/27/2010 8:39:20 PM - Installed Windows XP KB905749.
RP95: 3/27/2010 8:39:28 PM - Installed Windows XP KB908519.
RP96: 3/27/2010 8:39:35 PM - Installed Windows XP KB908531.
RP97: 3/27/2010 8:39:44 PM - Installed Windows XP KB910437.
RP98: 3/27/2010 8:39:50 PM - Installed Windows XP KB911280.
RP99: 3/27/2010 8:39:57 PM - Installed Windows XP KB911562.
RP100: 3/27/2010 8:40:05 PM - Installed Windows XP KB911927.
RP101: 3/27/2010 8:40:12 PM - Installed Windows XP KB912919.
RP102: 3/27/2010 8:40:20 PM - Installed Windows XP KB913580.
RP103: 3/27/2010 8:40:27 PM - Installed Windows XP KB914388.
RP104: 3/27/2010 8:40:34 PM - Installed Windows XP KB914389.
RP105: 3/27/2010 8:40:43 PM - Installed Windows XP KB917344.
RP106: 3/27/2010 8:40:55 PM - Installed Windows XP KB917422.
RP107: 3/27/2010 8:41:02 PM - Installed Windows XP KB917953.
RP108: 3/27/2010 8:41:10 PM - Installed Windows XP KB919007.
RP109: 3/27/2010 8:41:17 PM - Installed Windows XP KB920670.
RP110: 3/27/2010 8:41:25 PM - Installed Windows XP KB920683.
RP111: 3/27/2010 8:41:32 PM - Installed Windows XP KB920685.
RP112: 3/27/2010 8:41:40 PM - Installed Windows XP KB921398.
RP113: 3/27/2010 8:41:48 PM - Installed Windows XP KB921883.
RP114: 3/27/2010 8:41:57 PM - Installed Windows XP KB922616.
RP115: 3/27/2010 8:42:11 PM - Installed Windows XP KB922819.
RP116: 3/27/2010 8:42:18 PM - Installed Windows XP KB923191.
RP117: 3/27/2010 8:42:26 PM - Installed Windows XP KB923414.
RP118: 3/27/2010 8:42:34 PM - Installed Windows XP KB924191.
RP119: 3/27/2010 8:42:41 PM - Installed Windows XP KB924496.
RP120: 3/28/2010 1:24:48 AM - Logitech Webcam Software v12.10.1110
RP121: 3/29/2010 1:52:12 AM - Software Distribution Service 3.0
RP122: 3/30/2010 12:27:25 AM - Installed Ventrilo Client
RP123: 3/30/2010 12:28:17 AM - Installed Java(TM) 6 Update 18
RP124: 3/30/2010 12:28:40 AM - Installed OpenOffice.org 3.2
RP125: 3/30/2010 10:47:32 AM - Removed Microsoft Visual C++ 2005 Redistributable
RP126: 3/30/2010 10:47:40 AM - Installed Microsoft Visual C++ 2005 Redistributable
RP127: 3/30/2010 10:47:51 AM - Installed DirectX
RP128: 3/30/2010 3:10:37 PM - Installed Windows Media Format 9 Series Runtime Setup
RP129: 3/31/2010 3:28:47 PM - System Checkpoint
RP130: 4/1/2010 3:00:15 AM - Software Distribution Service 3.0
RP131: 4/2/2010 3:28:36 AM - System Checkpoint
RP132: 4/3/2010 7:47:34 AM - System Checkpoint
RP133: 4/4/2010 5:51:04 PM - System Checkpoint
RP134: 4/5/2010 6:18:04 PM - System Checkpoint
RP135: 4/7/2010 12:24:31 AM - System Checkpoint
RP136: 4/8/2010 2:58:21 PM - System Checkpoint
RP137: 4/9/2010 10:26:45 PM - System Checkpoint
RP138: 4/10/2010 1:27:29 PM - Installed Naruto The Way of the Ninja 2.0
RP139: 4/11/2010 6:21:03 PM - System Checkpoint
RP140: 4/12/2010 2:37:47 PM - Installed Pcsx2 0.9.6
RP141: 4/12/2010 10:28:54 PM - Removed Pcsx2 0.9.6
RP142: 4/12/2010 10:29:12 PM - Installed Pcsx2 0.9.6
RP143: 4/12/2010 10:36:31 PM - Removed Pcsx2 0.9.6
RP144: 4/12/2010 10:38:43 PM - Installed Pcsx2 0.9.6
RP145: 4/13/2010 11:51:54 PM - System Checkpoint
RP146: 4/14/2010 3:00:14 AM - Software Distribution Service 3.0
RP147: 4/15/2010 7:57:48 PM - System Checkpoint
RP148: 4/17/2010 12:10:42 AM - System Checkpoint
RP149: 4/18/2010 1:19:26 AM - System Checkpoint
RP150: 4/20/2010 1:09:27 AM - System Checkpoint
RP151: 4/21/2010 7:12:22 PM - System Checkpoint
RP152: 4/23/2010 1:53:45 AM - System Checkpoint
RP153: 4/24/2010 3:58:03 PM - System Checkpoint
RP154: 4/25/2010 5:19:54 PM - System Checkpoint
RP155: 4/25/2010 6:38:36 PM - Installed Movavi Video Suite 8.
RP156: 4/26/2010 5:04:07 PM - Removed Apple Application Support
RP157: 4/26/2010 5:04:31 PM - Installed QuickTime
RP158: 4/27/2010 10:32:36 PM - System Checkpoint
RP159: 4/29/2010 8:21:26 PM - System Checkpoint
RP160: 4/30/2010 9:10:54 PM - System Checkpoint
RP161: 5/2/2010 10:38:06 AM - System Checkpoint
RP162: 5/4/2010 3:35:41 PM - System Checkpoint
RP163: 5/5/2010 8:59:45 PM - System Checkpoint
RP164: 5/7/2010 12:19:48 AM - System Checkpoint
RP165: 5/8/2010 1:13:33 AM - System Checkpoint
RP166: 5/9/2010 2:54:04 AM - System Checkpoint
RP167: 5/10/2010 6:57:06 AM - System Checkpoint
RP168: 5/11/2010 6:36:08 PM - System Checkpoint
RP169: 5/12/2010 3:00:13 AM - Software Distribution Service 3.0
RP170: 5/13/2010 3:52:03 AM - System Checkpoint
RP171: 5/13/2010 8:26:41 PM - Removed Apple Mobile Device Support
RP172: 5/15/2010 8:48:34 PM - System Checkpoint
RP173: 5/17/2010 12:04:03 PM - System Checkpoint
RP174: 5/18/2010 5:09:25 PM - Installed Windows XP WIC.
RP175: 5/20/2010 12:57:07 AM - System Checkpoint
RP176: 5/20/2010 3:00:14 AM - Software Distribution Service 3.0
RP177: 5/21/2010 3:00:14 AM - Software Distribution Service 3.0
RP178: 5/22/2010 8:06:05 AM - System Checkpoint
RP179: 5/23/2010 8:23:57 AM - System Checkpoint
RP180: 5/25/2010 1:21:44 AM - System Checkpoint
RP181: 5/26/2010 5:26:13 AM - System Checkpoint
RP182: 5/27/2010 2:01:31 AM - Software Distribution Service 3.0
RP183: 5/28/2010 7:27:29 AM - System Checkpoint
RP184: 5/29/2010 8:56:15 AM - System Checkpoint
RP185: 5/30/2010 7:18:56 PM - System Checkpoint
RP186: 6/1/2010 1:05:25 AM - System Checkpoint
RP187: 6/2/2010 1:13:42 AM - System Checkpoint
RP188: 6/3/2010 4:04:38 AM - System Checkpoint
RP189: 6/4/2010 5:35:58 PM - System Checkpoint
RP190: 6/6/2010 3:15:43 AM - System Checkpoint
RP191: 6/7/2010 3:49:11 AM - System Checkpoint
RP192: 6/8/2010 4:42:26 AM - System Checkpoint
RP193: 6/8/2010 9:46:21 AM - Installed Windows XP KB954708.
RP194: 6/8/2010 9:50:01 AM - Installed DirectX
RP195: 6/9/2010 8:04:13 PM - System Checkpoint
RP196: 6/11/2010 12:50:14 AM - System Checkpoint
RP197: 6/11/2010 3:00:14 AM - Software Distribution Service 3.0
RP198: 6/12/2010 3:33:29 AM - System Checkpoint
RP199: 6/13/2010 10:13:27 AM - System Checkpoint
RP200: 6/14/2010 3:57:33 PM - System Checkpoint
RP201: 6/15/2010 9:04:42 PM - System Checkpoint
RP202: 6/16/2010 12:19:07 PM - Restore Operation
RP203: 6/16/2010 11:18:59 PM - Software Distribution Service 3.0
RP204: 6/17/2010 9:52:10 AM - Installed DirectX
RP205: 6/18/2010 7:32:30 AM - Installed AMD Processor Driver
RP206: 6/18/2010 7:33:21 AM - Installed Realtek High Definition Audio Driver
RP207: 6/18/2010 7:37:07 AM - Installed NVIDIA ForceWare Network Access Manager
RP208: 6/18/2010 7:54:32 AM - Software Distribution Service 3.0
RP209: 6/18/2010 8:29:45 AM - Installed ASUSUpdate
RP210: 6/18/2010 8:30:07 AM - Installed ASUSUpdate
RP211: 6/17/2010 8:56:48 PM - Installed DirectX
RP212: 6/17/2010 11:06:23 PM - Configured NVIDIA ForceWare Network Access Manager
RP213: 6/18/2010 1:36:48 AM - Configured NVIDIA ForceWare Network Access Manager
RP214: 6/18/2010 3:21:37 PM - Installed ATI Catalyst Control Center
RP215: 6/18/2010 3:25:24 PM - Installed ATI Parental Control & Encoder
RP216: 1/1/2007 12:59:13 AM - Installed Realtek High Definition Audio Driver
RP217: 6/18/2010 7:14:47 PM - Installed Realtek High Definition Audio Driver
RP218: 6/18/2010 7:37:43 PM - Installed Windows XP WgaNotify.
RP219: 6/19/2010 8:19:19 PM - System Checkpoint
RP220: 6/20/2010 11:00:35 AM - avast! Free Antivirus Setup
RP221: 6/20/2010 11:31:02 AM - avast! Free Antivirus Setup
RP222: 6/20/2010 5:25:57 PM - avast! Free Antivirus Setup
RP223: 6/20/2010 5:29:34 PM - Removed Ask Toolbar.
RP224: 6/20/2010 5:35:07 PM - Installed ESET NOD32 Antivirus
RP225: 6/20/2010 10:57:51 PM - Installed Microsoft Office Home and Student 2007
RP226: 6/20/2010 11:01:18 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP227: 6/23/2010 3:15:57 AM - Installed Realtek High Definition Audio Driver
RP228: 6/23/2010 12:15:19 PM - Printer Driver Send To Microsoft OneNote Driver Installed

==== Installed Programs ======================

@BIOS B07.0302.01
7-Zip 4.65
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
AIM 7
Akamai NetSession Interface
AMD Processor Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUSUpdate
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
Audacity 1.2.6
Bonjour
Call of Duty 4: Modern Warfare
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CDDRV_Installer
Curse Client
Download Updater (AOL LLC)
ESET NOD32 Antivirus
Garmin City Navigator North America NT 2010.40
Google Chrome
Heroes of Newerth
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
i-Cool
iTunes
Java Auto Updater
Java(TM) 6 Update 18
KhalInstallWrapper
Left 4 Dead
Logitech Registration
Logitech SetPoint
Logitech Vid
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Monitor Asset Manager
Movavi Video Suite 8
Mozilla Firefox (3.6.4)
MSVCRT
MSXML 6 Service Pack 2 (KB973686)
Naruto The Way of the Ninja 2.0
Nikon View 5
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
OpenOffice.org 3.2
Pando Media Booster
PC Wizard 2010.1.94
Pcsx2 0.9.6
QuickTime
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
RocketDock 1.3.5
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Segoe UI
Skins
Skype Toolbars
SkypeCap
Skype™ 4.2
Spybot - Search & Destroy
StarCraft II Beta
Steam
System Requirements Lab
Team Fortress 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB925720)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Ventrilo Client
ViiKii Desktop Plug-in
VLC media player 1.0.5
Warcraft III: All Products
WebFldrs XP
WebPAM
WinAVI Video Converter
Windows Driver Package - Hanns.G Monitor (01/03/2007 1.00)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
World of Warcraft

==== Event Viewer Messages From Past Week ========

6/18/2010 7:15:43 AM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/17/2010 11:16:34 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file nv4_mini.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.5673.
6/17/2010 11:16:34 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file nv4_disp.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.5673.

==== End Of File ===========================
splatified
Active Member
 
Posts: 10
Joined: June 21st, 2010, 10:35 am

Re: Browser keeps getting redirected

Unread postby melboy » June 24th, 2010, 2:41 pm

c:\documents and settings\kenneth\my documents\vuze downloads\starcraft2-mpcrack-update\mpcrack2\launcher.exe
c:\documents and settings\kenneth\my documents\vuze downloads\starcraft2-mpcrack-update\mpcrack2\readme.txt


Cracks, Keygens, Warez etc.

As the log(s) you've posted indicate, you've used one or more of the above.

>> Forum Policy <<

The software will have to be removed before we can continue. Be aware that the tools we use can and will detect such software. If there are more such new findings after this, the topic will also be closed.

Along with P2P filesharing, this is a surefire way to get your computer is infected. Downloading cracks via P2P or visiting crack sites/warez sites - and other questionable/illegal sites is always a risk. Even a single click on the site can drop multiple forms of very serious malware.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.
In 2006, a study revealed that 59% of keygens and crack tools downloaded from peer-to-peer networks contained malicious or "unwanted" software.

Additionally, cracked programs are illegal. In using the crack, the 'cracker' has broken the 'End User Licence Agreement' (EULA) of the product concerned.

The distribution and use of cracked copies is illegal in almost every developed country.


Please post back to confirm the removal of the illegal items. I can help you remove them if required.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Browser keeps getting redirected

Unread postby splatified » June 25th, 2010, 12:17 am

Hi sorry. I have removed the items you have asked me to do so. I'm not sure where to proceed from here.
splatified
Active Member
 
Posts: 10
Joined: June 21st, 2010, 10:35 am

Re: Browser keeps getting redirected

Unread postby melboy » June 25th, 2010, 2:49 am

Hi

Ok - Thanks.



Gmer

Download GMER Rootkit Scanner from here.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
    See image below
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If GMER crashes or keeps resulting in a BSoDs, uncheck Devices on the right side before scanning -- If you continue to encounter problems, try running GMER in safe mode

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Note: Do not run any programs while Gmer is running.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Browser keeps getting redirected

Unread postby splatified » June 25th, 2010, 6:50 pm

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-25 18:26:03
Windows 5.1.2600 Service Pack 2
Running: 0qrfd62n.exe; Driver: C:\DOCUME~1\Kenneth\LOCALS~1\Temp\ffnirkod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xA5653610]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xA5653C10]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xA5653730]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xA56534B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xA5653570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xA56536D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xA5653690]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xA5653650]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xA56537D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xA5653510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xA5653590]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xA56534D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xA56535D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xA5653750]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\ohci1394.sys entry point in ".rsrc" section [0xB80C3E94]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB5E013A0, 0x592C35, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[1408] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A1000A
.text C:\WINDOWS\Explorer.EXE[1408] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00AF000A
.text C:\WINDOWS\Explorer.EXE[1408] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A0000C
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1772] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 00]
.text C:\WINDOWS\System32\svchost.exe[2520] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007E000A
.text C:\WINDOWS\System32\svchost.exe[2520] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 007F000A
.text C:\WINDOWS\System32\svchost.exe[2520] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 007D000C
.text C:\WINDOWS\System32\svchost.exe[2520] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 00A0000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3616] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0102000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3616] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0103000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3616] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0101000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

Device -> \Driver\nvgts \Device\Harddisk0\DR0 8A2F9EC5

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\ohci1394.sys suspicious modification
File C:\WINDOWS\system32\drivers\nvgts.sys suspicious modification

---- EOF - GMER 1.0.15 ----
splatified
Active Member
 
Posts: 10
Joined: June 21st, 2010, 10:35 am

Re: Browser keeps getting redirected

Unread postby melboy » June 26th, 2010, 2:16 am

Hi

Good.


TDSSKiller
  • Download the file TDSSKiller.zip and save it on your desktop
  • Extract the file tdskiller.zip, it will create a folder named tdsskiller on your desktop. (Zip/UnZip Tutorial)
  • Next double-click the tdsskiller Folder on your desktop.
  • Double click tdsskiller.exe to run the tool.
  • If malicious services or files have been detected, the utility may prompt to reboot the PC in order to complete the disinfection procedure. Please reboot if prompted.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.3.0.0_20.04.2010_15.31.43_log.txt.
  • Please post the contents in your next reply
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Browser keeps getting redirected

Unread postby splatified » June 26th, 2010, 8:46 am

Hi. I have ran the file you have asked for. This is the log that shows up in the C:\ folder:


08:33:38:671 3200 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
08:33:38:671 3200 ================================================================================
08:33:38:671 3200 SystemInfo:

08:33:38:671 3200 OS Version: 5.1.2600 ServicePack: 2.0
08:33:38:671 3200 Product type: Workstation
08:33:38:671 3200 ComputerName: KENNETH-DAZNOGG
08:33:38:671 3200 UserName: Kenneth
08:33:38:671 3200 Windows directory: C:\WINDOWS
08:33:38:671 3200 Processor architecture: Intel x86
08:33:38:671 3200 Number of processors: 2
08:33:38:671 3200 Page size: 0x1000
08:33:38:671 3200 Boot type: Normal boot
08:33:38:671 3200 ================================================================================
08:33:39:000 3200 Initialize success
08:33:39:000 3200
08:33:39:000 3200 Scanning Services ...
08:33:39:359 3200 Raw services enum returned 345 services
08:33:39:375 3200
08:33:39:375 3200 Scanning Drivers ...
08:33:41:296 3200 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:33:41:328 3200 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:33:41:359 3200 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
08:33:41:406 3200 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
08:33:41:484 3200 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
08:33:41:562 3200 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
08:33:41:578 3200 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:33:41:625 3200 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\WINDOWS\system32\drivers\AsIO.sys
08:33:41:625 3200 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\WINDOWS\system32\drivers\AsUpIO.sys
08:33:41:656 3200 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:33:41:656 3200 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:33:41:796 3200 ati2mtag (cd5c874245435c9ce7e347e28cf3c6b5) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
08:33:41:890 3200 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
08:33:41:921 3200 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:33:41:953 3200 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:33:41:984 3200 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:33:42:031 3200 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:33:42:046 3200 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:33:42:093 3200 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:33:42:093 3200 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
08:33:42:109 3200 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:33:42:156 3200 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
08:33:42:187 3200 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
08:33:42:203 3200 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
08:33:42:234 3200 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:33:42:265 3200 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
08:33:42:265 3200 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
08:33:42:296 3200 eamon (4094e23a8dcd947f8f0f762d0630f4ac) C:\WINDOWS\system32\DRIVERS\eamon.sys
08:33:42:328 3200 ehdrv (0fc7f6be889a747b1d0edfe4c58e487b) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
08:33:42:359 3200 epfwtdir (5d8d0d9b78fb21bfb3f2ca97d41ea4ca) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
08:33:42:375 3200 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
08:33:42:390 3200 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:33:42:437 3200 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
08:33:42:437 3200 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
08:33:42:468 3200 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:33:42:484 3200 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
08:33:42:500 3200 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:33:42:515 3200 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:33:42:531 3200 gdrv (54789f9ba0d59072cdd4e7c200e122c4) C:\WINDOWS\gdrv.sys
08:33:42:734 3200 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:33:42:750 3200 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:33:42:796 3200 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:33:42:843 3200 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:33:42:859 3200 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
08:33:42:890 3200 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:33:42:906 3200 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:33:43:062 3200 IntcAzAudAddService (994186286e1df03b5bcba765a9320e0f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:33:43:265 3200 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
08:33:43:296 3200 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:33:43:312 3200 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:33:43:343 3200 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:33:43:359 3200 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:33:43:375 3200 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:33:43:406 3200 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:33:43:421 3200 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:33:43:437 3200 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
08:33:43:468 3200 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
08:33:43:500 3200 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
08:33:43:500 3200 L8042Kbd (d88846f9f4f27ae9be584a6e5b6b8753) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
08:33:43:515 3200 L8042mou (bea61fda2103f6f51b14eb0872e8a050) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
08:33:43:531 3200 LMouKE (cab504e38fced9a56d87d838e9ba13e9) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
08:33:43:562 3200 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
08:33:43:609 3200 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
08:33:43:765 3200 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
08:33:44:218 3200 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:33:44:250 3200 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
08:33:44:296 3200 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
08:33:44:359 3200 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:33:44:406 3200 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:33:44:421 3200 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
08:33:44:453 3200 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:33:44:484 3200 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:33:44:484 3200 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
08:33:44:531 3200 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:33:44:531 3200 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:33:44:546 3200 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
08:33:44:593 3200 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:33:44:609 3200 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
08:33:44:656 3200 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
08:33:44:671 3200 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
08:33:44:687 3200 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:33:44:687 3200 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
08:33:44:703 3200 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:33:44:750 3200 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:33:44:765 3200 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:33:44:765 3200 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:33:44:781 3200 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
08:33:44:781 3200 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:33:44:812 3200 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:33:44:828 3200 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:33:44:843 3200 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
08:33:44:843 3200 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
08:33:44:859 3200 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:33:45:093 3200 nv (18281a647f8d2a0afd00f4a9f52c59f4) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:33:45:296 3200 NVENETFD (a12ec731bb00adad2d016d41c1f18fa4) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
08:33:45:312 3200 nvgts (619d8943725402d1179941fd58574cc8) C:\WINDOWS\system32\DRIVERS\nvgts.sys
08:33:45:328 3200 nvnetbus (5dc6a149897820de315916b6ec984ec9) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
08:33:45:359 3200 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:33:45:359 3200 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:33:45:375 3200 ohci1394 (04fca98ba4acd3c089325971a8f658fa) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:33:45:375 3200 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ohci1394.sys. Real md5: 04fca98ba4acd3c089325971a8f658fa, Fake md5: 0951db8e5823ea366b0e408d71e1ba2a
08:33:45:375 3200 File "C:\WINDOWS\system32\DRIVERS\ohci1394.sys" infected by TDSS rootkit ... 08:33:46:484 3200 Backup copy found, using it..
08:33:46:515 3200 will be cured on next reboot
08:33:46:609 3200 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
08:33:46:625 3200 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
08:33:46:656 3200 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:33:46:656 3200 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
08:33:46:671 3200 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:33:46:703 3200 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:33:46:765 3200 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:33:46:781 3200 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
08:33:46:781 3200 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
08:33:46:796 3200 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:33:46:828 3200 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:33:46:859 3200 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:33:46:859 3200 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:33:46:875 3200 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:33:46:906 3200 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:33:46:921 3200 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:33:46:921 3200 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:33:46:968 3200 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
08:33:47:000 3200 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:33:47:015 3200 RTL8023xp (1e11171c0b9989e1bdaa59e96b2e81c4) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
08:33:47:046 3200 se32 (695745cce49c346dab9620519b3e1970) C:\WINDOWS\system32\drivers\se32.sys
08:33:47:078 3200 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:33:47:093 3200 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:33:47:093 3200 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
08:33:47:109 3200 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:33:47:140 3200 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:33:47:156 3200 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
08:33:47:171 3200 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
08:33:47:203 3200 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
08:33:47:218 3200 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:33:47:234 3200 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:33:47:250 3200 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
08:33:47:296 3200 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
08:33:47:328 3200 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:33:47:359 3200 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:33:47:375 3200 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
08:33:47:375 3200 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:33:47:406 3200 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
08:33:47:421 3200 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
08:33:47:453 3200 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
08:33:47:484 3200 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
08:33:47:515 3200 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:33:47:546 3200 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:33:47:562 3200 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:33:47:562 3200 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:33:47:593 3200 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:33:47:625 3200 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:33:47:656 3200 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
08:33:47:703 3200 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
08:33:47:734 3200 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
08:33:47:765 3200 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:33:47:796 3200 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
08:33:47:843 3200 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:33:47:859 3200 Reboot required for cure complete..
08:33:48:328 3200 Cure on reboot scheduled successfully
08:33:48:328 3200
08:33:48:328 3200 Completed
08:33:48:328 3200
08:33:48:328 3200 Results:
08:33:48:328 3200 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
08:33:48:328 3200 File objects infected / cured / cured on reboot: 1 / 0 / 1
08:33:48:328 3200
08:33:48:328 3200 KLMD(ARK) unloaded successfully
splatified
Active Member
 
Posts: 10
Joined: June 21st, 2010, 10:35 am

Re: Browser keeps getting redirected

Unread postby melboy » June 26th, 2010, 9:09 am

Hi

Good.


MBR Rootkit Detector

Please download MBR.exe by GMER
Be sure to download it to the root of your drive, e.g. C:\MBR.exe


Once the download has finished, click Start > Run. Copy and paste the contents of the codebox below into the run box (Do Not include Code:), then click OK :
Code: Select all
CMD /C \mbr -t >Log.txt&Log.txt&del Log.txt

A log will be generated, Post the contents in your next reply.



TFC

  • Please download TFC by Old Timer to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Browser keeps getting redirected

Unread postby splatified » June 26th, 2010, 10:53 am

Here is the log that was generated:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys
kernel: MBR read successfully
user & kernel MBR OK
splatified
Active Member
 
Posts: 10
Joined: June 21st, 2010, 10:35 am

Re: Browser keeps getting redirected

Unread postby melboy » June 26th, 2010, 10:59 am

Good the redirects should have stopped - Do you have the MBAM log?
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Browser keeps getting redirected

Unread postby splatified » June 26th, 2010, 11:11 am

Hi. Sorry, performing the scan now. I figure since it's going to restart my computer, I should post the log otherwise I won't be able to find it. I'll send the log after finishing the scan. Thanks.
splatified
Active Member
 
Posts: 10
Joined: June 21st, 2010, 10:35 am

Re: Browser keeps getting redirected

Unread postby splatified » June 26th, 2010, 11:16 am

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4244

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

6/26/2010 11:12:33 AM
mbam-log-2010-06-26 (11-12-33).txt

Scan type: Quick scan
Objects scanned: 121533
Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
splatified
Active Member
 
Posts: 10
Joined: June 21st, 2010, 10:35 am

Re: Browser keeps getting redirected

Unread postby melboy » June 26th, 2010, 11:26 am

Good - That looks better. Update a couple of security risks, then run the online scan and then we'll clean up a couple of things from your DDS log.


Update Adobe Reader

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 9.3 to your PC's desktop.
  • Uninstall via Start > Control Panel > Add/Remove Programs:
    Adobe Reader 6.0.1
  • Install the new downloaded updated software.
  • Then using the internal updater update the software to the current increment 9.3.2
    • Open Adobe Reader go to > Help > Check for updates and allow the updater to check.
    • If updates are found click Show Details and check the boxes to click to download and install any necessary updates.



Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 20.

  • Go to Sun Java
  • Scroll down to where it says "JDK 6 Update 20 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • In the Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u20-windows-i586.exe" and save the downloaded file to your desktop.
  • Uninstall all old versions of Java via Start > Control Panel > Add/Remove Programs:
    Java(TM) 6 Update 18
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer



TFC

    This should still be on your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 75 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware