Search results being redirected in ANY web browser

[Gunsmith_Cat]

As of two days ago, I am now experiencing the redirection of any link I click on in a web browser's list of search results. I have tried searching under alternative search engines too, in case it was Google specific (as this is my default search engine).

Regardless of what search engine I use, they all redirect me to random sites. The most frequent site I get redirected to is this one: hxxp://www.filmannex.com/search/google_search?affiliate=6771-1982&cx=partner-pub-3234597233716948%3Ad8gqqbb3u35&cof=FORID%3A10&ie=U

I will get redirected to this, no matter what search engine I have used! (I am even more confused that Google Search is mentioned in the redirection link even when I have been redirected to this site from, say, clicking on a link in Yahoo search results).


This all started two days ago when I accidentally downloaded a file that turned out to contain the "autorun/boot.com" worm. Everything was fine before that. I managed to manually remove all traces of the "autorun.inf", "boot.com", and "resycled" files/folders using regedit. I assumed everything was fine. However, my search results are now being redirected. Links are fine if I manually type them into the address bar, but if I were to click on any link from a search engine search result list, I will always get redirected to sites that are trying to sell things or entice you into things. When I watch the address bar after clicking on a search result link, it seems to flash through a few redirected links before settling on one to load. One of the pages I have been directed to is: hxxp://unitedkingdom.funmobile.com/landing_e.jsp?a=411&l=1185

Below is the paste of my log file scan. And I have attached the info and gmer files as instructed in your how-to thread.

Please help! I recently paid a lot of money for this laptop and I'm panicking, as I'm not advanced enough to understand how to format a HDD and really want to avoid doing that if this can be solved by other means.

My log file:


Logfile of random's system information tool 1.04 (written by random/random)
Run by Nat at 2008-11-06 22:12:35
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 197 GB (68%) free of 289 GB
Total RAM: 2554 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:12:38, on 06/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hotkey\Hotkey.exe
C:\Windows\BisonCam\BisonHK.exe
C:\Windows\BisonCam\DeLay.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Nat\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Nat\Desktop\RSIT.exe
C:\Users\Nat\Documents\Downloads\Nat.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.2:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotkeyOSD Software] "C:\Program Files\Hotkey\HotKey.exe"
O4 - HKLM\..\Run: [BisonHK] C:\Windows\BisonCam\BisonHK.exe
O4 - HKLM\..\Run: [DeLay] C:\Windows\BisonCam\DeLay.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Nat\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C1C7CA6-8231-44E3-B120-F890F7B185D1}: NameServer = 85.255.112.159;85.255.112.23
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC4F7F74-B797-405D-9A07-1DAF18669E51}: NameServer = 85.255.112.159;85.255.112.23
O17 - HKLM\System\CS1\Services\Tcpip\..\{1C1C7CA6-8231-44E3-B120-F890F7B185D1}: NameServer = 85.255.112.159;85.255.112.23
O17 - HKLM\System\CS2\Services\Tcpip\..\{1C1C7CA6-8231-44E3-B120-F890F7B185D1}: NameServer = 85.255.112.159;85.255.112.23
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PowerBiosServer - Unknown owner - C:\Program Files\Hotkey\PowerBiosServer.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdolb.exe (file missing)

--
End of file - 8533 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-07-29 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-06-19 13543968]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-06-19 92704]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2008-03-26 1208320]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1029416]
"HotkeyOSD Software"=C:\Program Files\Hotkey\HotKey.exe [2008-07-16 1351680]
"BisonHK"=C:\Windows\BisonCam\BisonHK.exe [2008-03-25 77824]
"DeLay"=C:\Windows\BisonCam\DeLay.exe [2008-03-11 53248]
"PSQLLauncher"=C:\Program Files\Protector Suite QL\launcher.exe [2007-06-05 49168]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-09-12 182808]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2008-02-29 76304]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2008-10-13 6335008]
"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2008-10-13 1833504]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"Google Update"=C:\Users\Nat\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-06 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Nat\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-06 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2008-07-29 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Windows\system32\psqlpwd.dll [2007-06-05 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableCAD"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-11-06 22:10:20 ----D---- C:\rsit
2008-11-06 21:55:17 ----D---- C:\Windows\Minidump
2008-11-06 21:52:13 ----A---- C:\Windows\gmer.ini
2008-11-06 21:52:12 ----A---- C:\Windows\gmer_uninstall.cmd
2008-11-06 21:52:12 ----A---- C:\Windows\gmer.exe
2008-11-06 21:52:12 ----A---- C:\Windows\gmer.dll
2008-11-06 21:11:27 ----D---- C:\Users\Nat\AppData\Roaming\Mozilla
2008-11-06 21:11:19 ----D---- C:\Program Files\Mozilla Firefox
2008-11-06 20:07:49 ----D---- C:\Program Files\CCleaner
2008-11-06 02:37:58 ----D---- C:\Program Files\Kaspersky Lab
2008-11-06 02:37:57 ----D---- C:\ProgramData\Kaspersky Lab
2008-11-06 02:36:41 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2008-11-04 22:48:25 ----D---- C:\Program Files\Writer's Cafe 2
2008-11-04 22:21:17 ----HD---- C:\Program Files\Zero G Registry
2008-11-04 18:20:31 ----D---- C:\Program Files\Common Files\PX Storage Engine
2008-11-02 21:46:54 ----D---- C:\Users\Nat\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-11-02 21:42:51 ----D---- C:\ProgramData\NOS
2008-11-02 21:42:51 ----D---- C:\Program Files\NOS
2008-11-02 21:18:49 ----D---- C:\Program Files\Free Fire Screensaver
2008-11-02 21:18:28 ----D---- C:\Users\Nat\AppData\Roaming\Laconic Software
2008-11-02 21:14:09 ----D---- C:\ProgramData\FLEXnet
2008-11-02 21:12:41 ----D---- C:\ProgramData\Adobe
2008-11-02 21:12:20 ----D---- C:\Program Files\Bonjour
2008-11-02 2153 ----D---- C:\Program Files\Adobe
2008-11-02 2128 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-11-02 21:01:16 ----D---- C:\Program Files\Common Files\Adobe
2008-11-01 15:22:16 ----D---- C:\Program Files\Screenplay Systems
2008-11-01 15:01:54 ----D---- C:\Users\Nat\AppData\Roaming\Final Draft
2008-11-01 15:00:24 ----A---- C:\Windows\system32\EncDec.dll
2008-11-01 15:00:22 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-29 23:17:09 ----D---- C:\Users\Nat\AppData\Roaming\Writer's Cafe 2
2008-10-29 23:15:12 ----D---- C:\Program Files\Black Obelisk Software
2008-10-29 23:13:27 ----D---- C:\ProgramData\Final Draft
2008-10-29 23:13:25 ----D---- C:\Program Files\Final Draft Tagger
2008-10-29 23:13:25 ----D---- C:\Program Files\Final Draft 7
2008-10-28 21:53:40 ----A---- C:\Windows\system32\wersvc.dll
2008-10-28 21:53:40 ----A---- C:\Windows\system32\Faultrep.dll
2008-10-28 21:44:22 ----A---- C:\Windows\system32\win32spl.dll
2008-10-28 20:22:09 ----A---- C:\Windows\system32\msonpmon.dll
2008-10-28 20:21:00 ----D---- C:\Program Files\Microsoft Works
2008-10-28 20:20:15 ----D---- C:\Program Files\Microsoft Visual Studio
2008-10-28 20:20:15 ----D---- C:\Program Files\Common Files\DESIGNER
2008-10-28 20:19:37 ----D---- C:\Program Files\Microsoft.NET
2008-10-28 20:16:02 ----D---- C:\ProgramData\Microsoft Help
2008-10-28 20:16:02 ----D---- C:\Program Files\Microsoft Office
2008-10-28 20:15:42 ----RHD---- C:\MSOCache
2008-10-28 19:41:36 ----A---- C:\Windows\IsUninst.exe
2008-10-28 17:40:17 ----D---- C:\Windows\pss
2008-10-26 20:15:07 ----D---- C:\Users\Nat\AppData\Roaming\Media Player Classic
2008-10-26 20:10:26 ----D---- C:\Program Files\Combined Community Codec Pack
2008-10-26 20:09:40 ----D---- C:\Program Files\Haali
2008-10-26 20:09:04 ----D---- C:\Program Files\CoreCodec
2008-10-24 18:23:32 ----A---- C:\Windows\system32\netapi32.dll
2008-10-20 15:18:20 ----D---- C:\Users\Nat\AppData\Roaming\Games
2008-10-20 15:17:13 ----A---- C:\Windows\system32\xactengine2_6.dll
2008-10-20 15:17:13 ----A---- C:\Windows\system32\xactengine2_5.dll
2008-10-20 15:17:12 ----A---- C:\Windows\system32\d3dx9_32.dll
2008-10-20 15:17:12 ----A---- C:\Windows\system32\d3dx10.dll
2008-10-20 15:17:10 ----A---- C:\Windows\system32\xactengine2_4.dll
2008-10-20 15:17:10 ----A---- C:\Windows\system32\x3daudio1_1.dll
2008-10-20 15:17:09 ----A---- C:\Windows\system32\xinput1_3.dll
2008-10-20 15:17:09 ----A---- C:\Windows\system32\xinput1_2.dll
2008-10-20 15:17:09 ----A---- C:\Windows\system32\xactengine2_3.dll
2008-10-20 15:17:09 ----A---- C:\Windows\system32\d3dx9_31.dll
2008-10-20 15:17:08 ----A---- C:\Windows\system32\xinput1_1.dll
2008-10-20 15:17:08 ----A---- C:\Windows\system32\xactengine2_2.dll
2008-10-20 15:17:08 ----A---- C:\Windows\system32\xactengine2_1.dll
2008-10-20 15:16:55 ----A---- C:\Windows\system32\xactengine2_0.dll
2008-10-20 15:16:55 ----A---- C:\Windows\system32\x3daudio1_0.dll
2008-10-20 15:16:55 ----A---- C:\Windows\system32\d3dx9_30.dll
2008-10-20 15:16:55 ----A---- C:\Windows\system32\d3dx9_29.dll
2008-10-20 15:16:54 ----A---- C:\Windows\system32\d3dx9_28.dll
2008-10-20 15:16:53 ----A---- C:\Windows\system32\d3dx9_27.dll
2008-10-20 15:16:53 ----A---- C:\Windows\system32\d3dx9_26.dll
2008-10-20 15:16:53 ----A---- C:\Windows\system32\d3dx9_25.dll
2008-10-20 15:16:52 ----A---- C:\Windows\system32\d3dx9_24.dll
2008-10-20 00:22:35 ----D---- C:\ProgramData\Blizzard
2008-10-19 21:15:20 ----A---- C:\Windows\system32\mshtml.dll
2008-10-19 21:15:20 ----A---- C:\Windows\system32\ieframe.dll
2008-10-19 21:15:19 ----A---- C:\Windows\system32\wininet.dll
2008-10-19 21:15:19 ----A---- C:\Windows\system32\urlmon.dll
2008-10-19 21:15:19 ----A---- C:\Windows\system32\mstime.dll
2008-10-19 21:15:19 ----A---- C:\Windows\system32\iertutil.dll
2008-10-19 21:15:18 ----A---- C:\Windows\system32\jsproxy.dll
2008-10-19 21:03:59 ----D---- C:\Windows\system32\RTCOM
2008-10-19 21:03:38 ----A---- C:\Windows\system32\WavesLib.dll
2008-10-19 21:03:37 ----A---- C:\Windows\system32\SRSWOW.dll
2008-10-19 21:03:37 ----A---- C:\Windows\system32\SRSTSXT.dll
2008-10-19 21:03:37 ----A---- C:\Windows\system32\SRSTSHD.dll
2008-10-19 21:03:37 ----A---- C:\Windows\system32\SRSHP360.dll
2008-10-19 21:03:34 ----A---- C:\Windows\system32\RtkPgExt.dll
2008-10-19 21:03:34 ----A---- C:\Windows\system32\RtkCoInst.dll
2008-10-19 21:03:33 ----A---- C:\Windows\system32\RtkApoApi.dll
2008-10-19 21:03:33 ----A---- C:\Windows\system32\RtkAPO.dll
2008-10-19 21:03:32 ----A---- C:\Windows\system32\ppChain.dll
2008-10-19 21:03:32 ----A---- C:\Windows\system32\MaxxAudioEQ.dll
2008-10-19 21:03:32 ----A---- C:\Windows\system32\MaxxAudioAPO20.dll
2008-10-19 21:03:32 ----A---- C:\Windows\system32\MaxxAudioAPO.dll
2008-10-19 21:03:32 ----A---- C:\Windows\system32\FMAPO.dll
2008-10-19 21:03:32 ----A---- C:\Windows\system32\ctppld.dll
2008-10-19 21:03:32 ----A---- C:\Windows\system32\CTAPO32.dll
2008-10-19 21:03:32 ----A---- C:\Windows\system32\AERTARen.dll
2008-10-19 21:03:32 ----A---- C:\Windows\system32\AERTACap.dll
2008-10-19 21:03:30 ----A---- C:\Windows\RtlExUpd.dll
2008-10-19 20:37:45 ----D---- C:\Windows\system32\AGEIA
2008-10-19 20:37:44 ----D---- C:\Program Files\AGEIA Technologies
2008-10-19 20:37:20 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-19 19:59:43 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-19 19:59:43 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-19 09:55:37 ----D---- C:\Users\Nat\AppData\Roaming\Lionhead Studios
2008-10-15 17:19:19 ----D---- C:\Program Files\Cisco
2008-10-15 17:19:15 ----D---- C:\Program Files\Common Files\Intel
2008-10-13 22:43:37 ----D---- C:\ProgramData\SteamPopCapv1005
2008-10-13 22:43:37 ----D---- C:\ProgramData\PopCap Games
2008-10-13 21:22:18 ----D---- C:\ProgramData\2DBoy
2008-10-12 22:24:31 ----D---- C:\Program Files\Activision
2008-10-12 16:03:34 ----D---- C:\Program Files\Steam
2008-10-12 16:03:34 ----D---- C:\Program Files\Common Files\Steam
2008-10-11 23:36:35 ----D---- C:\Users\Nat\AppData\Roaming\Macromedia
2008-10-11 23:36:35 ----D---- C:\Users\Nat\AppData\Roaming\Adobe
2008-10-11 23:36:34 ----D---- C:\Windows\system32\Macromed
2008-10-11 20:35:07 ----D---- C:\Users\Nat\AppData\Roaming\Logitech
2008-10-11 20:35:07 ----D---- C:\ProgramData\LogiShrd
2008-10-11 20:34:16 ----A---- C:\Windows\system32\BtCoreIf.dll
2008-10-11 20:34:15 ----A---- C:\Windows\system32\KemXML.dll
2008-10-11 20:34:15 ----A---- C:\Windows\system32\KemWnd.dll
2008-10-11 20:34:15 ----A---- C:\Windows\system32\KemUtil.dll
2008-10-11 20:34:15 ----A---- C:\Windows\system32\kemutb.dll
2008-10-11 20:34:08 ----D---- C:\ProgramData\Logitech
2008-10-11 20:34:05 ----D---- C:\Program Files\Logitech
2008-10-11 20:34:05 ----D---- C:\Program Files\Common Files\Logishrd
2008-10-11 20:16:04 ----D---- C:\Windows\PCHEALTH
2008-10-11 20:13:52 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-10-11 20:13:46 ----D---- C:\Program Files\Windows Live
2008-10-11 20:13:17 ----D---- C:\ProgramData\WLInstaller
2008-10-11 19:24:18 ----D---- C:\Program Files\World of Warcraft
2008-10-11 19:24:18 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-10-08 12:03:10 ----A---- C:\Windows\system32\results.txt
2008-10-08 02:39:49 ----D---- C:\Windows\Panther
2008-10-08 01:49:06 ----D---- C:\Windows\Debug
2008-10-08 01:44:59 ----D---- C:\Windows\SoftwareDistribution
2008-10-08 01:40:36 ----D---- C:\Windows\Prefetch
2008-10-07 20:56:28 ----A---- C:\Windows\system32\DaisyWrp.dll
2008-10-07 20:40:36 ----HD---- C:\Program Files\Temp
2008-10-07 20:38:29 ----A---- C:\Windows\system32\RtNicProp32.dll
2008-10-07 20:35:17 ----A---- C:\Windows\system32\difxapi.dll
2008-10-07 20:27:02 ----D---- C:\Program Files\PC Drivers HeadQuarters
2008-10-07 20:22:16 ----D---- C:\ProgramData\PC Drivers HeadQuarters
2008-10-07 19:58:57 ----A---- C:\Windows\system32\tzres.dll
2008-10-07 19:58:12 ----A---- C:\Windows\system32\msshooks.dll
2008-10-07 19:58:11 ----A---- C:\Windows\system32\thawbrkr.dll
2008-10-07 19:58:11 ----A---- C:\Windows\system32\srchadmin.dll
2008-10-07 19:58:11 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-10-07 19:58:11 ----A---- C:\Windows\system32\propsys.dll
2008-10-07 19:58:11 ----A---- C:\Windows\system32\propdefs.dll
2008-10-07 19:58:11 ----A---- C:\Windows\system32\msstrc.dll
2008-10-07 19:58:11 ----A---- C:\Windows\system32\mssprxy.dll
2008-10-07 19:58:11 ----A---- C:\Windows\system32\mssitlb.dll
2008-10-07 19:58:11 ----A---- C:\Windows\system32\msshsq.dll
2008-10-07 19:58:11 ----A---- C:\Windows\system32\msscb.dll
2008-10-07 19:58:11 ----A---- C:\Windows\system32\korwbrkr.dll
2008-10-07 19:58:10 ----A---- C:\Windows\system32\xmlfilter.dll
2008-10-07 19:58:10 ----A---- C:\Windows\system32\wsepno.dll
2008-10-07 19:58:10 ----A---- C:\Windows\system32\tquery.dll
2008-10-07 19:58:10 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-10-07 19:58:10 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-10-07 19:58:10 ----A---- C:\Windows\system32\rtffilt.dll
2008-10-07 19:58:10 ----A---- C:\Windows\system32\offfilt.dll
2008-10-07 19:58:10 ----A---- C:\Windows\system32\nlhtml.dll
2008-10-07 19:58:10 ----A---- C:\Windows\system32\mssvp.dll
2008-10-07 19:58:10 ----A---- C:\Windows\system32\mssrch.dll
2008-10-07 19:58:10 ----A---- C:\Windows\system32\mssphtb.dll
2008-10-07 19:58:10 ----A---- C:\Windows\system32\mssph.dll
2008-10-07 19:58:10 ----A---- C:\Windows\system32\msscntrs.dll
2008-10-07 19:58:10 ----A---- C:\Windows\system32\mimefilt.dll
2008-10-07 19:58:10 ----A---- C:\Windows\system32\chtbrkr.dll
2008-10-07 19:58:10 ----A---- C:\Windows\system32\chsbrkr.dll
2008-10-07 19:55:00 ----A---- C:\Windows\system32\winresume.exe
2008-10-07 19:55:00 ----A---- C:\Windows\system32\winload.exe
2008-10-07 19:55:00 ----A---- C:\Windows\system32\kd1394.dll
2008-10-07 19:55:00 ----A---- C:\Windows\system32\ci.dll
2008-10-07 19:54:59 ----A---- C:\Windows\system32\srdelayed.exe
2008-10-07 19:54:59 ----A---- C:\Windows\system32\srcore.dll
2008-10-07 19:54:59 ----A---- C:\Windows\system32\srclient.dll
2008-10-07 19:54:59 ----A---- C:\Windows\system32\setbcdlocale.dll
2008-10-07 19:54:59 ----A---- C:\Windows\system32\rstrui.exe
2008-10-07 19:54:59 ----A---- C:\Windows\system32\kbd106n.dll
2008-10-07 19:54:51 ----A---- C:\Windows\system32\fsquirt.exe
2008-10-07 19:54:48 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-10-07 19:54:46 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-10-07 19:54:40 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-10-07 19:54:17 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-10-07 19:54:17 ----A---- C:\Windows\system32\gameux.dll
2008-10-07 19:54:17 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-10-07 19:54:16 ----A---- C:\Windows\system32\wmpeffects.dll
2008-10-07 19:54:12 ----A---- C:\Windows\system32\shell32.dll
2008-10-07 19:54:10 ----A---- C:\Windows\system32\rpcrt4.dll
2008-10-07 19:54:09 ----A---- C:\Windows\system32\pacerprf.dll
2008-10-07 19:54:08 ----A---- C:\Windows\system32\emdmgmt.dll
2008-10-07 19:54:08 ----A---- C:\Windows\system32\dataclen.dll
2008-10-07 19:54:08 ----A---- C:\Windows\system32\cdd.dll
2008-10-07 19:54:05 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-10-07 19:54:04 ----A---- C:\Windows\system32\es.dll
2008-10-07 19:54:02 ----A---- C:\Windows\system32\gdi32.dll
2008-10-07 19:53:57 ----A---- C:\Windows\system32\wshext.dll
2008-10-07 19:53:57 ----A---- C:\Windows\system32\wscript.exe
2008-10-07 19:53:57 ----A---- C:\Windows\system32\vbscript.dll
2008-10-07 19:53:57 ----A---- C:\Windows\system32\scrrun.dll
2008-10-07 19:53:57 ----A---- C:\Windows\system32\scrobj.dll
2008-10-07 19:53:57 ----A---- C:\Windows\system32\jscript.dll
2008-10-07 19:53:57 ----A---- C:\Windows\system32\cscript.exe
2008-10-07 19:53:55 ----A---- C:\Windows\system32\inetcomm.dll
2008-10-07 19:52:57 ----A---- C:\Windows\system32\quartz.dll
2008-10-07 19:50:41 ----A---- C:\Windows\system32\input.txt
2008-10-07 19:48:07 ----A---- C:\Windows\system32\wups2.dll
2008-10-07 19:48:07 ----A---- C:\Windows\system32\wucltux.dll
2008-10-07 19:48:07 ----A---- C:\Windows\system32\wuaueng.dll
2008-10-07 19:48:07 ----A---- C:\Windows\system32\wuauclt.exe
2008-10-07 19:47:56 ----A---- C:\Windows\system32\wups.dll
2008-10-07 19:47:56 ----A---- C:\Windows\system32\wudriver.dll
2008-10-07 19:47:56 ----A---- C:\Windows\system32\wuapi.dll
2008-10-07 19:47:51 ----A---- C:\Windows\system32\wuwebv.dll
2008-10-07 19:47:51 ----A---- C:\Windows\system32\wuapp.exe
2008-10-07 19:07:21 ----DC---- C:\Windows\system32\DRVSTORE
2008-10-07 18:53:44 ----D---- C:\Program Files\Protector Suite QL
2008-10-07 18:53:26 ----D---- C:\ProgramData\UIB
2008-10-07 18:45:50 ----D---- C:\Windows\BisonC07
2008-10-07 18:45:32 ----R---- C:\Windows\OEM.ini
2008-10-07 18:45:31 ----D---- C:\Windows\Options
2008-10-07 18:45:31 ----D---- C:\Windows\BisonCam
2008-10-07 18:45:31 ----A---- C:\Windows\system32\BisonR07.dll
2008-10-07 18:45:31 ----A---- C:\Windows\M3000Twn.ini
2008-10-07 18:43:14 ----D---- C:\Users\Nat\AppData\Roaming\Intel
2008-10-07 18:43:13 ----D---- C:\ProgramData\Roaming
2008-10-07 18:42:54 ----D---- C:\ProgramData\Intel
2008-10-07 18:41:30 ----SHD---- C:\Windows\Installer
2008-10-07 18:34:24 ----D---- C:\Program Files\Intel
2008-10-07 18:34:24 ----A---- C:\Windows\system32\CSVer.dll
2008-10-07 18:31:33 ----D---- C:\Program Files\Hotkey
2008-10-07 18:31:33 ----A---- C:\Windows\system32\CLEVOMOF.dll
2008-10-07 18:30:53 ----A---- C:\Windows\xUninstall.bat
2008-10-07 18:30:08 ----D---- C:\Windows\JMCR_DIR
2008-10-07 18:21:04 ----D---- C:\Program Files\Synaptics
2008-10-07 18:20:45 ----A---- C:\Windows\system32\WdfCoInstaller01000.dll
2008-10-07 18:20:45 ----A---- C:\Windows\system32\SynTPCo4.dll
2008-10-07 18:20:45 ----A---- C:\Windows\system32\SynTPAPI.dll
2008-10-07 18:20:45 ----A---- C:\Windows\system32\SynCtrl.dll
2008-10-07 18:20:45 ----A---- C:\Windows\system32\SynCOM.dll
2008-10-07 18:19:35 ----D---- C:\Users\Nat\AppData\Roaming\InstallShield
2008-10-07 18:17:01 ----D---- C:\Program Files\Motorola
2008-10-07 18:16:34 ----A---- C:\Windows\system32\sm56co81.dll
2008-10-07 18:13:25 ----A---- C:\Windows\DIFxAPI.dll
2008-10-07 18:11:32 ----D---- C:\Program Files\Realtek
2008-10-07 18:11:10 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-07 18:10:37 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-07 18:10:03 ----D---- C:\ProgramData\NVIDIA
2008-10-07 1828 ----A---- C:\Windows\system32\nvudisp.exe
2008-10-07 18:05:01 ----D---- C:\Program Files\DIFX
2008-10-07 18:04:18 ----A---- C:\Windows\system32\NVUNINST.EXE
2008-10-07 17:57:02 ----D---- C:\Users\Nat\AppData\Roaming\Identities
2008-10-07 17:56:57 ----SD---- C:\Users\Nat\AppData\Roaming\Microsoft
2008-10-07 17:56:57 ----D---- C:\Users\Nat\AppData\Roaming\Media Center Programs

======List of files/folders modified in the last 1 months======

2008-11-06 22:12:34 ----D---- C:\Windows\Temp
2008-11-06 22:01:01 ----D---- C:\Windows\System32
2008-11-06 22:01:01 ----D---- C:\Windows\inf
2008-11-06 22:01:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-06 21:55:17 ----D---- C:\Windows
2008-11-06 21:52:12 ----D---- C:\Windows\system32\drivers
2008-11-06 21:11:19 ----RD---- C:\Program Files
2008-11-06 21:02:55 ----D---- C:\Windows\Tasks
2008-11-06 21:02:55 ----D---- C:\Windows\system32\Tasks
2008-11-06 02:43:44 ----D---- C:\Windows\system32\WDI
2008-11-06 02:38:20 ----D---- C:\Windows\system32\catroot
2008-11-06 02:37:57 ----HD---- C:\ProgramData
2008-11-06 02:37:35 ----SHD---- C:\System Volume Information
2008-11-04 18:20:31 ----D---- C:\Program Files\Common Files
2008-11-02 22:13:33 ----SD---- C:\Windows\Downloaded Program Files
2008-11-02 21:11:23 ----RSD---- C:\Windows\Fonts
2008-11-01 16:08:57 ----D---- C:\Windows\Microsoft.NET
2008-11-01 16:08:43 ----D---- C:\Windows\winsxs
2008-11-01 16:08:43 ----D---- C:\Windows\ehome
2008-11-01 16:08:19 ----A---- C:\Windows\win.ini
2008-11-01 16:07:57 ----RSD---- C:\Windows\assembly
2008-11-01 16:07:21 ----D---- C:\Program Files\Common Files\microsoft shared
2008-10-29 23:13:28 ----D---- C:\Windows\system
2008-10-29 23:12:34 ----D---- C:\Windows\system32\catroot2
2008-10-28 20:20:11 ----D---- C:\Windows\ShellNew
2008-10-28 20:19:37 ----SD---- C:\ProgramData\Microsoft
2008-10-28 20:16:25 ----D---- C:\Program Files\Common Files\System
2008-10-28 18:56:43 ----D---- C:\Windows\rescache
2008-10-20 18:01:45 ----D---- C:\Windows\system32\migration
2008-10-20 18:01:45 ----D---- C:\Program Files\Windows Mail
2008-10-19 10:27:20 ----D---- C:\Windows\system32\Msdtc
2008-10-19 10:27:18 ----D---- C:\Windows\system32\wbem
2008-10-19 10:26:29 ----D---- C:\Windows\system32\config
2008-10-19 10:26:22 ----D---- C:\Windows\system32\spool
2008-10-19 10:26:21 ----D---- C:\Windows\registration
2008-10-12 22:43:02 ----D---- C:\Windows\Logs
2008-10-11 20:45:43 ----D---- C:\Windows\system32\LogFiles
2008-10-11 19:39:47 ----D---- C:\Windows\system32\NDF
2008-10-08 02:39:36 ----RAS---- C:\BOOTSECT.BAK
2008-10-08 02:39:34 ----SHD---- C:\Boot
2008-10-07 20:01:26 ----D---- C:\Windows\system32\en-US
2008-10-07 20:01:26 ----D---- C:\Windows\AppPatch
2008-10-07 20:01:24 ----D---- C:\Windows\PolicyDefinitions
2008-10-07 20:01:23 ----D---- C:\Windows\system32\Boot
2008-10-07 19:19:40 ----A---- C:\Windows\system32\mrt.exe
2008-10-07 18:45:32 ----D---- C:\Windows\twain_32
2008-10-07 1856 ----D---- C:\Windows\Help
2008-10-07 18:04:45 ----D---- C:\Windows\system32\restore
2008-10-07 17:57:15 ----SHD---- C:\$Recycle.Bin
2008-10-07 17:56:57 ----RD---- C:\Users

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-07-21 121872]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2008-11-06 216080]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
R3 Cam5607;BisonCam, NB Pro; C:\Windows\System32\Drivers\BisonC07.sys [2008-04-30 1073320]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys [2008-11-06 85969]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-10-13 2176856]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-06-26 3662848]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-06-19 7530848]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-10-04 133120]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2008-03-26 1094272]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-06 196400]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2007-09-10 47120]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 2216448]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-04-30 815104]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-09-12 354840]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-06-19 196608]
R2 PowerBiosServer;PowerBiosServer; C:\Program Files\Hotkey\PowerBiosServer.exe [2008-07-10 36864]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-04-30 466944]
S2 Windows Tribute Service;Windows Tribute Service; C:\Windows\system32\kdolb.exe -srv []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-02 654848]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-11-06 99576]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

[Gunsmith_Cat]

Just Bumping as no solution yet.

[Ried]

Hello Gunsmith_Cat,

Before we begin, I'm concerned about some entries in the gmer report. Please download mbr.exe and save it to your desktop.

Double click to run it. It will produce a log on your desktop named mbr.log. Post the contents of that log.

[Gunsmith_Cat]

The log is EXTREMELY short. Is it supposed to be? Here are the entire contents of the mbr.log you wanted:


Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: error reading MBR



I then realised that I did not run it as Administrator (doh), so here's the new log:


Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

[Ried]

Yes, that is all there should be to that log. : )


It will require more than one round to properly clean your system. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.


***************************************************

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT - Save ComboFix.exe to your Desktop

========================================

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

========================================


Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you which I will need in your next reply.

========================================


Now please run a new scan with gmer.exe as well.


========================================

Please include the following in your next reply:

C:\ComboFix.txt
gmer.txt <--attached, please

[Gunsmith_Cat]

I'm trying to download ComboFix. I see the .exe appear on my desktop. I then disabled my internet security software (Kaspersky Trial Version) as instructed before running. The .exe sudden disappears. I tried downloading to desktop again to see if it was a fluke... but the .exe will not appear anywhere after downloading when my internet security is turned off. I have no idea how to make the .exe stick around so that I can run it!!

[Gunsmith_Cat]

Okay.... I have managed to get the .exe to stick around now and have ran it, and subsequently gmer. Here is my ComboFix log result (I turned off internet security about 2 mins into it though as I thought the .exe would have disappeared if I had disabled it before running).


ComboFix 08-11-11.01 - Nat 2008-11-12 19:58:51.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1589 [GMT 0:00]
Running from: c:\users\Nat\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))
.

2008-11-11 16:32 . 2008-11-11 16:32 691 --a------ c:\users\Nat\AppData\Roaming\GetValue.vbs
2008-11-11 16:32 . 2008-11-11 16:32 35 --a------ c:\users\Nat\AppData\Roaming\SetValue.bat
2008-11-11 16:15 . 2008-11-11 16:32 3,602 --a------ c:\windows\System32\tmp.reg
2008-11-09 21:52 . 2008-11-09 21:52 <DIR> d-------- c:\users\Nat\AppData\Roaming\Malwarebytes
2008-11-09 21:52 . 2008-11-09 21:52 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-11-09 21:52 . 2008-11-09 21:52 <DIR> d-------- c:\programdata\Malwarebytes
2008-11-09 21:52 . 2008-11-09 21:52 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-09 21:52 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-09 21:52 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-07 01:06 . 2008-11-07 01:06 1,724 --a------ c:\windows\System32\%LocalXml%
2008-11-06 22:10 . 2008-11-06 22:10 <DIR> d-------- C:\rsit
2008-11-06 21:52 . 2008-11-06 21:56 250 --a------ c:\windows\gmer.ini
2008-11-06 20:07 . 2008-11-06 20:07 <DIR> d-------- c:\program files\CCleaner
2008-11-06 02:38 . 2008-11-06 02:46 96,976 --a------ c:\windows\System32\drivers\klin.dat
2008-11-06 02:38 . 2008-11-06 02:38 87,855 --a------ c:\windows\System32\drivers\klick.dat
2008-11-06 02:37 . 2008-11-12 19:33 <DIR> d-------- c:\users\All Users\Kaspersky Lab
2008-11-06 02:37 . 2008-11-12 19:33 <DIR> d-------- c:\programdata\Kaspersky Lab
2008-11-06 02:37 . 2008-11-06 02:37 <DIR> d-------- c:\program files\Kaspersky Lab
2008-11-06 02:37 . 2008-11-12 20:03 3,555,360 --ahs---- c:\windows\System32\drivers\fidbox.dat
2008-11-06 02:37 . 2008-11-12 20:03 393,248 --ahs---- c:\windows\System32\drivers\fidbox2.dat
2008-11-06 02:37 . 2008-11-12 20:03 29,904 --ahs---- c:\windows\System32\drivers\fidbox.idx
2008-11-06 02:37 . 2008-11-12 20:03 2,424 --ahs---- c:\windows\System32\drivers\fidbox2.idx
2008-11-06 02:36 . 2008-11-06 02:36 <DIR> d-------- c:\users\All Users\Kaspersky Lab Setup Files
2008-11-06 02:36 . 2008-11-06 02:36 <DIR> d-------- c:\programdata\Kaspersky Lab Setup Files
2008-11-04 22:48 . 2008-11-04 22:48 <DIR> d-------- c:\program files\Writer's Cafe 2
2008-11-04 22:21 . 2008-11-04 22:27 <DIR> d--h----- c:\program files\Zero G Registry
2008-11-04 18:20 . 2008-11-04 18:20 <DIR> d-------- c:\program files\Common Files\PX Storage Engine
2008-11-04 18:20 . 2008-10-08 03:03 43,872 --------- c:\windows\System32\drivers\PxHelp20.sys
2008-11-04 18:20 . 2008-10-08 03:03 9,200 --------- c:\windows\System32\drivers\cdralw2k.sys
2008-11-04 18:20 . 2008-10-08 03:03 9,072 --------- c:\windows\System32\drivers\cdr4_xp.sys
2008-11-02 21:46 . 2008-11-02 21:46 <DIR> d-------- c:\users\Nat\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-11-02 21:42 . 2008-11-02 22:13 <DIR> d-------- c:\users\All Users\NOS
2008-11-02 21:42 . 2008-11-02 22:13 <DIR> d-------- c:\programdata\NOS
2008-11-02 21:42 . 2008-11-02 22:13 <DIR> d-------- c:\program files\NOS
2008-11-02 21:18 . 2008-11-02 21:18 <DIR> d-------- c:\users\Nat\AppData\Roaming\Laconic Software
2008-11-02 21:18 . 2008-11-02 21:18 <DIR> d-------- c:\program files\Free Fire Screensaver
2008-11-02 21:14 . 2008-11-02 21:14 <DIR> d-------- c:\users\All Users\FLEXnet
2008-11-02 21:14 . 2008-11-02 21:14 <DIR> d-------- c:\programdata\FLEXnet
2008-11-02 21:12 . 2008-11-04 18:22 <DIR> d-------- c:\users\All Users\Adobe
2008-11-02 21:06 . 2008-11-02 21:06 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-11-02 21:01 . 2008-11-02 21:45 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-01 15:22 . 2008-11-01 15:22 <DIR> d-------- c:\program files\Screenplay Systems
2008-11-01 15:22 . 2008-11-02 22:23 1,109 --a------ c:\windows\PowerReg.dat
2008-11-01 15:01 . 2008-11-01 15:01 <DIR> d-------- c:\users\Nat\AppData\Roaming\Final Draft
2008-11-01 15:00 . 2008-08-05 09:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-01 15:00 . 2008-08-05 09:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-01 15:00 . 2008-08-05 09:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-01 15:00 . 2008-08-05 09:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-01 15:00 . 2008-08-05 09:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-29 23:17 . 2008-10-29 23:23 <DIR> d-------- c:\users\Nat\AppData\Roaming\Writer's Cafe 2
2008-10-29 23:15 . 2008-11-01 15:08 <DIR> d-------- c:\program files\Black Obelisk Software
2008-10-29 23:13 . 2008-11-01 14:59 <DIR> d-------- c:\users\All Users\Final Draft
2008-10-29 23:13 . 2008-11-01 14:59 <DIR> d-------- c:\programdata\Final Draft
2008-10-29 23:13 . 2008-10-29 23:13 <DIR> d-------- c:\program files\Final Draft Tagger
2008-10-29 23:13 . 2008-11-01 15:06 <DIR> d-------- c:\program files\Final Draft 7
2008-10-29 02:37 . 2008-09-12 13:32 327,192 --a------ c:\windows\System32\drivers\iaStor.sys
2008-10-28 21:53 . 2008-09-18 04:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-28 21:53 . 2008-09-18 04:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-28 21:44 . 2008-08-12 03:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-28 20:22 . 2006-10-26 19:56 32,592 --a------ c:\windows\System32\msonpmon.dll
2008-10-28 20:21 . 2008-10-28 20:21 <DIR> d-------- c:\program files\Microsoft Works
2008-10-28 20:19 . 2008-10-28 20:19 <DIR> d-------- c:\program files\Microsoft.NET
2008-10-28 20:16 . 2008-11-01 16:08 <DIR> d-------- c:\users\All Users\Microsoft Help
2008-10-28 20:16 . 2008-11-01 16:08 <DIR> d-------- c:\programdata\Microsoft Help
2008-10-28 20:15 . 2008-10-28 20:15 <DIR> dr-h----- C:\MSOCache
2008-10-28 19:41 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2008-10-26 20:15 . 2008-10-26 20:15 <DIR> d-------- c:\users\Nat\AppData\Roaming\Media Player Classic
2008-10-26 20:10 . 2008-10-26 20:14 <DIR> d-------- c:\program files\Combined Community Codec Pack
2008-10-26 20:09 . 2008-10-26 20:09 <DIR> d-------- c:\program files\Haali
2008-10-26 20:09 . 2008-10-26 20:09 <DIR> d-------- c:\program files\CoreCodec
2008-10-26 10:41 . 2008-10-26 10:41 614,403 --a------ c:\windows\BsSnap.pre
2008-10-20 15:18 . 2008-10-20 15:18 <DIR> d-------- c:\users\Nat\AppData\Roaming\Games
2008-10-20 15:16 . 2005-05-26 14:34 2,297,552 --a------ c:\windows\System32\d3dx9_26.dll
2008-10-20 00:22 . 2008-10-20 00:22 <DIR> d-------- c:\users\All Users\Blizzard
2008-10-20 00:22 . 2008-10-20 00:22 <DIR> d-------- c:\programdata\Blizzard
2008-10-19 21:15 . 2008-10-02 01:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-10-19 21:15 . 2008-10-02 03:49 827,392 --a------ c:\windows\System32\wininet.dll
2008-10-19 21:04 . 2007-11-14 14:18 553 --a------ c:\windows\USetup.iss
2008-10-19 20:37 . 2008-10-19 20:37 <DIR> d-------- c:\windows\System32\AGEIA
2008-10-19 20:37 . 2008-10-29 23:12 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-10-19 20:37 . 2008-10-19 20:37 <DIR> d-------- c:\program files\AGEIA Technologies
2008-10-19 19:59 . 2008-09-18 05:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-10-19 19:59 . 2008-09-18 05:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-10-19 19:15 . 2008-09-18 02:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-10-19 19:14 . 2008-08-27 01:06 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-10-19 09:55 . 2008-10-19 09:55 <DIR> d-------- c:\users\Nat\AppData\Roaming\Lionhead Studios
2008-10-15 17:19 . 2008-10-15 17:19 <DIR> d-------- c:\program files\Common Files\Intel
2008-10-15 17:19 . 2008-10-15 17:19 <DIR> d-------- c:\program files\Cisco
2008-10-13 22:43 . 2008-10-13 22:43 <DIR> d-------- c:\users\All Users\SteamPopCapv1005
2008-10-13 22:43 . 2008-10-13 22:55 <DIR> d-------- c:\users\All Users\PopCap Games
2008-10-13 22:43 . 2008-10-13 22:43 <DIR> d-------- c:\programdata\SteamPopCapv1005
2008-10-13 22:43 . 2008-10-13 22:55 <DIR> d-------- c:\programdata\PopCap Games
2008-10-13 21:22 . 2008-10-13 21:22 <DIR> d-------- c:\users\All Users\2DBoy
2008-10-13 21:22 . 2008-10-13 21:22 <DIR> d-------- c:\programdata\2DBoy
2008-10-12 22:24 . 2008-10-12 22:24 <DIR> d-------- c:\program files\Activision
2008-10-12 16:03 . 2008-11-09 12:52 <DIR> d-------- c:\program files\Steam
2008-10-12 16:03 . 2008-11-09 12:31 <DIR> d-------- c:\program files\Common Files\Steam

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 18:09 --------- d-----w c:\program files\World of Warcraft
2008-11-09 13:14 77,633 ----a-w c:\users\All Users\nvModes.dat
2008-11-09 13:14 77,633 ----a-w c:\programdata\nvModes.dat
2008-11-02 22:21 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-20 18:01 --------- d-----w c:\program files\Windows Mail
2008-10-19 21:03 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-10-19 21:03 --------- d--h--w c:\program files\Temp
2008-10-15 17:19 --------- d-----w c:\program files\Intel
2008-10-13 17:34 862,240 ----a-w c:\windows\System32\RtkPgExt.dll
2008-10-13 17:34 44,064 ----a-w c:\windows\System32\RtkCoInst.dll
2008-10-13 17:34 322,080 ----a-w c:\windows\System32\RtkApoApi.dll
2008-10-13 17:34 2,346,016 ----a-w c:\windows\System32\RtkAPO.dll
2008-10-13 17:28 2,176,856 ----a-w c:\windows\system32\drivers\RTKVHDA.sys
2008-10-12 21:21 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-11 20:35 --------- d-----w c:\users\Nat\AppData\Roaming\Logitech
2008-10-11 20:35 --------- d-----w c:\programdata\LogiShrd
2008-10-11 20:34 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-10-11 20:34 --------- d-----w c:\programdata\Logitech
2008-10-11 20:34 --------- d-----w c:\program files\Logitech
2008-10-11 20:34 --------- d-----w c:\program files\Common Files\Logishrd
2008-10-11 20:16 --------- d-----w c:\program files\Windows Live
2008-10-11 20:15 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-10-11 20:13 --------- d-----w c:\programdata\WLInstaller
2008-10-11 19:39 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-10-07 22:26 --------- d-----w c:\program files\Realtek
2008-10-07 20:27 --------- d-----w c:\program files\PC Drivers HeadQuarters
2008-10-07 20:22 --------- d-----w c:\programdata\PC Drivers HeadQuarters
2008-10-07 19:07 --------- d-----w c:\program files\DIFX
2008-10-07 18:54 --------- d-----w c:\program files\Protector Suite QL
2008-10-07 18:53 --------- d-----w c:\programdata\UIB
2008-10-07 18:43 --------- d-----w c:\users\Nat\AppData\Roaming\Intel
2008-10-07 18:43 --------- d-----w c:\programdata\Roaming
2008-10-07 18:42 --------- d-----w c:\programdata\Intel
2008-10-07 18:31 --------- d-----w c:\program files\Hotkey
2008-10-07 18:21 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2008-10-07 18:21 --------- d-----w c:\program files\Synaptics
2008-10-07 18:19 --------- d-----w c:\users\Nat\AppData\Roaming\InstallShield
2008-10-07 18:17 --------- d-----w c:\program files\Motorola
2008-10-07 18:10 --------- d-----w c:\programdata\NVIDIA
2008-10-07 17:58 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-10-04 01:17 133,120 ----a-w c:\windows\system32\drivers\Rtlh86.sys
2008-09-10 16:41 47,104 ----a-w c:\windows\System32\ctppld.dll
2008-09-10 16:39 497,152 ----a-w c:\windows\System32\CTAPO32.dll
2008-09-10 01:29 453,152 ----a-w c:\windows\System32\NVUNINST.EXE
2008-08-25 15:17 528,384 ----a-w c:\windows\RtlExUpd.dll
2008-08-15 10:49 2,255,144 ----a-w c:\windows\Free Fire Screensaver.scr
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-09-10 14:35 2957312 --a------ c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-09-10 14:35 2957312 --a------ c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\Nat\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-06 133104]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-19 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-19 92704]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-03-26 1208320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"HotkeyOSD Software"="c:\program files\Hotkey\HotKey.exe" [2008-07-16 1351680]
"BisonHK"="c:\windows\BisonCam\BisonHK.exe" [2008-03-25 77824]
"DeLay"="c:\windows\BisonCam\DeLay.exe" [2008-03-11 53248]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-06-05 49168]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-13 6335008]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-10-13 1833504]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-11 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-06-05 22:03 90112 c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll,c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll,c:\progra~1\KASPER~1\KASPER~1\adialhk.dll,c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-11-06 21:02 133104 c:\users\Nat\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2649147853-2438116765-369401869-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{85338FD4-9566-4404-BE07-8CCEF0AF8486}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{079FFED1-20B1-43B6-BB35-CAD3186577C5}"= UDP:c:\program files\World of Warcraft\Launcher.exe:World of Warcraft
"{8973D5F4-F5A2-4496-A607-6067945F4F06}"= TCP:c:\program files\World of Warcraft\Launcher.exe:World of Warcraft
"{9A2503BE-B4A4-49F3-923C-06B2F401F6BF}"= UDP:6112:Blizzard Downloader: 6112
"TCP Query User{0BF77495-979A-4946-9405-06C0FEAC0AD5}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{36024061-854E-4986-8BEE-256B42E4412F}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"TCP Query User{64DCAC84-6B47-4850-BE8F-C3DA11BD930A}c:\\program files\\steam\\steamapps\\jellysheep\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\jellysheep\zombie panic! source\hl2.exe:hl2
"UDP Query User{609B6F00-1450-4053-B178-6DD6ADE23974}c:\\program files\\steam\\steamapps\\jellysheep\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\jellysheep\zombie panic! source\hl2.exe:hl2
"TCP Query User{77AAF7CB-ABF2-43E5-9F79-F9F6BE913485}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{2DB38E29-2524-401B-A929-50A0FF8EC5D1}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{92F04DAE-9B0A-45EA-B503-CDC75907D58F}c:\\program files\\steam\\steamapps\\jellysheep\\garrysmod\\hl2.exe"= UDP:c:\program files\steam\steamapps\jellysheep\garrysmod\hl2.exe:hl2
"UDP Query User{37A5C32E-0247-45EC-993F-9C421E599316}c:\\program files\\steam\\steamapps\\jellysheep\\garrysmod\\hl2.exe"= TCP:c:\program files\steam\steamapps\jellysheep\garrysmod\hl2.exe:hl2
"TCP Query User{47B8704F-CF67-4432-918C-AB4932849028}c:\\program files\\steam\\steamapps\\jellysheep\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\jellysheep\zombie panic! source\hl2.exe:hl2
"UDP Query User{2E61ED55-44CE-4952-B406-64B8B085DC65}c:\\program files\\steam\\steamapps\\jellysheep\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\jellysheep\zombie panic! source\hl2.exe:hl2
"{6059FAC7-2EDB-42A8-8665-2A14A4BB325F}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D37B6727-B567-482A-8731-5591126C0606}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{EBECA0F9-CF63-4A42-BCC1-B30B784519A5}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F87B3307-9B0C-4025-BD78-08B23801B621}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5C85B05F-4134-4266-95EB-E6FFE4BC6A43}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
R2 PowerBiosServer;PowerBiosServer;c:\program files\Hotkey\PowerBiosServer.exe [2008-07-10 36864]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-06-26 3662848]
S3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe [2008-11-09 99576]
S4 ErrDev;Microsoft Hardware Error Device Driver;c:\windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;c:\windows\system32\drivers\megasr.sys [2008-01-21 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2008-11-07 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\users\Nat\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-06 21:02]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\1n8n69hf.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.co.uk/
FF -: plugin - c:\users\Nat\AppData\Local\Google\Update\1.2.131.27\npGoogleOneClick6.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 20:05:16
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Protector Suite QL\upeksvr.exe
c:\windows\System32\wlanext.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\windows\System32\rundll32.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2008-11-12 20:08:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-12 20:08:20

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 210,485,506,048 bytes free

297 --- E O F --- 2008-11-09 10:01:22

[Gunsmith_Cat]

It isn't letting me attach the gmer log, so I will paste it here. It is only short:


GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-12 20:21:03
Windows 6.0.6001 Service Pack 1


---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----

[Ried]

I'd like to see the C:\Qoobox\ComboFix-quarantined-files.txt. Please post the contents of that report in your next reply.

Are you still getting redirected?

[Gunsmith_Cat]

Here are the contents of the requested quarantine log:


2008-11-12 19:56:39 A------- 108 C:\Qoobox\Quarantine\catchme.log
2008-11-12 20:01:57 A------- 6,025 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2008-11-12 20:07:18 A------- 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat
2008-11-12 20:07:18 A------- 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat
2008-11-12 20:07:18 A------- 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat






That was all that was in the log. As for your question about whether I am still getting redirected... the answer is no. This stopped after I installed a program called Malwarebytes' Anti-Malware which was recently recommended to me. It found the remains of the boot.com/resycled worm that I thought I had completely removed manually from some instructions I found online about how to manually remove it from the registry in regedit.
Ever since I ran Malwarebytes' program the links have stopped redirecting.

I just want to be sure that everything harmful has now been removed.

I am running Kaspersky Internet Security, and it seems to detect a lot of things as being "Very Dangerous"... such as things called Patchers and Staging Areas (what are those?). Those were detected on 6th November though, when I was getting web redirection trouble. I ran a full scan with Kaspersky on 6th November and it found the following issues (which I will add have not been detected on my system since):

Full Scan: completed 06/11/2008 03:15:45 (events: 12, objects: 241826, time: 00:21:50)
06/11/2008 02:52:05 Task started
06/11/2008 02:53:05 Task stopped
06/11/2008 02:53:55 Task started
06/11/2008 02:53:56 Detected: Worm.Win32.AutoRun.nuu C:\$Recycle.Bin\S-1-5-21-2649147853-2438116765-369401869-1000\$RXY1UHZ.inf
06/11/2008 02:53:56 Untreated: Worm.Win32.AutoRun.nuu C:\$Recycle.Bin\S-1-5-21-2649147853-2438116765-369401869-1000\$RXY1UHZ.inf Postponed
06/11/2008 03:06:11 Detected: Trojan.Win32.Agent.akwc C:\Users\Nat\AppData\Local\Temp\tmp208A.tmp
06/11/2008 03:06:11 Untreated: Trojan.Win32.Agent.akwc C:\Users\Nat\AppData\Local\Temp\tmp208A.tmp Postponed
06/11/2008 03:06:11 Detected: Trojan-Downloader.Win32.Agent.ahcg C:\Users\Nat\AppData\Local\Temp\tmpAACF.tmp
06/11/2008 03:06:11 Untreated: Trojan-Downloader.Win32.Agent.ahcg C:\Users\Nat\AppData\Local\Temp\tmpAACF.tmp Postponed
06/11/2008 03:15:43 Detected: Trojan.Win32.Agent.akwc C:\Users\Nat\AppData\Local\Temp\tmp208A.tmp
06/11/2008 03:15:45 Detected: Trojan-Downloader.Win32.Agent.ahcg C:\Users\Nat\AppData\Local\Temp\tmpAACF.tmp



P.S. What is the Qoobox folder? Did it install with that last program you asked me to run? You will have to tell me what files and/or folders would have installed on my C: drive from all of these programs you have been asking me to install and/or run, so that I can remove everything no longer needed when I am confirmed to be in the clear... if you don't mind. :)

[Ried]

I wish you would have told me that earlier. : )

Kaspersky is no longer detecting those threats because the temp folder and recycle folder have been emptied by the tools used to clean the system.

Yes, Qoobox is created by ComboFix and contains backups and log texts that we may need. I'll provide final clean up instructions when we're through here.

What must be done now is run an online scan to search for any remnants that may be lurking about. Perform an online scan with Panda ActiveScan

* Turn off the real time scanner of any existing antivirus program while performing the online scan

• Click on Scan Your PC Now
• A "pop up" window will appear, or a new tab will open.
• Click on Register
• Choose the option you like most, but we recommend the Free Registration.
• Click on Register
• Enter your e-mail address, and create a password.
• Select "I do not want to receive any type of information". (unless you want to receive such information)
• Click on Send
• Confirm registration, and continue by entering your user name and password, then click on Enter
• Select Full Scan, then Click on Scan Now
• Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
  
• If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
• Please ignore the offer to buy the program. Click on Export To
  
• Export the log and save it to your desktop.
• Please attach the contents of that log in your next reply.

[Gunsmith_Cat]

Well, I was infected apparently... but the disinfect says it is only enabled if I am buying the full version or I am a client! It's telling me that SmitfraudFix is a tracking program!?!

Here are the results of the log anyway (also attached it in case the formatting is funny in this window):


;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-11-14 17:19:19
PROTECTIONS: 1
MALWARE: 5
SUSPECTS: 3
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender 1.1.4104.0 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Nat\AppData\Roaming\Microsoft\Windows\Cookies\nat@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Nat\AppData\Roaming\Microsoft\Windows\Cookies\nat@atdmt[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Nat\AppData\Roaming\Microsoft\Windows\Cookies\nat@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Nat\AppData\Roaming\Microsoft\Windows\Cookies\nat@bs.serving-sys[1].txt
03477235 Application/SmithFraudFix.A HackTools No 0 Yes No C:\Users\Nat\Documents\Downloads\SmitfraudFix.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location œ��p��s5

;===================================================================================================================================================================================
No C:\ComboFix\psexec.cfexe œ��p��s5

No C:\Users\Nat\Documents\Downloads\SmitfraudFix\404Fix.exe œ��p��s5

No C:\Users\Nat\Documents\Downloads\SmitfraudFix\IEDFix.C.exe œ��p��s5

;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description œ��p��s5

;===================================================================================================================================================================================
;===================================================================================================================================================================================

[Ried]

No worries about SmitfraudFix. AV companies are detecting some of the processes used by the tool. As they cannot distinguish between "good" and "malicious" use of such processes, they alert the user.

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

The following procedure will clear out the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

• It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.


Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?
Think Prevention


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

**Kindly respond one more time and let me know if we may consider this thread resolved.

[Gunsmith_Cat]

HI there.

Many thanks for taking the time to help me with this stuff. I've found everything you've said and recommended extremely useful, and I will be copying and pasting this thread advice into a WORD document for any future encounters. Thanks again. You can feel free to close this thread. :)

[Ried]

Thanks for letting me know, and you're welcome.

Take care, and surf safely.