Zlob DNS Changer infection

[Merebimur]

Spybot 1.6.0.30 running on Windows Vista Ultimate

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:01:06, on 07/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Desktop Clock\Desktop Clock.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = news.sky.com/skynews
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [My App] C:\Program Files\Desktop Clock\Desktop Clock.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 4461 bytes

 

[Shaba]

Hi Merebimur

Please post next spybot report

 

[Merebimur]

Spybot Log

--- Search result list ---
Hint of the Day: Click the bar at the right of this to see more information! ()


Zlob.DNSChanger: [SBI $041D1396] TCP/IP Settings #1 (Undefined) (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer=208.67.220.220,208.67.222.222

Zlob.DNSChanger: [SBI $041D1396] TCP/IP Settings #2 (Undefined) (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F2FAB30E-EAC9-4DE3-869A-C3D1EB588D8D}\DhcpNameServer=208.67.220.220,208.67.222.222


--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-07-07 TeaTimer.exe (1.6.0.20)
2008-11-05 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-11-04 Includes\Adware.sbi (*)
2008-11-05 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-09-02 Includes\Hijackers.sbi (*)
2008-10-28 Includes\HijackersC.sbi (*)
2008-09-09 Includes\Keyloggers.sbi (*)
2008-11-04 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-04 Includes\Malware.sbi (*)
2008-11-04 Includes\MalwareC.sbi (*)
2008-11-03 Includes\PUPS.sbi (*)
2008-11-04 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-10-23 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-11-04 Includes\Spyware.sbi (*)
2008-11-04 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-11-04 Includes\Trojans.sbi (*)
2008-11-04 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows Vista (Build: 6000) (6.0.6000)


--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 34672
MD5: 69B16C7B7746BA5C642FC05B3561FC73

Located: HK_LM:Run, AVP
command: "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
file: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
size: 206088
MD5: 56046D59E299969544255196AFAAA377

Located: HK_LM:Run, CTxfiHlp
command: CTXFIHLP.EXE
file: C:\Windows\system32\CTXFIHLP.EXE
size: 19968
MD5: 23FCD616233EE7FF75B1C9D25F9F1BB4

Located: HK_LM:Run, My App
command: C:\Program Files\Desktop Clock\Desktop Clock.exe
file: C:\Program Files\Desktop Clock\Desktop Clock.exe
size: 681472
MD5: 4DD4C3AB9B63D644F87496C833589D65

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
file: C:\Windows\system32\NvCpl.dll
size: 13584928
MD5: C5B510903FA7D47A0EC7AE561B3D7C84

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
file: C:\Windows\system32\NvMcTray.dll
size: 92704
MD5: A58AE4B49BC1E44DB2E890577A4020E6

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: AB68B7C232293F6B09E5C29CB31AE76D

Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1006264
MD5: 9AD9E2FB2811123DA13DE84CC154AB77

Located: HK_CU:Run, CtxfiReg
where: .DEFAULT...
command: CTXFIREG.exe /FAIL1
file: C:\Windows\system32\CTXFIREG.exe
size: 43520
MD5: 4B02B5DC2C10CBD16B4E039D08C3EC50

Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1232896
MD5: 582F3A0BA61D8F0D50C66B592808B6D6

Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-19...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2159104
MD5: 736A6F5FF321AAAAB140B1100E345F04

Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1232896
MD5: 582F3A0BA61D8F0D50C66B592808B6D6

Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-20...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2159104
MD5: 736A6F5FF321AAAAB140B1100E345F04

Located: HK_CU:Run, Messenger (Yahoo!)
where: S-1-5-21-346314759-1577426813-436086011-1000...
command: "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
file: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
size: 4347120
MD5: BF7F70A930CEFF0124CB70BFB0055E8F

Located: HK_CU:RunOnce, Index Washer
where: S-1-5-21-346314759-1577426813-436086011-1000...
command: C:\Program Files\Webroot\Washer\WashIdx.exe "Merebimur"
file: C:\Program Files\Webroot\Washer\WashIdx.exe
size: 55624
MD5: 944FAEDBC4136707B76FB3086C9B1080

Located: HK_CU:Run, CtxfiReg
where: S-1-5-18...
command: CTXFIREG.exe /FAIL1
file: C:\Windows\system32\CTXFIREG.exe
size: 43520
MD5: 4B02B5DC2C10CBD16B4E039D08C3EC50

Located: WinLogon, klogon
command: C:\Windows\system32\klogon.dll
file: C:\Windows\system32\klogon.dll
size: 218376
MD5: 1FE46082A766CEBE72FF30D0DE7DDCD1



--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 11/06/2008 22:33:16
Date (last access): 09/11/2008 11:04:02
Date (last write): 11/06/2008 22:33:16
Filesize: 75128
Attributes: archive
MD5: E96C752BBA0E22330A43258FC800200E
CRC32: E5D72083
Version: 9.0.0.332

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 05/11/2008 03:49:44
Date (last access): 09/11/2008 11:04:02
Date (last write): 07/07/2008 09:41:58
Filesize: 1562448
Attributes: archive
MD5: 32981ADE44D01EC2A9EBC2E311291707
CRC32: C2F522E6
Version: 1.6.0.12

{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} (IEVkbdBHO Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: IEVkbdBHO Class
Path: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\
Long name: ievkbd.dll
Short name:
Date (created): 29/07/2008 20:21:34
Date (last access): 09/11/2008 10:55:44
Date (last write): 29/07/2008 20:21:34
Filesize: 62728
Attributes: archive
MD5: F09EE70D53CD3C336375D363191BBA76
CRC32: 72919599
Version: 8.0.0.454

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 07/11/2008 06:54:14
Date (last access): 09/11/2008 11:04:04
Date (last write): 07/11/2008 06:54:14
Filesize: 320920
Attributes: archive
MD5: DC090E320775F1B1FE896F6E1D393D7F
CRC32: 068B5AFC
Version: 6.0.100.33

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 07/11/2008 06:54:14
Date (last access): 09/11/2008 11:04:04
Date (last write): 07/11/2008 06:54:14
Filesize: 34816
Attributes: archive
MD5: 27771CDC5D464818C8F92356AE840A6F
CRC32: B0BC1BD4
Version: 6.0.100.33

{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: EpsonToolBandKicker Class
Path: C:\Program Files\EPSON\EPSON Web-To-Page\
Long name: EPSON Web-To-Page.dll
Short name: EPSONW~1.DLL
Date (created): 05/11/2008 02:49:38
Date (last access): 09/11/2008 10:55:44
Date (last write): 22/02/2005 13:50:34
Filesize: 368640
Attributes: archive
MD5: 01319CF4030B3740BA8261E7024ACAD1
CRC32: D484DB79
Version: 1.1.0.0



--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_10
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 07/11/2008 06:54:14
Date (last access): 08/11/2008 05:58:12
Date (last write): 07/11/2008 06:54:14
Filesize: 94208
Attributes: archive
MD5: 9FB23124A9533D08D36F5E5C252BFF16
CRC32: 20944F62
Version: 6.0.100.33

{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_10
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 07/11/2008 06:54:14
Date (last access): 09/11/2008 11:35:56
Date (last write): 07/11/2008 06:54:14
Filesize: 94208
Attributes: archive
MD5: 9FB23124A9533D08D36F5E5C252BFF16
CRC32: 20944F62
Version: 6.0.100.33

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_10
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_10.dll
Short name: NPJPI1~1.DLL
Date (created): 07/11/2008 06:54:14
Date (last access): 08/11/2008 08:47:34
Date (last write): 07/11/2008 06:54:14
Filesize: 132504
Attributes: archive
MD5: 3CEF7A7DE0D5141E016A862B1D86B1CD
CRC32: CC232AC8
Version: 6.0.100.33

{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class)
DPF name:
CLSID name: get_atlcom Class
Installer: C:\Windows\Downloaded Program Files\gp.inf
Codebase: http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Path: C:\Windows\Downloaded Program Files\
Long name: gp.ocx
Short name:
Date (created): 06/10/2008 09:18:42
Date (last access): 07/11/2008 07:22:34
Date (last write): 06/10/2008 09:18:42
Filesize: 131392
Attributes: archive
MD5: 513252FADA0ED23767B0668B6569752F
CRC32: 04CE0A2F
Version: 1.5.2.35

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\Windows\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\Windows\system32\Macromed\Flash\
Long name: Flash10a.ocx
Short name:
Date (created): 05/10/2008 03:16:26
Date (last access): 09/11/2008 11:02:48
Date (last write): 05/10/2008 03:16:26
Filesize: 3789728
Attributes: readonly archive
MD5: 466C1355934925768822E380DA6E6E4A
CRC32: 48EC1E52
Version: 10.0.12.36



--- Process list ---
PID: 1884 (1044) C:\Windows\system32\Dwm.exe
size: 83456
MD5: E87B968F3D49117445893EB0503FE34F
PID: 1896 (1876) C:\Windows\Explorer.EXE
size: 2923520
MD5: 6D06CD98D954FE87FB2DB8108793B399
PID: 524 (1064) C:\Windows\system32\taskeng.exe
size: 166400
MD5: 1226E9FAE5B8508801EC974E3C9D9C14
PID: 2476 (1896) C:\Program Files\Windows Defender\MSASCui.exe
size: 1006264
MD5: 9AD9E2FB2811123DA13DE84CC154AB77
PID: 2492 (1896) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 4B555106290BD117334E9A08761C035A
PID: 2504 (1896) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
size: 206088
MD5: 56046D59E299969544255196AFAAA377
PID: 2516 (1896) C:\Windows\System32\Ctxfihlp.exe
size: 19968
MD5: 23FCD616233EE7FF75B1C9D25F9F1BB4
PID: 2524 (1896) C:\Program Files\Desktop Clock\Desktop Clock.exe
size: 681472
MD5: 4DD4C3AB9B63D644F87496C833589D65
PID: 2576 (1896) C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: AB68B7C232293F6B09E5C29CB31AE76D
PID: 2820 ( 808) C:\Windows\SYSTEM32\CTXFISPI.EXE
size: 969216
MD5: 7191A0F32338E375BE7E02CF7D5C1C4C
PID: 3584 (1896) C:\Program Files\Windows Media Player\wmpnscfg.exe
size: 201728
MD5: F6DFB6E9341D3C0E47527B586B3EF0C3
PID: 3224 (3256) C:\Users\MEREBI~1\AppData\Local\Temp\NERO1002510\ipclog.exe
size: 111912
MD5: 6351850AE36388FD76140D1EF034D0F7
PID: 3236 (3256) C:\Users\Merebimur\AppData\Local\Temp\nro.tmp\SetupX.exe
size: 5821736
MD5: 691F0FACD77FEC2E89F3B4501CC6E267
PID: 6588 (1896) C:\Program Files\Internet Explorer\iexplore.exe
size: 633632
MD5: 19403B64906C9EAC627E3C10847B0FDA
PID: 4640 (1896) C:\Program Files\Internet Explorer\iexplore.exe
size: 633632
MD5: 19403B64906C9EAC627E3C10847B0FDA
PID: 9368 (1896) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4891472
MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855
PID: 14972 (2000) C:\Windows\system32\SearchFilterHost.exe
size: 76288
MD5: 78B5AE488DCD24556CF976BE0BBA82BE
PID: 19384 (3180) C:\Windows\system32\MsiExec.exe
size: 71680
MD5: B038D40785FA669BD8C3E0252909B4C2
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 408 ( 4) smss.exe
size: 62976
PID: 552 ( 540) csrss.exe
size: 7680
PID: 604 ( 540) wininit.exe
size: 95744
PID: 616 ( 596) csrss.exe
size: 7680
PID: 648 ( 604) services.exe
size: 279552
PID: 660 ( 604) lsass.exe
size: 7680
PID: 672 ( 604) lsm.exe
size: 210944
PID: 808 ( 648) svchost.exe
size: 22016
PID: 852 ( 648) nvvsvc.exe
size: 203296
PID: 880 ( 648) svchost.exe
size: 22016
PID: 916 ( 596) winlogon.exe
size: 308224
PID: 952 ( 648) svchost.exe
size: 22016
PID: 1016 ( 648) svchost.exe
size: 22016
PID: 1044 ( 648) svchost.exe
size: 22016
PID: 1064 ( 648) svchost.exe
size: 22016
PID: 1156 (1016) audiodg.exe
size: 88064
PID: 1260 ( 648) CTAudSvc.exe
PID: 1296 ( 648) svchost.exe
size: 22016
PID: 1336 ( 648) SLsvc.exe
size: 2605568
PID: 1360 ( 648) svchost.exe
size: 22016
PID: 1468 ( 852) rundll32.exe
size: 44544
PID: 1776 ( 648) aawservice.exe
PID: 432 ( 648) spoolsv.exe
size: 124928
PID: 560 ( 648) svchost.exe
size: 22016
PID: 1648 ( 648) avp.exe
PID: 1840 ( 648) svchost.exe
size: 22016
PID: 124 ( 648) svchost.exe
size: 22016
PID: 1420 ( 648) svchost.exe
size: 22016
PID: 2016 ( 648) svchost.exe
size: 22016
PID: 2000 ( 648) SearchIndexer.exe
size: 287744
PID: 2120 ( 648) WasherSvc.exe
PID: 3384 (1064) taskeng.exe
size: 166400
PID: 3884 ( 648) wmpnetwk.exe
PID: 2804 ( 648) WLSetupSvc.exe
PID: 3180 ( 648) msiexec.exe
size: 71680
PID: 4768 ( 648) VSSVC.exe
size: 924160
PID: 5684 ( 648) svchost.exe
size: 22016
PID: 7004 ( 648) infocard.exe
PID: 18692 (2000) SearchProtocolHost.exe
size: 204288


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 09/11/2008 11:35:56

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
news.sky.com/skynews
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F2FAB30E-EAC9-4DE3-869A-C3D1EB588D8D}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F2FAB30E-EAC9-4DE3-869A-C3D1EB588D8D}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4687B65A-AD8E-4842-B1C9-488775E6544C}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4687B65A-AD8E-4842-B1C9-488775E6544C}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DF076F8C-8C02-46CF-B2BA-A8D4B07D5229}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DF076F8C-8C02-46CF-B2BA-A8D4B07D5229}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F2FAB30E-EAC9-4DE3-869A-C3D1EB588D8D}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F2FAB30E-EAC9-4DE3-869A-C3D1EB588D8D}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 4: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 5: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

 

[Shaba]

Those are not necessarily Zlob.DNSChanger because they are OpenDNS DNS servers.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Post:

- mbam log
- rsit log (taken after mbam run)

 

[Merebimur]

Logs

Mbam Log.

Malwarebytes' Anti-Malware 1.30
Database version: 1375
Windows 6.0.6000

09/11/2008 16:10:56
mbam-log-2008-11-09 (16-10-56).txt

Scan type: Full Scan (C:\|)
Objects scanned: 111767
Time elapsed: 3 hour(s), 56 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.101 85.255.112.143 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f2fab30e-eac9-4de3-869a-c3d1eb588d8d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.101 85.255.112.143 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.101 85.255.112.143 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f2fab30e-eac9-4de3-869a-c3d1eb588d8d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.101 85.255.112.143 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


--------------------

RSIT Log.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Merebimur at 2008-11-09 16:28:32
Microsoft® Windows Vista™ Ultimate
System drive C: has 686 GB (96%) free of 715 GB
Total RAM: 2046 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:28:51, on 09/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Desktop Clock\Desktop Clock.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Merebimur.exe
C:\Windows\System32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = news.sky.com/skynews
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: # Start of entries inserted by Spybot - Search & Destroy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [My App] C:\Program Files\Desktop Clock\Desktop Clock.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 5814 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-07-29 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-07 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-07 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-01-17 1006264]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-10-07 13584928]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-10-07 92704]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]
"CTxfiHlp"=C:\Windows\system32\CTXFIHLP.EXE [2008-07-11 19968]
"My App"=C:\Program Files\Desktop Clock\Desktop Clock.exe [2007-02-27 681472]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-07 136600]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2008-07-29 218376]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-11-09 16:28:32 ----D---- C:\rsit
2008-11-09 16:27:14 ----A---- C:\RSIT.exe
2008-11-09 16:11:27 ----A---- C:\mbam log.txt
2008-11-09 13:01:59 ----D---- C:\Users\Merebimur\AppData\Roaming\DivX
2008-11-09 13:01:46 ----A---- C:\Windows\NeroDigital.ini
2008-11-09 13:01:05 ----D---- C:\Users\Merebimur\AppData\Roaming\Nero
2008-11-09 12:11:27 ----D---- C:\Users\Merebimur\AppData\Roaming\Malwarebytes
2008-11-09 12:11:21 ----D---- C:\ProgramData\Malwarebytes
2008-11-09 12:11:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-09 12:08:08 ----A---- C:\mbam-setup.exe
2008-11-09 11:30:09 ----A---- C:\winsock.txt
2008-11-09 11:07:43 ----D---- C:\Program Files\Nero
2008-11-09 11:06:23 ----D---- C:\ProgramData\Nero
2008-11-09 11:06:23 ----D---- C:\Program Files\Common Files\Nero
2008-11-09 11:04:06 ----A---- C:\Windows\system32\d3dx9_30.dll
2008-11-08 08:11:30 ----A---- C:\ATF-Cleaner.exe
2008-11-08 07:14:52 ----D---- C:\Moviez
2008-11-07 09:10:22 ----D---- C:\ProgramData\Yahoo!
2008-11-07 07:26:50 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-11-07 07:25:18 ----D---- C:\ProgramData\Adobe
2008-11-07 07:25:14 ----D---- C:\Program Files\Common Files\Adobe
2008-11-07 07:25:14 ----D---- C:\Program Files\Adobe
2008-11-07 07:22:31 ----D---- C:\ProgramData\NOS
2008-11-07 07:22:30 ----D---- C:\Program Files\NOS
2008-11-07 06:54:33 ----A---- C:\Windows\system32\deploytk.dll
2008-11-07 06:54:32 ----A---- C:\Windows\system32\javaws.exe
2008-11-07 06:54:32 ----A---- C:\Windows\system32\javaw.exe
2008-11-07 06:54:32 ----A---- C:\Windows\system32\java.exe
2008-11-07 06:54:07 ----D---- C:\Program Files\Java
2008-11-07 06:26:51 ----D---- C:\Users\Merebimur\AppData\Roaming\URSoft
2008-11-07 06:26:50 ----D---- C:\Program Files\Your Uninstaller 2008
2008-11-07 06:23:00 ----AD---- C:\ProgramData\TEMP
2008-11-07 06:22:38 ----D---- C:\Program Files\SpywareBlaster
2008-11-07 06:22:38 ----A---- C:\Windows\system32\MSSTDFMT.DLL
2008-11-06 19:14:11 ----A---- C:\Windows\system32\wlansvc.dll
2008-11-06 19:14:11 ----A---- C:\Windows\system32\wlansec.dll
2008-11-06 19:14:11 ----A---- C:\Windows\system32\wlanmsm.dll
2008-11-06 19:14:11 ----A---- C:\Windows\system32\wlanhlp.dll
2008-11-06 19:14:11 ----A---- C:\Windows\system32\wlanapi.dll
2008-11-06 19:14:10 ----A---- C:\Windows\system32\wtsapi32.dll
2008-11-06 19:14:10 ----A---- C:\Windows\system32\sysmain.dll
2008-11-06 19:14:09 ----A---- C:\Windows\explorer.exe
2008-11-06 19:14:07 ----A---- C:\Windows\system32\msshsq.dll
2008-11-06 18:38:01 ----D---- C:\Program Files\BitLocker
2008-11-06 18:25:45 ----A---- C:\Windows\system32\SecureKeyBackupCPL.dll
2008-11-06 18:24:45 ----A---- C:\Windows\system32\gpprefcl.dll
2008-11-06 18:22:54 ----A---- C:\Windows\system32\winipsec.dll
2008-11-06 18:22:54 ----A---- C:\Windows\system32\polstore.dll
2008-11-06 18:22:54 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-11-06 18:22:54 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2008-11-06 18:22:44 ----A---- C:\Windows\system32\EncDec.dll
2008-11-06 18:22:42 ----A---- C:\Windows\system32\psisdecd.dll
2008-11-06 18:22:42 ----A---- C:\Windows\system32\mcmde.dll
2008-11-06 18:22:33 ----A---- C:\Windows\system32\gameux.dll
2008-11-06 18:22:33 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-11-06 18:22:32 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-11-06 18:22:13 ----A---- C:\Windows\system32\netcfgx.dll
2008-11-06 18:22:13 ----A---- C:\Windows\system32\localspl.dll
2008-11-06 18:22:12 ----A---- C:\Windows\system32\riched20.dll
2008-11-06 18:22:12 ----A---- C:\Windows\system32\rasmxs.dll
2008-11-06 18:22:12 ----A---- C:\Windows\system32\rasdiag.dll
2008-11-06 18:22:12 ----A---- C:\Windows\system32\rascfg.dll
2008-11-06 18:22:12 ----A---- C:\Windows\system32\msftedit.dll
2008-11-06 18:22:12 ----A---- C:\Windows\system32\ipnathlp.dll
2008-11-06 18:22:12 ----A---- C:\Windows\system32\dps.dll
2008-11-06 18:22:11 ----A---- C:\Windows\system32\wshqos.dll
2008-11-06 18:22:11 ----A---- C:\Windows\system32\traffic.dll
2008-11-06 18:22:11 ----A---- C:\Windows\system32\riched32.dll
2008-11-06 18:22:11 ----A---- C:\Windows\system32\rasser.dll
2008-11-06 18:22:11 ----A---- C:\Windows\system32\pacerprf.dll
2008-11-06 18:22:11 ----A---- C:\Windows\system32\icsunattend.exe
2008-11-06 18:22:11 ----A---- C:\Windows\system32\cdd.dll
2008-11-06 18:22:10 ----A---- C:\Windows\system32\winsrv.dll
2008-11-06 18:22:10 ----A---- C:\Windows\system32\csrsrv.dll
2008-11-06 18:22:08 ----A---- C:\Windows\system32\msoert2.dll
2008-11-06 18:22:08 ----A---- C:\Windows\system32\msoeacct.dll
2008-11-06 18:22:07 ----A---- C:\Windows\system32\ACCTRES.dll
2008-11-06 18:22:02 ----A---- C:\Windows\system32\shell32.dll
2008-11-06 18:21:46 ----A---- C:\Windows\system32\WebClnt.dll
2008-11-06 18:21:43 ----A---- C:\Windows\system32\wfapigp.dll
2008-11-06 18:21:43 ----A---- C:\Windows\system32\MPSSVC.dll
2008-11-06 18:21:43 ----A---- C:\Windows\system32\iphlpsvc.dll
2008-11-06 18:21:43 ----A---- C:\Windows\system32\icfupgd.dll
2008-11-06 18:21:43 ----A---- C:\Windows\system32\FirewallAPI.dll
2008-11-06 18:21:43 ----A---- C:\Windows\system32\cmifw.dll
2008-11-06 18:19:52 ----A---- C:\Windows\system32\dxmasf.dll
2008-11-06 18:19:51 ----A---- C:\Windows\system32\wmp.dll
2008-11-06 18:19:50 ----A---- C:\Windows\system32\wmploc.DLL
2008-11-06 18:19:50 ----A---- C:\Windows\system32\spwmp.dll
2008-11-06 18:19:50 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2008-11-06 18:19:47 ----A---- C:\Windows\system32\msscp.dll
2008-11-06 18:19:43 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2008-11-06 18:19:40 ----A---- C:\Windows\system32\es.dll
2008-11-06 18:19:35 ----A---- C:\Windows\system32\wmpeffects.dll
2008-11-06 18:19:24 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-11-06 18:19:22 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-11-06 18:19:21 ----A---- C:\Windows\system32\NlsData0009.dll
2008-11-06 18:19:20 ----A---- C:\Windows\system32\NlsData000c.dll
2008-11-06 18:19:20 ----A---- C:\Windows\system32\NlsData000a.dll
2008-11-06 18:19:20 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-11-06 18:19:19 ----A---- C:\Windows\system32\NlsData0027.dll
2008-11-06 18:19:19 ----A---- C:\Windows\system32\NlsData000d.dll
2008-11-06 18:19:19 ----A---- C:\Windows\system32\NlsData0001.dll
2008-11-06 18:19:18 ----A---- C:\Windows\system32\NlsData003e.dll
2008-11-06 18:19:18 ----A---- C:\Windows\system32\NlsData002a.dll
2008-11-06 18:19:18 ----A---- C:\Windows\system32\NlsData0022.dll
2008-11-06 18:19:18 ----A---- C:\Windows\system32\NlsData0021.dll
2008-11-06 18:19:18 ----A---- C:\Windows\system32\NlsData001a.dll
2008-11-06 18:19:18 ----A---- C:\Windows\system32\NlsData0018.dll
2008-11-06 18:19:18 ----A---- C:\Windows\system32\NlsData0011.dll
2008-11-06 18:19:18 ----A---- C:\Windows\system32\NlsData000f.dll
2008-11-06 18:19:18 ----A---- C:\Windows\system32\NlsData0007.dll
2008-11-06 18:19:18 ----A---- C:\Windows\system32\NlsData0002.dll
2008-11-06 18:19:17 ----A---- C:\Windows\system32\NlsData0024.dll
2008-11-06 18:19:17 ----A---- C:\Windows\system32\NlsData001d.dll
2008-11-06 18:19:17 ----A---- C:\Windows\system32\NlsData0019.dll
2008-11-06 18:19:17 ----A---- C:\Windows\system32\NlsData0010.dll
2008-11-06 18:19:16 ----A---- C:\Windows\system32\NlsData0816.dll
2008-11-06 18:19:16 ----A---- C:\Windows\system32\NlsData0013.dll
2008-11-06 18:19:15 ----A---- C:\Windows\system32\NlsData0049.dll
2008-11-06 18:19:15 ----A---- C:\Windows\system32\NlsData0039.dll
2008-11-06 18:19:15 ----A---- C:\Windows\system32\NlsData0020.dll
2008-11-06 18:19:14 ----A---- C:\Windows\system32\NlsData0416.dll
2008-11-06 18:19:14 ----A---- C:\Windows\system32\NlsData0414.dll
2008-11-06 18:19:13 ----A---- C:\Windows\system32\NlsData004c.dll
2008-11-06 18:19:13 ----A---- C:\Windows\system32\NlsData004a.dll
2008-11-06 18:19:13 ----A---- C:\Windows\system32\NlsData0047.dll
2008-11-06 18:19:12 ----A---- C:\Windows\system32\NlsData0c1a.dll
2008-11-06 18:19:12 ----A---- C:\Windows\system32\NlsData081a.dll
2008-11-06 18:19:12 ----A---- C:\Windows\system32\NlsData001b.dll
2008-11-06 18:19:12 ----A---- C:\Windows\system32\NlsData0000.dll
2008-11-06 18:19:11 ----A---- C:\Windows\system32\NlsData004e.dll
2008-11-06 18:19:11 ----A---- C:\Windows\system32\NlsData004b.dll
2008-11-06 18:19:11 ----A---- C:\Windows\system32\NlsData0046.dll
2008-11-06 18:19:11 ----A---- C:\Windows\system32\NlsData0045.dll
2008-11-06 18:19:11 ----A---- C:\Windows\system32\NlsData0026.dll
2008-11-06 18:19:11 ----A---- C:\Windows\system32\NlsData0003.dll
2008-11-06 18:18:46 ----A---- C:\Windows\system32\NlsModels0011.dll
2008-11-06 18:18:45 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2008-11-06 18:18:45 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2008-11-06 18:18:44 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2008-11-06 18:18:44 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2008-11-06 18:18:44 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2008-11-06 18:18:43 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2008-11-06 18:18:43 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2008-11-06 18:18:42 ----A---- C:\Windows\system32\NlsLexicons003e.dll
2008-11-06 18:18:41 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2008-11-06 18:18:41 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2008-11-06 18:18:40 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2008-11-06 18:18:40 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2008-11-06 18:18:39 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2008-11-06 18:18:38 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2008-11-06 18:18:38 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2008-11-06 18:18:36 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2008-11-06 18:18:35 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2008-11-06 18:18:35 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2008-11-06 18:18:34 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2008-11-06 18:18:34 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2008-11-06 18:18:33 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2008-11-06 18:18:33 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2008-11-06 18:18:32 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2008-11-06 18:18:32 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2008-11-06 18:18:31 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2008-11-06 18:18:30 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2008-11-06 18:18:30 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2008-11-06 18:18:30 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2008-11-06 18:18:29 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2008-11-06 18:18:29 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2008-11-06 18:18:29 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2008-11-06 18:18:29 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2008-11-06 18:18:29 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2008-11-06 18:18:28 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2008-11-06 18:18:28 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2008-11-06 18:18:27 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2008-11-06 18:18:27 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2008-11-06 18:18:22 ----A---- C:\Windows\system32\netapi32.dll
2008-11-06 18:18:18 ----A---- C:\Windows\system32\hcrstco.dll
2008-11-06 18:18:16 ----A---- C:\Windows\system32\lpremove.exe
2008-11-06 18:18:16 ----A---- C:\Windows\system32\lpksetup.exe
2008-11-06 18:18:16 ----A---- C:\Windows\system32\LangCleanupSysprepAction.dll
2008-11-06 18:18:15 ----A---- C:\Windows\system32\MUILanguageCleanup.dll
2008-11-06 18:18:12 ----A---- C:\Windows\system32\DWWIN.EXE
2008-11-06 18:17:44 ----A---- C:\Windows\system32\kd1394.dll
2008-11-06 18:17:44 ----A---- C:\Windows\system32\ci.dll
2008-11-06 18:17:43 ----A---- C:\Windows\system32\winload.exe
2008-11-06 18:17:43 ----A---- C:\Windows\system32\srcore.dll
2008-11-06 18:17:42 ----A---- C:\Windows\system32\srdelayed.exe
2008-11-06 18:17:42 ----A---- C:\Windows\system32\srclient.dll
2008-11-06 18:17:42 ----A---- C:\Windows\system32\rstrui.exe
2008-11-06 18:17:41 ----A---- C:\Windows\system32\kbd106n.dll
2008-11-06 18:17:41 ----A---- C:\Windows\system32\f3ahvoas.dll
2008-11-06 18:16:45 ----A---- C:\Windows\system32\msxml3r.dll
2008-11-06 18:16:45 ----A---- C:\Windows\system32\msxml3.dll
2008-11-06 18:16:44 ----A---- C:\Windows\system32\tcpipcfg.dll
2008-11-06 18:16:44 ----A---- C:\Windows\system32\netiougc.exe
2008-11-06 18:16:44 ----A---- C:\Windows\system32\netcfg.exe
2008-11-06 18:16:21 ----A---- C:\Windows\system32\WMASF.DLL
2008-11-06 18:16:21 ----A---- C:\Windows\system32\LAPRXY.DLL
2008-11-06 18:16:21 ----A---- C:\Windows\system32\asferror.dll
2008-11-06 18:16:02 ----A---- C:\Windows\system32\SLsvc.exe
2008-11-06 18:16:02 ----A---- C:\Windows\system32\SLC.dll
2008-11-06 18:16:01 ----A---- C:\Windows\system32\slwmi.dll
2008-11-06 18:16:01 ----A---- C:\Windows\system32\SLUINotify.dll
2008-11-06 18:16:01 ----A---- C:\Windows\system32\SLUI.exe
2008-11-06 18:16:01 ----A---- C:\Windows\system32\SLLUA.exe
2008-11-06 18:16:01 ----A---- C:\Windows\system32\SLCommDlg.dll
2008-11-06 18:16:01 ----A---- C:\Windows\system32\slcinst.dll
2008-11-06 18:16:01 ----A---- C:\Windows\system32\mcbuilder.exe
2008-11-06 18:15:37 ----A---- C:\Windows\system32\gdi32.dll
2008-11-06 18:15:27 ----A---- C:\Windows\system32\msxml6r.dll
2008-11-06 18:15:27 ----A---- C:\Windows\system32\msxml6.dll
2008-11-06 18:15:20 ----A---- C:\Windows\system32\sbunattend.exe
2008-11-06 18:14:58 ----A---- C:\Windows\system32\dnsrslvr.dll
2008-11-06 18:14:58 ----A---- C:\Windows\system32\dnscacheugc.exe
2008-11-06 18:14:58 ----A---- C:\Windows\system32\dnsapi.dll
2008-11-06 17:58:04 ----A---- C:\Windows\system32\tzres.dll
2008-11-06 17:48:19 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-06 17:48:19 ----A---- C:\Windows\system32\ntprint.dll
2008-11-06 17:48:19 ----A---- C:\Windows\system32\authui.dll
2008-11-06 17:48:18 ----A---- C:\Windows\system32\sendmail.dll
2008-11-06 17:48:18 ----A---- C:\Windows\system32\schannel.dll
2008-11-06 17:48:18 ----A---- C:\Windows\system32\msvfw32.dll
2008-11-06 17:48:18 ----A---- C:\Windows\system32\mciavi32.dll
2008-11-06 17:48:18 ----A---- C:\Windows\system32\dhcpcsvc.dll
2008-11-06 17:48:18 ----A---- C:\Windows\system32\avicap32.dll
2008-11-06 17:48:17 ----A---- C:\Windows\system32\CscMig.dll
2008-11-06 17:48:17 ----A---- C:\Windows\system32\avifil32.dll
2008-11-06 17:48:16 ----A---- C:\Windows\system32\ntprint.exe
2008-11-06 17:48:16 ----A---- C:\Windows\system32\msvidc32.dll
2008-11-06 17:48:16 ----A---- C:\Windows\system32\msrle32.dll
2008-11-06 17:48:16 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2008-11-06 17:48:16 ----A---- C:\Windows\system32\dhcpcmonitor.dll
2008-11-06 17:48:12 ----A---- C:\Windows\system32\wmi.dll
2008-11-06 17:48:12 ----A---- C:\Windows\system32\imagehlp.dll
2008-11-06 17:48:08 ----A---- C:\Windows\system32\wshrm.dll
2008-11-06 17:41:03 ----A---- C:\Windows\system32\INETRES.dll
2008-11-06 17:41:03 ----A---- C:\Windows\system32\inetcomm.dll
2008-11-06 17:41:00 ----A---- C:\Windows\system32\win32spl.dll
2008-11-06 17:41:00 ----A---- C:\Windows\system32\printcom.dll
2008-11-06 17:40:45 ----A---- C:\Windows\system32\rpcrt4.dll
2008-11-06 17:37:17 ----A---- C:\Windows\system32\mshtml.dll
2008-11-06 17:37:17 ----A---- C:\Windows\system32\ieframe.dll
2008-11-06 17:37:16 ----A---- C:\Windows\system32\wininet.dll
2008-11-06 17:37:16 ----A---- C:\Windows\system32\urlmon.dll
2008-11-06 17:37:16 ----A---- C:\Windows\system32\mstime.dll
2008-11-06 17:37:15 ----A---- C:\Windows\system32\ieapfltr.dll
2008-11-06 17:37:15 ----A---- C:\Windows\system32\ie4uinit.exe
2008-11-06 17:37:14 ----A---- C:\Windows\system32\pngfilt.dll
2008-11-06 17:37:14 ----A---- C:\Windows\system32\mshtmled.dll
2008-11-06 17:37:14 ----A---- C:\Windows\system32\jsproxy.dll
2008-11-06 17:37:14 ----A---- C:\Windows\system32\ieUnatt.exe
2008-11-06 17:37:14 ----A---- C:\Windows\system32\ieui.dll
2008-11-06 17:37:14 ----A---- C:\Windows\system32\iesetup.dll
2008-11-06 17:37:14 ----A---- C:\Windows\system32\iertutil.dll
2008-11-06 17:37:14 ----A---- C:\Windows\system32\iernonce.dll
2008-11-06 17:37:14 ----A---- C:\Windows\system32\icardie.dll
2008-11-06 17:37:14 ----A---- C:\Windows\system32\dxtrans.dll
2008-11-06 17:37:14 ----A---- C:\Windows\system32\dxtmsft.dll
2008-11-06 17:37:14 ----A---- C:\Windows\system32\advpack.dll
2008-11-06 17:36:48 ----A---- C:\Windows\system32\user32.dll
2008-11-06 17:36:45 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-11-06 17:36:45 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-11-06 17:36:14 ----A---- C:\Windows\system32\qmgr.dll
2008-11-06 17:35:17 ----A---- C:\Windows\system32\quartz.dll
2008-11-06 17:35:12 ----A---- C:\Windows\system32\crypt32.dll
2008-11-06 17:26:42 ----D---- C:\Program Files\Yahoo!
2008-11-06 17:26:30 ----D---- C:\Program Files\CCleaner
2008-11-06 17:18:49 ----A---- C:\SpybotSD.Report.txt
2008-11-06 17:12:40 ----A---- C:\zob2.txt
2008-11-06 15:20:13 ----D---- C:\Program Files\Trend Micro
2008-11-06 14:46:36 ----A---- C:\zob.txt
2008-11-06 14:44:37 ----D---- C:\Program Files\Lavasoft
2008-11-06 14:44:34 ----D---- C:\ProgramData\Lavasoft
2008-11-06 14:34:00 ----A---- C:\Windows\wininit.ini
2008-11-06 13:34:47 ----D---- C:\Program Files\Enigma Software Group
2008-11-06 10:13:49 ----RASH---- C:\Boot.ini.saved
2008-11-06 10:12:52 ----D---- C:\Windows\SoftwareDistribution
2008-11-06 10:12:00 ----D---- C:\Windows\Debug
2008-11-06 10:12:00 ----D---- C:\Windows\CSC
2008-11-06 10:10:41 ----D---- C:\Windows\Prefetch
2008-11-06 10:09:41 ----D---- C:\Windows\Panther
2008-11-06 07:07:12 ----D---- C:\ProgramData\Microangelo On Display
2008-11-06 06:43:45 ----D---- C:\Program Files\Microangelo
2008-11-06 06:43:34 ----A---- C:\Windows\IsUninst.exe
2008-11-06 06:43:02 ----D---- C:\Program Files\Microangelo On Display
2008-11-06 06:42:09 ----D---- C:\Program Files\Microangelo Toolset 6
2008-11-06 06:05:25 ----D---- C:\Program Files\Desktop Clock
2008-11-06 06:05:25 ----D---- C:\GreetSoft
2008-11-06 02:02:07 ----SH---- C:\Boot.BAK
2008-11-06 02:02:07 ----RAS---- C:\BOOTSECT.BAK
2008-11-06 02:02:04 ----SHD---- C:\Boot
2008-11-06 01:15:24 ----D---- C:\Binaries
2008-11-06 00:56:55 ----SHD---- C:\System Volume Information
2008-11-05 21:06:34 ----D---- C:\Users\Merebimur\AppData\Roaming\ICQ
2008-11-05 21:06:05 ----D---- C:\Program Files\ICQ6
2008-11-05 11:53:29 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-11-05 11:53:15 ----D---- C:\Program Files\Windows Live
2008-11-05 11:52:45 ----D---- C:\ProgramData\WLInstaller
2008-11-05 11:51:50 ----D---- C:\Users\Merebimur\AppData\Roaming\WinRAR
2008-11-05 11:51:15 ----D---- C:\Program Files\WinRAR
2008-11-05 11:50:16 ----D---- C:\Users\Merebimur\AppData\Roaming\Creative
2008-11-05 11:40:55 ----D---- C:\Program Files\Common Files\Creative
2008-11-05 11:40:53 ----HD---- C:\Program Files\Creative Installation Information
2008-11-05 10:20:48 ----D---- C:\Program Files\MSN
2008-11-05 06:50:10 ----A---- C:\Windows\system32\SPWizUI.dll
2008-11-05 06:50:10 ----A---- C:\Windows\system32\SPReview.exe
2008-11-05 06:47:41 ----D---- C:\Users\Merebimur\AppData\Roaming\Webroot
2008-11-05 06:47:40 ----D---- C:\ProgramData\Webroot
2008-11-05 06:47:40 ----D---- C:\Program Files\Webroot
2008-11-05 06:47:40 ----D---- C:\Program Files\Common Files\Webroot Shared
2008-11-05 06:47:29 ----A---- C:\Windows\Unwash6.exe
2008-11-05 06:34:51 ----A---- C:\Windows\system32\nshhttp.dll
2008-11-05 06:34:51 ----A---- C:\Windows\system32\batt.dll
2008-11-05 06:34:50 ----A---- C:\Windows\system32\dispci.dll
2008-11-05 06:34:46 ----A---- C:\Windows\system32\oleaut32.dll
2008-11-05 06:34:45 ----A---- C:\Windows\system32\dpx.dll
2008-11-05 06:34:45 ----A---- C:\Windows\system32\cfgmgr32.dll
2008-11-05 06:34:43 ----A---- C:\Windows\system32\unlodctr.exe
2008-11-05 06:34:43 ----A---- C:\Windows\system32\lodctr.exe
2008-11-05 06:34:43 ----A---- C:\Windows\system32\drvinst.exe
2008-11-05 06:34:41 ----A---- C:\Windows\system32\winresume.exe
2008-11-05 06:34:41 ----A---- C:\Windows\system32\prflbmsg.dll
2008-11-05 06:34:41 ----A---- C:\Windows\system32\loadperf.dll
2008-11-05 06:34:40 ----A---- C:\Windows\system32\wpd_ci.dll
2008-11-05 06:34:40 ----A---- C:\Windows\system32\umpnpmgr.dll
2008-11-05 06:34:40 ----A---- C:\Windows\system32\setupapi.dll
2008-11-05 06:34:40 ----A---- C:\Windows\system32\schedsvc.dll
2008-11-05 06:33:47 ----A---- C:\Windows\system32\cbsra.exe
2008-11-05 06:30:32 ----A---- C:\Windows\system32\unrar.dll
2008-11-05 06:30:32 ----A---- C:\Windows\avisplitter.ini
2008-11-05 06:30:31 ----A---- C:\Windows\system32\yv12vfw.dll
2008-11-05 06:30:31 ----A---- C:\Windows\system32\xvidcore.dll
2008-11-05 06:30:30 ----A---- C:\Windows\system32\xvidvfw.dll
2008-11-05 06:30:30 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2008-11-05 06:30:30 ----A---- C:\Windows\system32\ff_vfw.dll
2008-11-05 06:30:29 ----D---- C:\Program Files\K-Lite Codec Pack
2008-11-05 06:30:29 ----A---- C:\Windows\system32\msvcr71.dll
2008-11-05 05:01:06 ----A---- C:\Windows\system32\tmp.txt
2008-11-05 05:01:06 ----A---- C:\Users\Merebimur\AppData\Roaming\SetValue.bat
2008-11-05 05:01:06 ----A---- C:\Users\Merebimur\AppData\Roaming\GetValue.vbs
2008-11-05 04:19:35 ----A---- C:\Windows\system32\wups2.dll
2008-11-05 04:19:35 ----A---- C:\Windows\system32\wucltux.dll
2008-11-05 04:19:35 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-05 04:19:35 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-05 04:09:37 ----D---- C:\Program Files\Common Files\PX Storage Engine
2008-11-05 04:09:24 ----D---- C:\Program Files\DivX
2008-11-05 03:49:43 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-11-05 03:49:43 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-05 03:23:59 ----D---- C:\ProgramData\Kaspersky Lab
2008-11-05 03:23:59 ----D---- C:\Program Files\Kaspersky Lab
2008-11-05 03:23:07 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2008-11-05 03:22:02 ----D---- C:\Users\Merebimur\AppData\Roaming\Macromedia
2008-11-05 03:22:01 ----D---- C:\Users\Merebimur\AppData\Roaming\Adobe
2008-11-05 03:21:54 ----D---- C:\Windows\system32\Macromed
2008-11-05 03:13:40 ----D---- C:\ProgramData\NVIDIA
2008-11-05 03:11:12 ----D---- C:\Windows\system32\AGEIA
2008-11-05 03:11:12 ----D---- C:\Program Files\AGEIA Technologies
2008-11-05 03:11:02 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-05 03:10:52 ----A---- C:\Windows\system32\nvcpluir.dll
2008-11-05 03:10:52 ----A---- C:\Windows\system32\nvcplui.exe
2008-11-05 03:09:43 ----A---- C:\Windows\system32\NVUNINST.EXE
2008-11-05 03:09:37 ----RHD---- C:\NVIDIA
2008-11-05 03:03:53 ----D---- C:\New Folder
2008-11-05 02:51:36 ----SHD---- C:\Windows\Installer
2008-11-05 02:49:07 ----D---- C:\Program Files\EPSON Print CD
2008-11-05 02:48:09 ----D---- C:\ProgramData\UDL
2008-11-05 02:46:57 ----A---- C:\Windows\system32\PICSDK2.dll
2008-11-05 02:46:57 ----A---- C:\Windows\system32\PICSDK.ini
2008-11-05 02:46:57 ----A---- C:\Windows\system32\PICSDK.dll
2008-11-05 02:46:57 ----A---- C:\Windows\system32\PICEntry.dll
2008-11-05 02:46:57 ----A---- C:\Windows\system32\EpPicPrt.dll
2008-11-05 02:46:57 ----A---- C:\Windows\system32\EPPicMgr.dll
2008-11-05 02:45:23 ----A---- C:\Windows\system32\E_FLBBPE.DLL
2008-11-05 02:45:23 ----A---- C:\Windows\system32\E_DCINST.DLL
2008-11-05 02:45:22 ----A---- C:\Windows\system32\E_FD4BBPE.DLL
2008-11-05 02:45:09 ----D---- C:\ProgramData\EPSON
2008-11-05 02:44:35 ----D---- C:\Program Files\epson
2008-11-05 02:44:30 ----A---- C:\Windows\system32\escwiad.dll
2008-11-05 02:44:23 ----A---- C:\Windows\CDE RX560EIPS.ini
2008-11-05 02:39:03 ----D---- C:\Program Files\Common Files\Creative Labs Shared
2008-11-05 02:38:45 ----D---- C:\Program Files\Creative
2008-11-05 02:38:41 ----D---- C:\Program Files\OpenAL
2008-11-05 02:38:41 ----A---- C:\Windows\system32\wrap_oal.dll
2008-11-05 02:38:40 ----A---- C:\Windows\system32\OpenAL32.dll
2008-11-05 02:38:35 ----D---- C:\ProgramData\Creative
2008-11-05 02:38:35 ----A---- C:\Windows\system32\cttele32.dll
2008-11-05 02:38:13 ----A---- C:\Windows\system32\CmdRtr.DLL
2008-11-05 02:38:13 ----A---- C:\Windows\system32\APOMngr.DLL
2008-11-05 02:37:21 ----D---- C:\Windows\system32\Data
2008-11-05 02:37:21 ----A---- C:\Windows\INRES.DLL
2008-11-05 02:37:14 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-05 02:37:14 ----A---- C:\Windows\system32\AppSetup.exe
2008-11-05 02:37:09 ----D---- C:\Program Files\Common Files\InstallShield
2008-11-05 02:22:24 ----D---- C:\Users\Merebimur\AppData\Roaming\Identities
2008-11-05 02:22:18 ----SD---- C:\Users\Merebimur\AppData\Roaming\Microsoft
2008-11-05 02:22:18 ----D---- C:\Users\Merebimur\AppData\Roaming\Media Center Programs
2008-10-28 22:36:00 ----A---- C:\Windows\system32\divx_xx0c.dll
2008-10-28 22:36:00 ----A---- C:\Windows\system32\divx_xx07.dll
2008-10-28 22:35:58 ----A---- C:\Windows\system32\divx_xx11.dll
2008-10-28 22:35:58 ----A---- C:\Windows\system32\divx_xx0a.dll
2008-10-28 22:35:56 ----A---- C:\Windows\system32\DivX.dll

======List of files/folders modified in the last 1 months======

2008-11-09 16:27:47 ----D---- C:\Windows\Temp
2008-11-09 16:22:50 ----D---- C:\Windows\System32
2008-11-09 16:22:50 ----D---- C:\Windows\inf
2008-11-09 16:22:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-09 16:17:29 ----D---- C:\Windows\system32\catroot
2008-11-09 16:16:45 ----D---- C:\Windows\system32\catroot2
2008-11-09 13:01:46 ----D---- C:\Windows
2008-11-09 12:11:24 ----D---- C:\Windows\system32\drivers
2008-11-09 12:11:21 ----RD---- C:\Program Files
2008-11-09 12:11:21 ----HD---- C:\ProgramData
2008-11-09 11:06:23 ----D---- C:\Program Files\Common Files
2008-11-09 11:05:17 ----D---- C:\Windows\winsxs
2008-11-07 09:10:09 ----D---- C:\Program Files\Common Files\microsoft shared
2008-11-07 07:22:32 ----SD---- C:\Windows\Downloaded Program Files
2008-11-06 19:17:52 ----D---- C:\Windows\system32\wbem
2008-11-06 19:08:12 ----D---- C:\Windows\rescache
2008-11-06 18:44:22 ----RSD---- C:\Windows\assembly
2008-11-06 18:44:22 ----D---- C:\Windows\Microsoft.NET
2008-11-06 18:42:40 ----ASH---- C:\Program Files\desktop.ini
2008-11-06 18:38:23 ----D---- C:\Windows\system32\ras
2008-11-06 18:38:23 ----D---- C:\Windows\system32\icsxml
2008-11-06 18:38:23 ----D---- C:\Program Files\Windows Calendar
2008-11-06 18:38:22 ----D---- C:\Windows\AppPatch
2008-11-06 18:38:21 ----D---- C:\Program Files\Windows Mail
2008-11-06 18:38:20 ----D---- C:\Program Files\Common Files\System
2008-11-06 18:38:19 ----D---- C:\Windows\ehome
2008-11-06 18:38:16 ----D---- C:\Program Files\Windows Defender
2008-11-06 18:38:15 ----D---- C:\Program Files\Windows Media Player
2008-11-06 18:38:11 ----D---- C:\Windows\system32\migration
2008-11-06 18:38:04 ----D---- C:\Windows\system32\en-US
2008-11-06 18:38:02 ----D---- C:\Windows\system32\SLUI
2008-11-06 18:38:00 ----D---- C:\Program Files\Windows Sidebar
2008-11-06 18:25:43 ----D---- C:\Windows\system32\zh-TW
2008-11-06 18:25:43 ----D---- C:\Windows\system32\zh-CN
2008-11-06 18:25:43 ----D---- C:\Windows\system32\uk-UA
2008-11-06 18:25:43 ----D---- C:\Windows\system32\tr-TR
2008-11-06 18:25:43 ----D---- C:\Windows\system32\th-TH
2008-11-06 18:25:43 ----D---- C:\Windows\system32\sv-SE
2008-11-06 18:25:43 ----D---- C:\Windows\system32\sr-Latn-CS
2008-11-06 18:25:43 ----D---- C:\Windows\system32\sl-SI
2008-11-06 18:25:43 ----D---- C:\Windows\system32\sk-SK
2008-11-06 18:25:43 ----D---- C:\Windows\system32\ru-RU
2008-11-06 18:25:43 ----D---- C:\Windows\system32\ro-RO
2008-11-06 18:25:43 ----D---- C:\Windows\system32\pt-PT
2008-11-06 18:25:43 ----D---- C:\Windows\system32\pt-BR
2008-11-06 18:25:43 ----D---- C:\Windows\system32\pl-PL
2008-11-06 18:25:43 ----D---- C:\Windows\system32\nl-NL
2008-11-06 18:25:43 ----D---- C:\Windows\system32\nb-NO
2008-11-06 18:25:43 ----D---- C:\Windows\system32\lv-LV
2008-11-06 18:25:43 ----D---- C:\Windows\system32\lt-LT
2008-11-06 18:25:43 ----D---- C:\Windows\system32\ko-KR
2008-11-06 18:25:43 ----D---- C:\Windows\system32\ja-JP
2008-11-06 18:25:43 ----D---- C:\Windows\system32\it-IT
2008-11-06 18:25:42 ----D---- C:\Windows\system32\hu-HU
2008-11-06 18:25:42 ----D---- C:\Windows\system32\hr-HR
2008-11-06 18:25:42 ----D---- C:\Windows\system32\he-IL
2008-11-06 18:25:42 ----D---- C:\Windows\system32\fr-FR
2008-11-06 18:25:42 ----D---- C:\Windows\system32\fi-FI
2008-11-06 18:25:42 ----D---- C:\Windows\system32\et-EE
2008-11-06 18:25:42 ----D---- C:\Windows\system32\es-ES
2008-11-06 18:25:42 ----D---- C:\Windows\system32\el-GR
2008-11-06 18:25:42 ----D---- C:\Windows\system32\de-DE
2008-11-06 18:25:42 ----D---- C:\Windows\system32\da-DK
2008-11-06 18:25:42 ----D---- C:\Windows\system32\cs-CZ
2008-11-06 18:25:42 ----D---- C:\Windows\system32\bg-BG
2008-11-06 18:25:42 ----D---- C:\Windows\system32\ar-SA
2008-11-06 18:25:35 ----RSD---- C:\Windows\Media
2008-11-06 18:02:19 ----D---- C:\Windows\system32\XPSViewer
2008-11-06 18:02:19 ----D---- C:\Windows\servicing
2008-11-06 18:02:18 ----D---- C:\Program Files\Internet Explorer
2008-11-06 13:41:54 ----D---- C:\Windows\system32\Tasks
2008-11-06 06:25:04 ----D---- C:\Windows\Logs
2008-11-05 12:08:49 ----D---- C:\Windows\system32\WDI
2008-11-05 10:21:04 ----D---- C:\Program Files\Windows Photo Gallery
2008-11-05 10:21:04 ----D---- C:\Program Files\Windows Journal
2008-11-05 10:21:04 ----D---- C:\Program Files\Windows Collaboration
2008-11-05 10:21:04 ----D---- C:\Program Files\Movie Maker
2008-11-05 10:21:01 ----D---- C:\Windows\system32\com
2008-11-05 10:21:01 ----D---- C:\Windows\system32\0409
2008-11-05 10:21:01 ----D---- C:\Windows\PolicyDefinitions
2008-11-05 10:21:01 ----D---- C:\Windows\MSAgent
2008-11-05 10:21:01 ----D---- C:\Windows\L2Schemas
2008-11-05 10:21:01 ----D---- C:\Windows\IME
2008-11-05 10:21:01 ----D---- C:\Windows\DigitalLocker
2008-11-05 10:21:00 ----D---- C:\Windows\system32\sysprep
2008-11-05 10:21:00 ----D---- C:\Windows\system32\setup
2008-11-05 10:21:00 ----D---- C:\Windows\system32\oobe
2008-11-05 10:21:00 ----D---- C:\Windows\system32\manifeststore
2008-11-05 10:21:00 ----D---- C:\Windows\system32\ias
2008-11-05 10:21:00 ----D---- C:\Windows\system32\en
2008-11-05 10:21:00 ----D---- C:\Windows\system32\AdvancedInstallers
2008-11-05 10:20:59 ----D---- C:\Windows\system32\migwiz
2008-11-05 10:20:51 ----RSD---- C:\Windows\Fonts
2008-11-05 10:20:48 ----D---- C:\Windows\system32\Boot
2008-11-05 10:16:30 ----A---- C:\Windows\system32\ifxcardm.dll
2008-11-05 10:16:25 ----A---- C:\Windows\system32\axaltocm.dll
2008-11-05 07:08:49 ----D---- C:\Windows\Boot
2008-11-05 05:48:43 ----SD---- C:\ProgramData\Microsoft
2008-11-05 03:10:45 ----D---- C:\Windows\Help
2008-11-05 02:44:30 ----D---- C:\Windows\twain_32
2008-11-05 02:37:36 ----D---- C:\Windows\system32\restore
2008-11-05 02:31:38 ----D---- C:\Windows\system32\CodeIntegrity
2008-11-05 02:22:35 ----SHD---- C:\$Recycle.Bin
2008-11-05 02:22:18 ----RD---- C:\Users

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2007-06-19 320000]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-07-21 121872]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2008-11-05 216080]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
R3 CT20XUT.DLL;CT20XUT.DLL; C:\Windows\system32\CT20XUT.DLL [2008-07-15 170520]
R3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys [2008-07-15 511000]
R3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys [2008-07-15 527384]
R3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\Windows\system32\CTEXFIFX.DLL [2008-07-15 1323544]
R3 CTHWIUT.DLL;CTHWIUT.DLL; C:\Windows\system32\CTHWIUT.DLL [2008-07-15 72728]
R3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys [2008-07-15 14360]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys [2008-07-15 157208]
R3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys [2008-07-15 92696]
R3 ha20x2k;Creative 20X HAL Driver; C:\Windows\system32\drivers\ha20x2k.sys [2008-07-15 1173016]
R3 HabuFltr;Habu Mouse; C:\Windows\system32\drivers\habu.sys [2006-08-14 23552]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-10-07 7380896]
R3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys [2008-07-15 127000]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-08-06 124928]
R3 WinUSB;WinUsb Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2006-11-02 31616]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\Windows\system32\drivers\ctdvda2k.sys [2008-07-15 347080]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 wrssweep;Webroots Volume Access Driver; \??\C:\Program Files\Webroot\Washer\wrssweep.sys [2007-11-26 21832]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-04-30 417792]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-10-07 203296]
R2 wwEngineSvc;Window Washer Engine; C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]
R3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-11-05 79360]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2006-11-02 521216]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-10-06 33752]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2006-11-02 562176]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-11-09 16:28:54

======Uninstall list======

-->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AB55EC6-1158-41EF-B87D-90555A8F5C92}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9 /remove
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F92229B-8CE2-4482-8047-9DBF49CA5F58}\SETUP.EXE" -l0x9 UNINST
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\setup.exe" -l0x9 /remove
Creative Sound Blaster Properties-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AB55EC6-1158-41EF-B87D-90555A8F5C92}\setup.exe" -l0x9 /remove
Desktop Clock 4.0.7-->"C:\Program Files\Desktop Clock\unins000.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8890B12-4E4C-4E53-9ECB-96193BBA7767}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x9 UNINST
EPSON Print CD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x9 -SYSTEM
EPSON PRINT Image Framer Tool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{956673F5-0C6B-4428-A5D1-277AF533E098}\SETUP.EXE" -l0x9 anything
EPSON Printer Software-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ESPRX560_590 User's Guide-->C:\Program Files\EPSON\TPMANUAL\ESPRX560_590\ENG\USE_G\DOCUNINS.EXE
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ICQ6-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
K-Lite Codec Pack 4.2.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microangelo Creation-->C:\Windows\IsUninst.exe -f"C:\Program Files\Microangelo\creation.isu"
Microangelo On Display-->MsiExec.exe /I{8679D366-D73F-4303-92F7-853B13C1F424}
Microangelo Toolset 6-->MsiExec.exe /I{71414EC2-0684-4A15-A85A-E0E259D117AF}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Nero 9-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-0185-XZLW-TMZ0-W14P-4MX7-3P5K-Z5CE"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
NVIDIA PhysX v8.09.04-->MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
OpenAL-->"C:\Program Files\OpenAL\OALInst.exe" /U
SopCast 2.0.4-->C:\Program Files\SopCast\uninst.exe
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Window Washer-->C:\Windows\Unwash6.exe
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Sound Schemes-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Your Uninstaller! 2008 Version 6.0-->"C:\Program Files\Your Uninstaller 2008\unins000.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Kaspersky Internet Security
FW: Kaspersky Internet Security
AS: Windows Defender
AS: Kaspersky Internet Security

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2

-----------------EOF-----------------

 

[Shaba]

OK, that seems to have worked

Please re-run spybot and post back if it finds something.

 

[Merebimur]

No Go

Still the same errors .

Zlob.DNSChanger: [SBI $041D1396] TCP/IP Settings #1 (Undefined) (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer=208.67.220.220,208.67.222.222

Zlob.DNSChanger: [SBI $041D1396] TCP/IP Settings #2 (Undefined) (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F2FAB30E-EAC9-4DE3-869A-C3D1EB588D8D}\DhcpNameServer=208.67.220.220,208.67.222.222

Still redirects all my Google searches , cant update my PC from Windows update or install Windows Live Messenger , it hates all things Microsoft .

 

[Shaba]

Then it looks like that malware has edited your router settings and it needs to be resetted.

Which router you have?

 

[Merebimur]

Router

Netgear Wireless ADSL2+ Modem Router model DW834G

 

[Shaba]

Do you have router manual available?

 

[Shaba]

Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.