Active Slow machine - Freeze ups

Sorry I get a redirection to www.affiliate.2mdn.net. But it never actually gets there.

 

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply.
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

 

ComboFix 10-10-17.03 - Owner 10/18/2010 8:08.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.203 [GMT -3:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2010-09-18 to 2010-10-18 )))))))))))))))))))))))))))))))
.

2010-10-15 11:18 . 2010-10-15 20:24 -------- d-----w- c:\windows\system32\drivers\NIS
2010-10-15 11:18 . 2010-10-15 11:18 -------- d-----w- c:\program files\Norton Internet Security
2010-10-13 11:03 . 2010-10-13 11:03 -------- d-----w- c:\program files\ESET
2010-10-13 02:20 . 2010-10-13 02:22 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\OpenCandy
2010-10-13 02:20 . 2010-10-13 02:20 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenCandy
2010-10-13 02:20 . 2010-10-13 02:20 -------- d-----w- c:\program files\SIW
2010-10-04 23:44 . 2010-10-04 23:44 -------- d-----w- c:\program files\Common Files\Java
2010-09-28 02:28 . 2010-09-28 02:28 -------- d-----w- c:\program files\uTorrent
2010-09-22 21:10 . 2010-09-22 21:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-22 21:10 . 2010-09-22 21:10 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2010-09-20 15:31 . 2010-09-20 15:31 -------- d-----w- C:\MGlogs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[-] 2009-08-20 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-09-22_16.13.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-18 10:54 . 2010-10-18 10:54 16384 c:\windows\temp\Perflib_Perfdata_70c.dat
+ 2010-10-18 10:35 . 2010-10-18 10:35 16384 c:\windows\temp\Perflib_Perfdata_688.dat
+ 2010-10-18 10:34 . 2010-10-18 10:34 16384 c:\windows\temp\Perflib_Perfdata_620.dat
- 2008-04-14 12:00 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2008-04-14 12:00 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
- 2009-08-21 15:47 . 2009-05-26 09:01 17272 c:\windows\system32\spmsg.dll
+ 2009-08-21 15:47 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll
+ 2010-06-28 20:42 . 2010-10-15 11:22 60808 c:\windows\system32\S32EVNT1.DLL
- 2010-06-28 20:42 . 2010-06-28 23:00 60808 c:\windows\system32\S32EVNT1.DLL
+ 2010-10-15 17:28 . 2010-04-22 02:29 43696 c:\windows\system32\drivers\NIS\1108000.005\srtspx.sys
+ 2009-09-13 00:16 . 2010-10-03 18:31 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-09-13 00:16 . 2010-09-18 16:13 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-10-03 16:36 . 2010-10-03 18:31 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-10-07 03:02 . 2010-10-07 03:02 21504 c:\windows\Installer\e6c2c8.msi
- 2010-07-01 21:27 . 2010-04-12 20:29 153376 c:\windows\system32\javaws.exe
+ 2010-10-04 23:43 . 2010-07-17 08:00 153376 c:\windows\system32\javaws.exe
+ 2010-10-04 23:43 . 2010-07-17 08:00 145184 c:\windows\system32\javaw.exe
- 2010-07-01 21:27 . 2010-04-12 20:29 145184 c:\windows\system32\javaw.exe
- 2010-07-01 21:27 . 2010-04-12 20:29 145184 c:\windows\system32\java.exe
+ 2010-10-04 23:43 . 2010-07-17 08:00 145184 c:\windows\system32\java.exe
- 2010-06-28 20:42 . 2010-06-28 23:00 125488 c:\windows\system32\drivers\SYMEVENT.SYS
+ 2010-06-28 20:42 . 2010-10-15 11:22 125488 c:\windows\system32\drivers\SYMEVENT.SYS
+ 2010-10-15 17:28 . 2010-05-06 04:01 339504 c:\windows\system32\drivers\NIS\1108000.005\symtdiv.sys
+ 2010-10-15 17:28 . 2010-05-06 04:01 361904 c:\windows\system32\drivers\NIS\1108000.005\symtdi.sys
+ 2010-10-15 17:28 . 2010-04-22 03:02 173104 c:\windows\system32\drivers\NIS\1108000.005\symefa.sys
+ 2010-10-15 17:28 . 2009-08-30 00:17 328752 c:\windows\system32\drivers\NIS\1108000.005\symds.sys
+ 2010-10-15 17:28 . 2010-04-22 02:29 325680 c:\windows\system32\drivers\NIS\1108000.005\srtsp.sys
+ 2010-10-15 17:28 . 2010-04-29 05:03 116784 c:\windows\system32\drivers\NIS\1108000.005\ironx86.sys
+ 2010-10-15 17:28 . 2010-02-26 00:22 501888 c:\windows\system32\drivers\NIS\1108000.005\cchpx86.sys
+ 2010-07-01 21:27 . 2010-07-17 08:00 423656 c:\windows\system32\deployJava1.dll
+ 2010-10-04 23:44 . 2010-10-04 23:44 180224 c:\windows\Installer\2c122ad.msi
+ 2010-10-11 11:07 . 2010-10-11 11:07 3940864 c:\windows\Installer\20f5c9.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3 "= "advpack.dll" [2009-03-08 128512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood "= 1 (0x1)
"MaxRecentDocs "= 5 (0x5)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 07:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-06-24 14:41 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe "=c:\windows\system32\ctfmon.exe
"NBJ "= "c:\program files\Ahead\Nero BackItUp\NBJ.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
"HotKeysCmds "=c:\windows\system32\hkcmd.exe
"RemoteControl "= "c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe "
"ConnectionManager "=c:\program files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
"AVP "= "c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\winsim\\ConnectionManager\\MySqlBinary\\5.0.38\\mysql\\mysqld-nt.exe "=
"c:\\Program Files\\winsim\\ConnectionManager\\SimplyConnectionManager.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1108000.005\symds.sys [10/15/2010 2:28 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1108000.005\symefa.sys [10/15/2010 2:28 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [10/2/2010 12:00 AM 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1108000.005\cchpx86.sys [10/15/2010 2:28 PM 501888]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 3:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 3:41 PM 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1108000.005\ironx86.sys [10/15/2010 2:28 PM 116784]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe [10/15/2010 2:27 PM 126392]
R2 NOF;Norton Online;c:\program files\Norton Online\Engine\2.0.0.71\ccsvchst.exe [7/6/2010 8:32 PM 126904]
R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\ConnectionManager\SimplyConnectionManager.exe [8/21/2009 12:20 PM 16680]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/24/2010 11:41 AM 92008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/15/2010 8:29 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101015.003\IDSXpx86.sys [10/13/2010 4:59 PM 341880]
S2 gupdate1ca24fdf82ceca0;Google Update Service (gupdate1ca24fdf82ceca0);c:\program files\Google\Update\GoogleUpdate.exe [8/24/2009 6:00 PM 133104]
S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;c:\windows\system32\drivers\NSM\0200000.030\symrdr.sys [7/6/2010 8:32 PM 180912]
.
Contents of the 'Scheduled Tasks' folder

2010-10-18 c:\windows\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job
- c:\program files\Norton Online\AddOns\Norton Safety Minder\Engine\2.0.0.48\tampmon.exe [2010-07-06 00:40]

2010-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-24 21:00]

2010-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-24 21:00]

2010-10-17 c:\windows\Tasks\User_Feed_Synchronization-{EFBC97A8-1A51-4A9C-85AB-79E29AAD98E3}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\uwylqqnr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cbc.ca/ns/|http://www.sympatico.ca/
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.0.0.42\coFFFw\components\coFFFw.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath "= "\ "c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \ "NIS\" /m \ "c:\program files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1 "
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NOF]
"ImagePath "= "\ "c:\program files\Norton Online\Engine\2.0.0.71\ccSvcHst.exe\" /s \ "NOF\" /m \ "c:\program files\Norton Online\Engine\2.0.0.71\diMaster.dll\" /prefetch:1 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2220)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-18 08:32:55
ComboFix-quarantined-files.txt 2010-10-18 11:32
ComboFix2.txt 2010-09-22 16:22
ComboFix3.txt 2010-09-20 15:00
ComboFix4.txt 2010-08-17 00:19
ComboFix5.txt 2010-10-18 11:04

Pre-Run: 364,783,837,184 bytes free
Post-Run: 364,779,991,040 bytes free

- - End Of File - - 6EB98A69A0C7E3D20638D9DE9AD0697D


Combofix log - Thanks

 

When was the last time this was run? Minimum of 5 times by the looks of things.

==

Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.

c:\windows\system32\sfcfiles.dll

 

Both Jottis and virustotal have shown no results found.

Copmbofix was run this time and run with Bleeping Computer - so twice.

 

Are you still being re-directed since running combofix?

Do you have your OS CD? If so, please do the following:

Go to Start | Run and type in sfc /scannow and hit the Ok button. Insert your CD if/when requested.

 

About 1 year and a half ago, I had a hard my hard drive go down. It was replaced and the shop installed XP Pro with Service pack 3. No disc came with the hard drive. I still have the old disc (Service Pack 2) but it wont work with the instructions you have just given me. Sorry

 

Any chance that you could borrow a CD?

How is the PC now?

 

Tried to borrow a disc from the folks who installed the new hard drive. They tell me they won't provide the disc to me. So, any other options? Machine is getting worse again. When I first turn it on, everything comes up at normal speed until I try to open icons (such as firefox or email). It takes a very long time (over a minute) to actually open. Once open, if I choose any links or use bookmarks, everything opens normally.

 

I am still being redirected to www.yceml.net every time I post a reply here but it seems to get stuck and never completes.

 

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

 

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003ec

Kernel Drivers (total 132):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF8974000 \WINDOWS\system32\KDCOM.DLL
0xF8884000 \WINDOWS\system32\BOOTVID.dll
0xF8345000 ACPI.sys
0xF8976000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8334000 pci.sys
0xF8474000 isapnp.sys
0xF8484000 ohci1394.sys
0xF8494000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF8A3C000 pciide.sys
0xF86F4000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF84A4000 MountMgr.sys
0xF8315000 ftdisk.sys
0xF8978000 dmload.sys
0xF82EF000 dmio.sys
0xF86FC000 PartMgr.sys
0xF84B4000 VolSnap.sys
0xF82D7000 atapi.sys
0xF81FD000 iaStor.sys
0xF84C4000 disk.sys
0xF84D4000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF81DD000 fltMgr.sys
0xF8187000 SYMDS.SYS
0xF8175000 sr.sys
0xF8148000 SYMEFA.SYS
0xF8131000 KSecDD.sys
0xF811E000 WudfPf.sys
0xF8091000 Ntfs.sys
0xF8064000 NDIS.sys
0xF804A000 Mup.sys
0xF8534000 \SystemRoot\system32\DRIVERS\SMBios.sys
0xF8554000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6C18000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF6C04000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6BDC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF87C4000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6BB8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF87CC000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6BA4000 \SystemRoot\system32\DRIVERS\parport.sys
0xF8564000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF87D4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF87DC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8584000 \SystemRoot\system32\DRIVERS\serial.sys
0xF793E000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF724F000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF86A4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8594000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6824000 \SystemRoot\system32\DRIVERS\ks.sys
0xF89D0000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0xF8814000 \SystemRoot\system32\DRIVERS\intelsmb.sys
0xF8B7C000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF85A4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8964000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF62D0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8604000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8614000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF883C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF62BF000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8624000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8794000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF87AC000 \SystemRoot\system32\DRIVERS\raspti.sys
0xEF87C000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF3D5E000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF897C000 \SystemRoot\system32\DRIVERS\swenum.sys
0xEF7F6000 \SystemRoot\system32\DRIVERS\update.sys
0xF795E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF3D4E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA697000 \SystemRoot\system32\drivers\sthda.sys
0xAA673000 \SystemRoot\system32\drivers\portcls.sys
0xF16B7000 \SystemRoot\system32\drivers\drmk.sys
0xF16A7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8980000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8986000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF0020000 \SystemRoot\System32\Drivers\Null.SYS
0xF8988000 \SystemRoot\System32\Drivers\Beep.SYS
0xF2A9B000 \SystemRoot\System32\drivers\vga.sys
0xF898A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF898C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF2A93000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF2A8B000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF3F06000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA24C000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA1F3000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA19C000 \SystemRoot\System32\Drivers\NIS\1108000.005\SYMTDI.SYS
0xAA177000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xAA0F7000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA0D5000 \SystemRoot\System32\drivers\afd.sys
0xF1687000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA0B6000 \SystemRoot\system32\drivers\NIS\1108000.005\Ironx86.SYS
0xF1677000 \SystemRoot\system32\drivers\NIS\1108000.005\SRTSPX.SYS
0xAA094000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF2A83000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xAA069000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA9FF9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF1667000 \SystemRoot\System32\Drivers\Fips.SYS
0xA3143000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA47CF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA30C9000 \SystemRoot\system32\DRIVERS\MRVW245.sys
0xA418E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA306B000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xA304E000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xA2FCF000 \SystemRoot\system32\drivers\NIS\1108000.005\ccHPx86.sys
0xA2F23000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys
0xA3EFD000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA2E49000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xA4CA2000 \SystemRoot\System32\drivers\Dxapi.sys
0xA3AB1000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8AA1000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF6327000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xA7AA2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF8A1A000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA2D7A000 \SystemRoot\system32\DRIVERS\srv.sys
0xA2E19000 \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys
0xF8874000 \??\C:\WINDOWS\system32\drivers\osaio.sys
0xA4831000 \??\C:\WINDOWS\system32\drivers\SIODRV.SYS
0xA2A2B000 \SystemRoot\System32\Drivers\NIS\1108000.005\SRTSP.SYS
0xA26FC000 \SystemRoot\system32\drivers\wdmaud.sys
0xA288D000 \SystemRoot\system32\drivers\sysaudio.sys
0xA20CD000 \SystemRoot\System32\Drivers\HTTP.sys
0xA0F4A000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101026.024\NAVEX15.SYS
0xA0F36000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101026.024\NAVENG.SYS
0xA0EDE000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101026.001\IDSxpx86.sys
0xA0D24000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 34):
0 System Idle Process
4 System
588 C:\WINDOWS\system32\smss.exe
652 csrss.exe
676 C:\WINDOWS\system32\winlogon.exe
720 C:\WINDOWS\system32\services.exe
732 C:\WINDOWS\system32\lsass.exe
880 C:\WINDOWS\system32\svchost.exe
928 svchost.exe
968 C:\WINDOWS\system32\svchost.exe
1004 C:\WINDOWS\system32\svchost.exe
1184 svchost.exe
1216 svchost.exe
1448 C:\WINDOWS\system32\spoolsv.exe
1504 C:\WINDOWS\system32\Crypserv.exe
1576 C:\Program Files\Java\jre6\bin\jqs.exe
1644 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
1700 C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
1812 C:\Program Files\Norton Online\Engine\2.0.0.71\ccsvchst.exe
1836 C:\WINDOWS\system32\HPZipm12.exe
1904 C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe
300 C:\WINDOWS\system32\svchost.exe
312 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
544 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2744 alg.exe
2600 C:\WINDOWS\system32\svchost.exe
2396 C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
3640 C:\Program Files\Norton Online\Engine\2.0.0.71\ccsvchst.exe
3772 C:\WINDOWS\explorer.exe
1736 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
284 C:\Program Files\Common Files\Java\Java Update\jusched.exe
552 C:\WINDOWS\system32\ctfmon.exe
2372 C:\WINDOWS\system32\wuauclt.exe
1976 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AAKS-00A7B2, Rev: 01.03B01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!


Thank you for your help so far!

 

Apparently, emails are still being sent. Medical info and viagra info.

 

Ok. That came back good.

Download Delete Domains from here and run it. It will delete all entries from the trusted and restricted zone.

==

[color= "#FF0000"]Please read carefully and follow these steps.[/color]

• Download TDSSKiller and save it to your Desktop.
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt ". Please copy and paste the contents of that file here.

 

Heres the log.
When I'm in email, some of my incoming email won't "click ". Also some links on web pages (such as www.sympatico.ca) won't click either. I use the laptop and everything is fine so not the web site.



2010/10/27 08:29:54.0687 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/27 08:29:54.0687 ================================================================================
2010/10/27 08:29:54.0687 SystemInfo:
2010/10/27 08:29:54.0687
2010/10/27 08:29:54.0687 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/27 08:29:54.0687 Product type: Workstation
2010/10/27 08:29:54.0687 ComputerName: OWNER-RFH54E5YG
2010/10/27 08:29:54.0687 UserName: Owner
2010/10/27 08:29:54.0687 Windows directory: C:\WINDOWS
2010/10/27 08:29:54.0687 System windows directory: C:\WINDOWS
2010/10/27 08:29:54.0687 Processor architecture: Intel x86
2010/10/27 08:29:54.0687 Number of processors: 1
2010/10/27 08:29:54.0687 Page size: 0x1000
2010/10/27 08:29:54.0687 Boot type: Normal boot
2010/10/27 08:29:54.0687 ================================================================================
2010/10/27 08:29:55.0281 Initialize success
2010/10/27 08:30:08.0703 ================================================================================
2010/10/27 08:30:08.0703 Scan started
2010/10/27 08:30:08.0703 Mode: Manual;
2010/10/27 08:30:08.0703 ================================================================================
2010/10/27 08:30:09.0015 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/27 08:30:09.0078 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/27 08:30:09.0156 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/27 08:30:09.0203 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/27 08:30:09.0390 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/27 08:30:09.0484 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/27 08:30:09.0515 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/27 08:30:09.0578 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/27 08:30:09.0625 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/27 08:30:09.0687 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/27 08:30:09.0812 BHDrvx86 (5138da8715da5f9823b753b6cb36a9a9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys
2010/10/27 08:30:09.0937 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/27 08:30:10.0031 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\NIS\1108000.005\ccHPx86.sys
2010/10/27 08:30:10.0109 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/27 08:30:10.0171 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/27 08:30:10.0203 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/27 08:30:10.0390 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/27 08:30:10.0484 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/27 08:30:10.0531 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/27 08:30:10.0546 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/27 08:30:10.0593 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/27 08:30:10.0671 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/27 08:30:10.0703 e1express (8942419786970adb32b05bb7950aee72) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2010/10/27 08:30:10.0796 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/10/27 08:30:10.0843 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/10/27 08:30:10.0890 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/27 08:30:10.0937 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/10/27 08:30:10.0968 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/27 08:30:11.0000 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/10/27 08:30:11.0046 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/10/27 08:30:11.0109 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2010/10/27 08:30:11.0171 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/27 08:30:11.0187 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/27 08:30:11.0234 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/27 08:30:11.0265 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/27 08:30:11.0328 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/10/27 08:30:11.0359 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/10/27 08:30:11.0406 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/10/27 08:30:11.0453 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/27 08:30:11.0562 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/27 08:30:11.0750 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/10/27 08:30:11.0890 iaStor (d483687eace0c065ee772481a96e05f5) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2010/10/27 08:30:12.0078 IDSxpx86 (74e8463447101ecf0165ddc7e5168b7e) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101026.001\IDSxpx86.sys
2010/10/27 08:30:12.0125 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/27 08:30:12.0265 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/27 08:30:12.0296 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/10/27 08:30:12.0343 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/27 08:30:12.0375 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/27 08:30:12.0390 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/27 08:30:12.0437 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/27 08:30:12.0468 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/27 08:30:12.0500 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/27 08:30:12.0562 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/27 08:30:12.0593 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/27 08:30:12.0625 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/27 08:30:12.0718 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/27 08:30:12.0765 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/27 08:30:12.0781 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/27 08:30:12.0812 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/27 08:30:12.0890 MRVW245 (275796d1114b524aec686091e8aafd3c) C:\WINDOWS\system32\DRIVERS\MRVW245.sys
2010/10/27 08:30:12.0968 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/27 08:30:13.0015 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/27 08:30:13.0062 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/27 08:30:13.0109 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/27 08:30:13.0140 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/27 08:30:13.0171 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/27 08:30:13.0203 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/27 08:30:13.0218 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/27 08:30:13.0265 NAL (8c48260fd6c281da171bdcc7b7396379) C:\WINDOWS\system32\Drivers\iqvw32.sys
2010/10/27 08:30:13.0375 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101026.048\NAVENG.SYS
2010/10/27 08:30:13.0437 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101026.048\NAVEX15.SYS
2010/10/27 08:30:13.0500 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/27 08:30:13.0531 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/27 08:30:13.0562 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/27 08:30:13.0609 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/27 08:30:13.0640 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/27 08:30:13.0656 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/27 08:30:13.0703 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/27 08:30:13.0781 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/27 08:30:13.0828 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/27 08:30:13.0875 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/27 08:30:13.0984 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
2010/10/27 08:30:14.0046 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/27 08:30:14.0078 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/27 08:30:14.0109 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/27 08:30:14.0140 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/27 08:30:14.0187 OsaFsLoc (1933b17550d3e64c5d189df39f2e38e6) C:\WINDOWS\system32\drivers\OsaFsLoc.sys
2010/10/27 08:30:14.0234 osaio (b270a30ae97524e7edb5eca7b2afb846) C:\WINDOWS\system32\drivers\osaio.sys
2010/10/27 08:30:14.0296 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/27 08:30:14.0328 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/27 08:30:14.0359 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/27 08:30:14.0390 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/27 08:30:14.0437 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/27 08:30:14.0468 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/27 08:30:14.0515 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/10/27 08:30:14.0750 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/27 08:30:14.0796 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/27 08:30:14.0843 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/27 08:30:14.0984 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/27 08:30:15.0031 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/27 08:30:15.0062 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/27 08:30:15.0093 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/27 08:30:15.0140 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/27 08:30:15.0187 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/27 08:30:15.0250 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/27 08:30:15.0281 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/27 08:30:15.0328 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/27 08:30:15.0500 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/10/27 08:30:15.0562 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/10/27 08:30:15.0609 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/27 08:30:15.0656 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/27 08:30:15.0687 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/27 08:30:15.0750 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/27 08:30:15.0828 SIODRV (6fbba21e5ad173ecad3144ddff3a89bf) C:\WINDOWS\system32\drivers\SIODRV.SYS
2010/10/27 08:30:15.0859 SMBios (d72a21424ca66c7a745bd995eca6a710) C:\WINDOWS\system32\DRIVERS\SMBios.sys
2010/10/27 08:30:15.0890 smbusp (8c1a8ad2dfe2cfe9f7ae1cee14773b18) C:\WINDOWS\system32\DRIVERS\intelsmb.sys
2010/10/27 08:30:16.0015 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/27 08:30:16.0062 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/27 08:30:16.0156 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\NIS\1108000.005\SRTSP.SYS
2010/10/27 08:30:16.0203 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\NIS\1108000.005\SRTSPX.SYS
2010/10/27 08:30:16.0250 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/27 08:30:16.0312 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
2010/10/27 08:30:16.0343 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
2010/10/27 08:30:16.0390 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
2010/10/27 08:30:16.0421 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\WINDOWS\system32\DRIVERS\sscdserd.sys
2010/10/27 08:30:16.0500 STHDA (6ad7569cc5e40b94932ec56097c5dccd) C:\WINDOWS\system32\drivers\sthda.sys
2010/10/27 08:30:16.0562 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/27 08:30:16.0593 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/27 08:30:16.0734 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMDS.SYS
2010/10/27 08:30:16.0781 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMEFA.SYS
2010/10/27 08:30:16.0843 SymEvent (80bda3539925b356a26b5249d425ce46) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/10/27 08:30:16.0890 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\NIS\1108000.005\Ironx86.SYS
2010/10/27 08:30:16.0968 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} (5958685ad51a485a2d05391620d69c81) C:\WINDOWS\System32\Drivers\NSM\0200000.030\SymRdr.SYS
2010/10/27 08:30:17.0015 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\NIS\1108000.005\SYMTDI.SYS
2010/10/27 08:30:17.0125 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/27 08:30:17.0171 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/27 08:30:17.0218 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/27 08:30:17.0250 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/27 08:30:17.0296 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/27 08:30:17.0390 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/27 08:30:17.0453 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/27 08:30:17.0546 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/10/27 08:30:17.0578 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/27 08:30:17.0625 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/27 08:30:17.0656 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/27 08:30:17.0718 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/27 08:30:17.0750 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/27 08:30:17.0812 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/27 08:30:17.0843 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/27 08:30:17.0875 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/27 08:30:17.0921 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/27 08:30:17.0984 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/27 08:30:18.0046 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/27 08:30:18.0156 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/10/27 08:30:18.0218 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/27 08:30:18.0421 ================================================================================
2010/10/27 08:30:18.0421 Scan finished
2010/10/27 08:30:18.0421 ================================================================================



Thank you!

 

Still getting re-directed after running deletedomains?

TDSS log is clear.

==

Download Dial-a-Fix and run it. Select the 'Check all' (green arrow) and then hit 'GO.'
Reboot when done and see how things are now.

 

Log from Dial a fix

11:08:57 AM | Dial-a-fix was unable to determine your version of Internet Explorer
Notes about this log:
1) "->" denotes an external command being executed, and "-> (number)" indicates
the return code from the previous command
2) Not all external command return codes are accurate, or useful
3) Sometimes commands return 0 (no error) even when they fail or crash
4) If an error occurs while registering an object, please send an email to:
dial-a-fix@DjLizard.net and include a copy of this log

DAF version: v0.60.0.24

--- System info ---
OS: Microsoft Windows XP Service Pack 3
IE version: 8.0.6001.18702
MPC: 76487-OEM
CPU: Intel(R) Celeron(R) CPU 3.06GHz (~3066MHz)
CPU: CPU is 64-bit or has 64-bit extensions
BIOS: 11/3/2005
Memory (approx): 501MB
Uptime: 3 hour(s)
Current directory: C:\Documents and Settings\Owner\Desktop\Dial-a-fix-v0.60.0.24\Dial-a-fix-v0.60.0.24
---

10/27/2010 11:08:57 AM -- Dial-a-fix : [v0.60.0.24] -- started
11:08:57 AM | Policy scan started
11:08:57 AM | Policy scan ended - no restrictive policies were found
--- Emptying temp folders ---
11:11:10 AM | Deleting C:\Documents and Settings\Owner\Local Settings\temp...
11:11:12 AM | C:\Documents and Settings\Owner\Local Settings\temp could not be completely emptied, please reboot and try again
11:11:12 AM | Deleting C:\WINDOWS\temp...
11:11:13 AM | C:\WINDOWS\temp could not be completely emptied, please reboot and try again
11:11:13 AM | Deleting C:\DOCUME~1\Owner\LOCALS~1\Temp...
11:11:13 AM | C:\DOCUME~1\Owner\LOCALS~1\Temp could not be completely emptied, please reboot and try again
--- MSI ---
11:16:28 AM | Registered: C:\WINDOWS\system32\msi.dll
--- Windows Update ---
--- Registration: Windows Update/Automatic Update DLLs ---
11:16:41 AM | Unregistered: C:\WINDOWS\system32\msxml.dll
11:16:41 AM | Registered: C:\WINDOWS\system32\msxml.dll
11:16:42 AM | Unregistered: C:\WINDOWS\system32\msxml2.dll
11:16:43 AM | Registered: C:\WINDOWS\system32\msxml2.dll
11:16:57 AM | Unregistered: C:\WINDOWS\system32\msxml3.dll
11:16:59 AM | Registered: C:\WINDOWS\system32\msxml3.dll
11:17:00 AM | Unregistered: C:\WINDOWS\system32\msxml4.dll
11:17:01 AM | Registered: C:\WINDOWS\system32\msxml4.dll
11:17:01 AM | Unregistered: C:\WINDOWS\system32\qmgr.dll
11:17:01 AM | Registered: C:\WINDOWS\system32\qmgr.dll
11:17:01 AM | Unregistered: C:\WINDOWS\system32\qmgrprxy.dll
11:17:01 AM | Registered: C:\WINDOWS\system32\qmgrprxy.dll
11:17:01 AM | Unregistered: C:\WINDOWS\system32\muweb.dll
11:17:02 AM | Registered: C:\WINDOWS\system32\muweb.dll
11:17:02 AM | Unregistered: C:\WINDOWS\system32\winhttp.dll
11:17:02 AM | Registered: C:\WINDOWS\system32\winhttp.dll
11:17:02 AM | Registered: C:\WINDOWS\system32\wuapi.dll
11:17:03 AM | Unregistered: C:\WINDOWS\system32\wuaueng.dll
11:17:03 AM | Registered: C:\WINDOWS\system32\wuaueng.dll
11:17:03 AM | Unregistered: C:\WINDOWS\system32\wuaueng1.dll
11:17:03 AM | Registered: C:\WINDOWS\system32\wuaueng1.dll
11:17:03 AM | Unregistered: C:\WINDOWS\system32\wucltui.dll
11:17:03 AM | Registered: C:\WINDOWS\system32\wucltui.dll
11:17:03 AM | Unregistered: C:\WINDOWS\system32\wups.dll
11:17:04 AM | Registered: C:\WINDOWS\system32\wups.dll
11:17:04 AM | Unregistered: C:\WINDOWS\system32\wups2.dll
11:17:04 AM | Registered: C:\WINDOWS\system32\wups2.dll
11:17:04 AM | Unregistered: C:\WINDOWS\system32\wuweb.dll
11:17:04 AM | Registered: C:\WINDOWS\system32\wuweb.dll
11:17:04 AM | Registered: C:\WINDOWS\system32\ole32.dll
--- SSL/HTTPS/Cryptography ---
11:17:18 AM | Executed 'cmd.exe /c rmdir /q /s C:\WINDOWS\system32\Catroot2'
--- Registration: SSL/HTTPS/Cryptography ---
11:17:23 AM | Unregistered: C:\WINDOWS\system32\cryptdlg.dll
11:17:23 AM | Registered: C:\WINDOWS\system32\cryptdlg.dll
11:17:23 AM | Unregistered: C:\WINDOWS\system32\cryptui.dll
11:17:23 AM | Registered: C:\WINDOWS\system32\cryptui.dll
11:17:23 AM | Unregistered: C:\WINDOWS\system32\cryptext.dll
11:17:24 AM | Registered: C:\WINDOWS\system32\cryptext.dll
11:17:24 AM | Unregistered: C:\WINDOWS\system32\dssenh.dll
11:17:24 AM | Registered: C:\WINDOWS\system32\dssenh.dll
11:17:24 AM | Unregistered: C:\WINDOWS\system32\gpkcsp.dll
11:17:24 AM | Registered: C:\WINDOWS\system32\gpkcsp.dll
11:17:25 AM | Unregistered: C:\WINDOWS\system32\initpki.dll
11:18:18 AM | Registered: C:\WINDOWS\system32\initpki.dll
11:18:18 AM | Unregistered: C:\WINDOWS\system32\licdll.dll
11:18:18 AM | Registered: C:\WINDOWS\system32\licdll.dll
11:18:18 AM | Unregistered: C:\WINDOWS\system32\mssign32.dll
11:18:18 AM | Registered: C:\WINDOWS\system32\mssign32.dll
11:18:18 AM | Unregistered: C:\WINDOWS\system32\mssip32.dll
11:18:19 AM | Registered: C:\WINDOWS\system32\mssip32.dll
11:18:22 AM | Unregistered: C:\WINDOWS\system32\scardssp.dll
11:18:23 AM | Registered: C:\WINDOWS\system32\scardssp.dll
11:18:24 AM | Unregistered: C:\WINDOWS\system32\sccbase.dll
11:18:24 AM | Registered: C:\WINDOWS\system32\sccbase.dll
11:18:25 AM | Unregistered: C:\WINDOWS\system32\scecli.dll
11:18:28 AM | Registered: C:\WINDOWS\system32\scecli.dll
11:18:29 AM | Unregistered: C:\WINDOWS\system32\softpub.dll
11:18:29 AM | Registered: C:\WINDOWS\system32\softpub.dll
11:18:30 AM | Unregistered: C:\WINDOWS\system32\slbcsp.dll
11:18:31 AM | Registered: C:\WINDOWS\system32\slbcsp.dll
11:18:32 AM | Unregistered: C:\WINDOWS\system32\regwizc.dll
11:18:32 AM | Registered: C:\WINDOWS\system32\regwizc.dll
11:18:32 AM | Unregistered: C:\WINDOWS\system32\rsaenh.dll
11:18:32 AM | Registered: C:\WINDOWS\system32\rsaenh.dll
11:18:32 AM | Unregistered: C:\WINDOWS\system32\winhttp.dll
11:18:32 AM | Registered: C:\WINDOWS\system32\winhttp.dll
11:18:33 AM | Unregistered: C:\WINDOWS\system32\wintrust.dll
11:18:33 AM | Registered: C:\WINDOWS\system32\wintrust.dll
--- Registration: ActiveX controls/codecs ---
11:18:35 AM | Registered: C:\WINDOWS\system32\acelpdec.ax
11:18:36 AM | Registered: C:\WINDOWS\system32\actxprxy.dll
11:18:36 AM | Registered: C:\WINDOWS\system32\asctrls.ocx
11:18:37 AM | Registered: C:\WINDOWS\system32\daxctle.ocx
11:18:37 AM | Registered: C:\WINDOWS\system32\hhctrl.ocx
11:18:38 AM | Registered: C:\WINDOWS\system32\l3codecx.ax
11:18:38 AM | Registered: C:\WINDOWS\system32\licmgr10.dll
11:18:38 AM | Registered: C:\WINDOWS\system32\mpg4ds32.ax
11:18:49 AM | Registered: C:\WINDOWS\system32\msdxm.ocx
11:18:49 AM | Registered: C:\WINDOWS\system32\proctexe.ocx
11:18:49 AM | Registered: C:\WINDOWS\system32\tdc.ocx
11:18:50 AM | Registered: C:\WINDOWS\system32\wshom.ocx
--- Registration: Control Panel applets ---
11:18:52 AM | DllInstalled: C:\WINDOWS\system32\inetcpl.cpl
11:18:53 AM | DllInstalled: C:\WINDOWS\system32\appwiz.cpl
11:18:53 AM | Registered: C:\WINDOWS\system32\appwiz.cpl
11:18:53 AM | DllInstalled: C:\WINDOWS\system32\nusrmgr.cpl
11:18:54 AM | Registered: C:\WINDOWS\system32\nusrmgr.cpl
--- Registration: Direct[X|Draw|Show|Media] ---
11:18:56 AM | Registered: C:\WINDOWS\system32\quartz.dll
11:19:00 AM | Registered: C:\WINDOWS\system32\danim.dll
11:19:00 AM | Registered: C:\WINDOWS\system32\dmscript.dll
11:19:01 AM | Registered: C:\WINDOWS\system32\dmstyle.dll
11:19:01 AM | Registered: C:\WINDOWS\system32\dxmasf.dll
11:19:01 AM | Registered: C:\WINDOWS\system32\dxtmsft.dll
11:19:01 AM | Registered: C:\WINDOWS\system32\dxtrans.dll
11:19:02 AM | Registered: C:\WINDOWS\system32\sbe.dll
--- Registration: Programming cores/runtimes ---
11:19:02 AM | Registered: C:\WINDOWS\system32\atl.dll
11:19:02 AM | Registered: C:\WINDOWS\system32\corpol.dll
11:19:03 AM | Registered: C:\WINDOWS\system32\jscript.dll
11:19:04 AM | Registered: C:\WINDOWS\system32\dispex.dll
11:19:05 AM | Registered: C:\WINDOWS\system32\scrrun.dll
11:19:05 AM | Registered: C:\WINDOWS\system32\scrobj.dll
11:19:06 AM | Registered: C:\WINDOWS\system32\vbscript.dll
11:19:06 AM | Registered: C:\WINDOWS\system32\wshext.dll
--- Registration: Explorer/IE/OE/shell/WMP ---
11:19:07 AM | Registered: C:\WINDOWS\system32\activeds.dll
11:19:08 AM | Registered: C:\WINDOWS\system32\audiodev.dll
11:19:15 AM | DllInstalled: C:\WINDOWS\system32\browseui.dll
11:19:16 AM | Registered: C:\WINDOWS\system32\browseui.dll
11:19:17 AM | Registered: C:\WINDOWS\system32\browsewm.dll
11:19:19 AM | Registered: C:\WINDOWS\system32\cabview.dll
11:19:21 AM | Registered: C:\WINDOWS\system32\cdfview.dll
11:19:21 AM | Registered: C:\WINDOWS\system32\clbcatex.dll
11:19:22 AM | Registered: C:\WINDOWS\system32\clbcatq.dll
11:19:22 AM | Registered: C:\WINDOWS\system32\comcat.dll
11:19:22 AM | Registered: C:\WINDOWS\system32\cscui.dll
11:19:22 AM | Registered: C:\WINDOWS\system32\credui.dll
11:19:23 AM | Registered: C:\WINDOWS\system32\datime.dll
11:19:23 AM | Registered: C:\WINDOWS\system32\devmgr.dll
11:19:24 AM | Registered: C:\WINDOWS\system32\dfsshlex.dll
11:19:27 AM | Registered: C:\WINDOWS\system32\dmdlgs.dll
11:19:27 AM | Registered: C:\WINDOWS\system32\dmdskmgr.dll
11:19:27 AM | Registered: C:\WINDOWS\system32\dmloader.dll
11:19:28 AM | Registered: C:\WINDOWS\system32\dmocx.dll
11:19:29 AM | Registered: C:\WINDOWS\system32\dmview.ocx
11:19:30 AM | DllInstalled: C:\WINDOWS\system32\dsuiext.dll
11:19:30 AM | Registered: C:\WINDOWS\system32\dsuiext.dll
11:19:30 AM | DllInstalled: C:\WINDOWS\system32\dsquery.dll
11:19:31 AM | Registered: C:\WINDOWS\system32\dsquery.dll
11:19:31 AM | Registered: C:\WINDOWS\system32\dskquoui.dll
11:19:31 AM | Registered: C:\WINDOWS\system32\els.dll
11:19:32 AM | Registered: C:\WINDOWS\system32\es.dll
11:19:32 AM | Registered: C:\WINDOWS\system32\fontext.dll
11:19:32 AM | Registered: C:\WINDOWS\system32\hlink.dll
11:19:33 AM | Registered: C:\WINDOWS\system32\hnetcfg.dll
11:19:34 AM | Registered: C:\WINDOWS\system32\iedkcs32.dll
11:19:34 AM | Registered: C:\WINDOWS\system32\iepeers.dll
11:19:35 AM | Error 127: C:\WINDOWS\system32\iesetup.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
11:22:56 AM | Error 127: C:\WINDOWS\system32\iesetup.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
11:23:57 AM | Registered: C:\WINDOWS\system32\ils.dll
11:23:57 AM | Error 127: C:\WINDOWS\system32\imgutil.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
11:24:43 AM | Registered: C:\WINDOWS\system32\inetcfg.dll
11:24:44 AM | Registered: C:\WINDOWS\system32\inetcomm.dll
11:24:44 AM | Error 127: C:\WINDOWS\system32\inseng.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
11:25:51 AM | Error 127: C:\WINDOWS\system32\inseng.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
11:26:12 AM | Registered: C:\WINDOWS\system32\laprxy.dll
11:26:13 AM | Registered: C:\WINDOWS\system32\lmrt.dll
11:26:14 AM | Registered: C:\WINDOWS\system32\mlang.dll
11:26:16 AM | Registered: C:\WINDOWS\system32\mmcndmgr.dll
11:26:17 AM | Registered: C:\WINDOWS\system32\mmcshext.dll
11:26:18 AM | Registered: C:\WINDOWS\system32\mscoree.dll
11:26:19 AM | Error 127: C:\WINDOWS\system32\mshtml.dll is not registerable or the file is corrupted. Version: 8.00.6001.18939
11:27:22 AM | Error 127: C:\WINDOWS\system32\mshtml.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18939
11:27:39 AM | Registered: C:\WINDOWS\system32\mshtmled.dll
11:27:40 AM | Registered: C:\WINDOWS\system32\msieftp.dll
11:27:40 AM | Registered: C:\WINDOWS\system32\msoeacct.dll
11:27:40 AM | Registered: C:\WINDOWS\system32\msr2c.dll
11:27:40 AM | Error 127: C:\WINDOWS\system32\msrating.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
11:28:38 AM | DllInstalled: C:\WINDOWS\system32\mydocs.dll
11:28:38 AM | Registered: C:\WINDOWS\system32\mydocs.dll
11:28:38 AM | Registered: C:\WINDOWS\system32\mstime.dll
11:28:38 AM | Registered: C:\WINDOWS\system32\netcfgx.dll
11:28:38 AM | DllInstalled: C:\WINDOWS\system32\netplwiz.dll
11:28:39 AM | Registered: C:\WINDOWS\system32\netplwiz.dll
11:28:39 AM | Registered: C:\WINDOWS\system32\netman.dll
11:28:40 AM | Registered: C:\WINDOWS\system32\netshell.dll
11:28:40 AM | Registered: C:\WINDOWS\system32\ntmsevt.dll
11:28:40 AM | Registered: C:\WINDOWS\system32\ntmsmgr.dll
11:28:40 AM | DllInstalled: C:\WINDOWS\system32\ntmssvc.dll
11:28:40 AM | Registered: C:\WINDOWS\system32\ntmssvc.dll
11:28:40 AM | Error 127: C:\WINDOWS\system32\occache.dll is not registerable or the file is corrupted. Version: 8.00.6001.18939
11:29:48 AM | Error 127: C:\WINDOWS\system32\occache.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18939
11:30:46 AM | Registered: C:\WINDOWS\system32\ole32.dll
11:30:46 AM | Registered: C:\WINDOWS\system32\oleaut32.dll
11:30:46 AM | Registered: C:\WINDOWS\system32\oleacc.dll
11:30:46 AM | Registered: C:\WINDOWS\system32\olepro32.dll
11:30:46 AM | DllInstalled: C:\WINDOWS\system32\photowiz.dll
11:30:46 AM | Registered: C:\WINDOWS\system32\photowiz.dll
11:30:46 AM | Error 127: C:\WINDOWS\system32\pngfilt.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
11:31:35 AM | Registered: C:\WINDOWS\system32\remotepg.dll
11:31:35 AM | Registered: C:\WINDOWS\system32\rpcrt4.dll
11:31:35 AM | Registered: C:\WINDOWS\system32\rshx32.dll
11:31:36 AM | Registered: C:\WINDOWS\system32\sendmail.dll
11:31:36 AM | Registered: C:\WINDOWS\system32\slayerxp.dll
11:31:41 AM | DllInstalled: C:\WINDOWS\system32\shdocvw.dll
11:31:41 AM | Registered: C:\WINDOWS\system32\shdocvw.dll
11:31:41 AM | Registered: C:\WINDOWS\system32\shell32.dll
11:31:46 AM | DllInstalled: C:\WINDOWS\system32\shell32.dll
11:31:46 AM | Registered: C:\WINDOWS\system32\shmedia.dll
11:31:47 AM | DllInstalled: C:\WINDOWS\system32\shimgvw.dll
11:31:47 AM | Registered: C:\WINDOWS\system32\shimgvw.dll
11:31:47 AM | DllInstalled: C:\WINDOWS\system32\shsvcs.dll
11:31:47 AM | Registered: C:\WINDOWS\system32\shsvcs.dll
11:31:47 AM | Registered: C:\WINDOWS\system32\srclient.dll
11:31:47 AM | Unregistered: C:\WINDOWS\system32\stobject.dll
11:31:47 AM | Registered: C:\WINDOWS\system32\stobject.dll
11:31:48 AM | DllInstalled: C:\WINDOWS\system32\themeui.dll
11:31:48 AM | Registered: C:\WINDOWS\system32\themeui.dll
11:31:48 AM | Registered: C:\WINDOWS\system32\twext.dll
11:31:52 AM | DllInstalled: C:\WINDOWS\system32\urlmon.dll
11:31:52 AM | Registered: C:\WINDOWS\system32\urlmon.dll
11:31:52 AM | Registered: C:\WINDOWS\system32\userenv.dll
11:31:52 AM | Error 127: C:\WINDOWS\system32\webcheck.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
11:32:32 AM | Error 127: C:\WINDOWS\system32\webcheck.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
11:33:06 AM | Registered: C:\WINDOWS\system32\webvw.dll
11:33:06 AM | Registered: C:\WINDOWS\system32\winhttp.dll
11:33:06 AM | DllInstalled: C:\WINDOWS\system32\wininet.dll
11:33:06 AM | Registered: C:\WINDOWS\system32\zipfldr.dll
11:33:07 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdadc.dll
11:33:07 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaenum.dll
11:33:07 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaer.dll
11:33:08 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaipp.dll
11:33:08 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaora.dll
11:33:08 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaosp.dll
11:33:08 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaps.dll
11:33:09 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdasc.dll
11:33:09 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdasql.dll
11:33:09 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdatt.dll
11:33:09 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaurl.dll
11:33:10 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdmeng.dll
11:33:10 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdmine.dll
11:33:10 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msmdcb80.dll
11:33:11 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msmdgd80.dll
11:33:11 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msolap80.dll
11:33:12 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msolui80.dll
11:33:12 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msxactps.dll
11:33:12 AM | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32.dll
11:33:12 AM | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32r.dll
11:33:13 AM | Registered: C:\Program Files\Common Files\system\Ole DB\sqloledb.dll
11:33:13 AM | Registered: C:\Program Files\Common Files\system\Ole DB\sqlxmlx.dll

 

Yes still being redirected. Only when I post here. Nowhere else.

 

Please download Rootkit Revealer
Unzip it to your desktop.
Open the RootkitRevealer folder and double-click RootkitRevealer.exe
Click the Scan button (bottom right)
It may take a while to scan (don't do anything while it's running)
When it's done, go to File > Save. Choose to save the log to your desktop.
Open rootkitrevealer.txt
on your desktop and copy the entire contents and paste them here
Please don't surf or do anything else during the scan with RootkitRevealer, or it may interfere with the results and show legitimate entries.

 

HKU\S-1-5-21-1957994488-1844823847-1606980848-1003\Console 10/18/2010 8:33 AM 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 12/31/2003 9:20 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 12/31/2003 9:20 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 10/30/2010 1:31 PM 80 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\SchedulingAgent\LastTaskRun 10/30/2010 1:29 PM 16 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NUM\LastCompletedRun 10/30/2010 1:29 PM 8 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Swearware\backup\winsock2 9/22/2010 12:50 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters 9/22/2010 12:50 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5 9/22/2010 12:50 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries 9/22/2010 12:50 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 9/22/2010 12:50 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 9/22/2010 12:50 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 9/22/2010 12:50 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9 9/22/2010 12:50 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries 9/22/2010 12:50 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 9/22/2010 12:50 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 9/22/2010 12:50 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 9/22/2010 12:50 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 9/22/2010 12:50 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 9/22/2010 12:50 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 9/22/2010 12:50 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 9/22/2010 12:50 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 9/22/2010 12:50 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 9/22/2010 12:50 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 9/22/2010 12:50 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 9/22/2010 12:50 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 9/22/2010 12:50 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 9/22/2010 12:50 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 9/22/2010 12:50 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 9/22/2010 12:50 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016 9/22





I tried three times to save it to my desktop but the program would freeze up and not respond. I don't think everything is on this log because when the scan was over, it said there were 50 descrepencies. I found this log in the system 32 file. It never did save to the desktop.