Sorry About Double Post But I loaded combofix for around 1 hr & it finally worked but i'm still getting redirects. Heres my log
ComboFix 10-02-24.03 - S Chung 25/02/2010 18:33:34.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1494 [GMT 11:00]
Running from: c:\documents and settings\S Chung\Desktop\ \Downloadz\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\S Chung\Application Data\.#
c:\windows\system32\spool\prtprocs\w32x86\00002642.tmp
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
.
((((((((((((((((((((((((( Files Created from 2010-01-25 to 2010-02-25 )))))))))))))))))))))))))))))))
.
2010-02-23 11:21 . 2010-02-23 11:21 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-02-23 11:16 . 2009-06-07 05:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-02-23 11:16 . 2009-06-07 05:16 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-02-23 11:16 . 2010-02-23 11:16 -------- d-----w- c:\program files\Xvid
2010-02-23 05:53 . 2010-02-23 05:58 -------- d-----w- c:\program files\MegaLeecher
2010-02-22 07:22 . 2010-02-24 12:04 -------- d-----w- c:\documents and settings\S Chung\Application Data\uTorrent
2010-02-19 07:58 . 2010-01-07 05:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-19 07:58 . 2010-02-19 07:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-19 07:58 . 2010-01-07 05:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-18 08:44 . 2010-02-18 08:44 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-18 08:44 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-18 08:30 . 2010-02-18 08:30 15880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-02-18 08:29 . 2010-02-18 08:29 163728 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-02-18 08:29 . 2010-02-18 08:29 327000 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-02-18 08:29 . 2010-02-18 08:29 87496 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-02-16 09:48 . 2010-02-16 09:48 180224 ----a-w- c:\windows\system32\WinVd32.sys
2010-02-16 09:48 . 2010-02-16 09:48 7680 ----a-w- c:\windows\system32\WinFLsrv.exe
2010-02-16 06:37 . 2010-02-16 06:54 -------- d-----w- c:\program files\Audio Mid Recorder
2010-02-13 05:29 . 2010-02-13 05:29 -------- d-----w- c:\documents and settings\S Chung\Application Data\dvdcss
2010-02-12 11:04 . 2010-02-13 08:37 -------- d-----w- c:\documents and settings\S Chung\Application Data\vlc
2010-02-11 06:29 . 2010-02-22 07:22 -------- d-----w- c:\program files\uTorrent
2010-02-10 11:12 . 2010-02-10 11:12 -------- d-----w- c:\documents and settings\S Chung\Application Data\AVS4YOU
2010-02-10 11:09 . 2008-08-13 00:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-02-09 11:13 . 2010-02-17 09:39 -------- d-----w- c:\documents and settings\S Chung\Local Settings\Application Data\Adobe
2010-02-09 11:13 . 2010-02-09 11:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-07 16:41 . 2010-02-07 16:41 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-02-06 11:20 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-06 11:20 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-06 11:20 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-06 11:20 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-06 11:20 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-06 11:20 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-06 11:20 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-06 11:19 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-06 11:19 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-04 20:09 . 2010-02-04 20:09 503808 ----a-w- c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d6a350d-n\msvcp71.dll
2010-02-04 20:09 . 2010-02-04 20:09 348160 ----a-w- c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d6a350d-n\msvcr71.dll
2010-02-04 20:09 . 2010-02-04 20:09 499712 ----a-w- c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d6a350d-n\jmc.dll
2010-02-04 20:09 . 2010-02-04 20:09 61440 ----a-w- c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-43519142-n\decora-sse.dll
2010-02-04 20:09 . 2010-02-04 20:09 12800 ----a-w- c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-43519142-n\decora-d3d.dll
2010-02-04 20:08 . 2010-02-04 20:08 -------- d-----w- c:\documents and settings\M Chung\Local Settings\Application Data\Symantec
2010-02-04 20:04 . 2010-02-04 20:04 -------- d-----w- c:\documents and settings\M Chung\Application Data\Logitech
2010-02-02 08:19 . 2010-02-02 08:20 -------- d-----w- c:\program files\Hypersnap
2010-01-29 11:38 . 2010-01-29 11:38 -------- d-----w- c:\documents and settings\S Chung\Local Settings\Application Data\RapidSolution
2010-01-28 10:32 . 2010-01-28 10:32 -------- d-----w- c:\program files\New Folder
2010-01-28 09:46 . 2010-01-28 09:46 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ATI
2010-01-28 09:05 . 2010-01-28 09:05 10134 ----a-r- c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{638965F2-4A84-F3D5-DE33-FE6A8B1EF01C}\ARPPRODUCTICON.exe
2010-01-28 08:44 . 2007-09-14 10:05 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-01-28 08:33 . 2010-01-28 08:33 -------- d-----w- c:\program files\ATI
2010-01-28 07:03 . 2010-01-28 07:03 9158 ----a-r- c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2010-01-28 07:03 . 2010-01-28 07:11 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-01-26 21:20 . 2010-01-26 21:20 -------- d-----w- c:\documents and settings\S Chung\Local Settings\Application Data\Logitech
2010-01-26 11:20 . 2006-08-01 04:02 49152 ----a-w- c:\windows\system32\ChCfg.exe
2010-01-26 11:20 . 2010-01-26 11:20 -------- d-----w- c:\program files\Realtek AC97
2010-01-26 11:18 . 2009-12-14 01:33 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-01-26 09:29 . 2010-01-26 09:29 -------- d-----w- c:\program files\Driver-Soft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-25 06:33 . 2007-06-21 11:13 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-02-24 11:28 . 2010-02-24 11:30 2971136 ----a-w- c:\windows\Internet Logs\xDB2E.tmp
2010-02-24 11:28 . 2010-02-24 11:30 1784832 ----a-w- c:\windows\Internet Logs\xDB2D.tmp
2010-02-23 11:21 . 2009-07-02 01:31 -------- d-----w- c:\program files\DivX
2010-02-23 11:20 . 2009-07-02 01:31 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-23 10:37 . 2010-02-23 10:39 2961408 ----a-w- c:\windows\Internet Logs\xDB2C.tmp
2010-02-23 10:37 . 2010-02-23 10:39 3003904 ----a-w- c:\windows\Internet Logs\xDB2B.tmp
2010-02-23 07:43 . 2008-08-03 09:07 401408 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGMResource.dll
2010-02-23 07:43 . 2008-08-03 09:07 765952 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGMDll.dll
2010-02-21 11:15 . 2009-11-27 05:41 -------- d-----w- c:\documents and settings\S Chung\Application Data\Skype
2010-02-21 11:12 . 2008-09-02 07:30 -------- d-----r- c:\program files\Skype
2010-02-21 11:11 . 2008-09-02 07:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Skype
2010-02-21 10:37 . 2010-01-26 03:06 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-18 08:44 . 2008-04-25 05:16 -------- d-----w- c:\program files\Lavasoft
2010-02-18 08:30 . 2009-12-26 11:06 862040 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-02-18 08:30 . 2009-12-26 11:06 206944 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-02-18 08:30 . 2009-12-26 11:06 390288 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-02-18 08:29 . 2009-12-26 11:06 537576 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-02-18 08:29 . 2009-12-26 11:06 389784 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-18 08:29 . 2009-12-26 11:05 6296864 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-02-18 08:29 . 2009-12-26 11:05 933120 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-02-18 08:29 . 2010-01-23 08:44 3803208 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-18 08:29 . 2009-12-26 11:05 816784 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-02-18 08:29 . 2009-12-26 11:05 823928 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-18 08:29 . 2009-12-26 11:05 1643272 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-02-18 08:29 . 2009-12-26 11:05 788880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-02-18 08:29 . 2009-12-26 11:05 1181328 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-17 09:29 . 2010-01-26 01:28 117760 ----a-w- c:\documents and settings\S Chung\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-17 09:28 . 2009-06-07 06:33 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-16 06:35 . 2007-08-25 04:54 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-02-16 06:35 . 2009-12-07 02:03 -------- d-----w- c:\program files\AVS4YOU
2010-02-16 06:25 . 2009-11-26 08:15 -------- d-----w- c:\program files\Mp3tag
2010-02-14 00:27 . 2010-01-26 03:06 -------- d-----w- c:\program files\Spyware Doctor
2010-02-10 09:47 . 2010-02-10 09:48 1260032 ----a-w- c:\windows\Internet Logs\xDB2A.tmp
2010-02-04 20:04 . 2007-06-17 06:59 149440 ----a-w- c:\documents and settings\M Chung\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-04 15:53 . 2009-12-26 11:07 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-03 11:32 . 2008-08-23 11:04 -------- d-----w- c:\program files\Sun
2010-02-03 11:30 . 2005-04-09 08:52 -------- d-----w- c:\program files\Java
2010-02-02 08:37 . 2005-04-06 13:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-02 08:37 . 2009-10-27 10:01 -------- d-----w- c:\program files\Macromedia
2010-02-02 08:37 . 2009-10-27 10:03 -------- d-----w- c:\program files\Common Files\Macromedia
2010-01-29 07:54 . 2010-01-18 04:54 -------- d-----w- c:\documents and settings\S Chung\Application Data\Auslogics
2010-01-29 07:48 . 2010-01-18 04:54 -------- d-----w- c:\program files\Auslogics
2010-01-28 10:02 . 2009-07-23 10:26 -------- d-----w- c:\program files\Paint.NET
2010-01-28 09:58 . 2009-06-21 02:44 149440 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-01-28 09:09 . 2009-10-25 04:12 -------- d-----w- c:\program files\ATI Technologies
2010-01-27 05:12 . 2008-07-03 07:37 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-27 04:38 . 2008-07-03 07:38 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-27 01:44 . 2009-10-25 05:09 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-26 21:21 . 2009-05-26 08:12 -------- d-----w- c:\program files\Logitech
2010-01-26 21:17 . 2009-05-26 08:12 -------- d-----w- c:\program files\Common Files\Logitech
2010-01-26 04:16 . 2010-01-26 04:16 -------- d-----w- c:\documents and settings\S Chung\Application Data\Simply Super Software
2010-01-26 04:16 . 2010-01-26 04:16 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Simply Super Software
2010-01-26 03:06 . 2010-01-26 03:06 -------- d-----w- c:\documents and settings\S Chung\Application Data\PC Tools
2010-01-26 01:32 . 2010-01-26 01:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-26 01:31 . 2010-01-26 01:31 52224 ----a-w- c:\documents and settings\S Chung\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-26 01:28 . 2010-01-26 01:28 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2010-01-26 01:28 . 2010-01-26 01:28 65024 ----a-r- c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2010-01-26 01:28 . 2010-01-26 01:28 5120 ----a-r- c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
2010-01-26 01:28 . 2010-01-26 01:28 -------- d-----w- c:\documents and settings\S Chung\Application Data\SUPERAntiSpyware.com
2010-01-25 11:41 . 2009-12-14 08:01 -------- d-----w- c:\program files\Replay Music 3
2010-01-25 06:03 . 2010-01-25 05:56 -------- d-----w- c:\documents and settings\S Chung\Application Data\Error Fix
2010-01-25 06:02 . 2010-01-25 05:56 -------- d-----w- c:\program files\Error Fix
2010-01-25 05:37 . 2005-04-09 08:52 -------- d-----w- c:\program files\Common Files\Java
2010-01-25 05:36 . 2010-01-25 05:36 61440 ----a-w- c:\documents and settings\S Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5c4c06a6-n\decora-sse.dll
2010-01-25 05:36 . 2010-01-25 05:36 503808 ----a-w- c:\documents and settings\S Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-20410059-n\msvcp71.dll
2010-01-25 05:36 . 2010-01-25 05:36 499712 ----a-w- c:\documents and settings\S Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-20410059-n\jmc.dll
2010-01-25 05:36 . 2010-01-25 05:36 348160 ----a-w- c:\documents and settings\S Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-20410059-n\msvcr71.dll
2010-01-25 05:36 . 2010-01-25 05:36 12800 ----a-w- c:\documents and settings\S Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5c4c06a6-n\decora-d3d.dll
2010-01-25 05:03 . 2010-01-25 05:03 -------- d-----w- c:\documents and settings\S Chung\Application Data\ScanSoft
2010-01-25 05:03 . 2010-01-25 05:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SSScanWizard
2010-01-25 05:03 . 2010-01-25 05:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SSScanAppDataDir
2010-01-25 05:03 . 2007-02-03 10:28 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-01-25 04:58 . 2010-01-25 04:58 -------- d-----w- c:\program files\ArcSoft
2010-01-25 04:56 . 2006-02-07 12:05 -------- d-----w- c:\program files\Canon
2010-01-25 00:06 . 2010-01-24 10:55 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software
2010-01-24 23:46 . 2010-01-24 23:58 140288 ----a-w- c:\windows\Internet Logs\xDB29.tmp
2010-01-24 10:55 . 2008-07-05 13:36 -------- d-----w- c:\program files\Alwil Software
2010-01-23 08:34 . 2005-04-30 13:35 -------- d-----w- c:\program files\QuickTime
2010-01-23 08:31 . 2008-12-08 03:22 -------- d-----w- c:\program files\Common Files\Apple
2010-01-23 08:30 . 2008-08-18 08:54 -------- d-----w- c:\program files\Apple Software Update
2010-01-23 00:41 . 2010-01-23 00:41 -------- d-----w- c:\documents and settings\S Chung\Application Data\Logitech
2010-01-23 00:38 . 2010-01-23 00:38 -------- d-----w- c:\documents and settings\S Chung\Application Data\Leadertech
2010-01-23 00:38 . 2009-05-26 08:25 -------- d-----w- c:\program files\Common Files\Logishrd
2010-01-23 00:38 . 2009-05-26 08:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\LogiShrd
2010-01-23 00:36 . 2010-01-23 00:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Logitech
2010-01-23 00:09 . 2010-01-23 00:11 2403840 ----a-w- c:\windows\Internet Logs\xDB28.tmp
2010-01-22 23:33 . 2010-01-22 23:39 2400768 ----a-w- c:\windows\Internet Logs\xDB27.tmp
2010-01-22 06:58 . 2010-01-22 07:38 2399744 ----a-w- c:\windows\Internet Logs\xDB26.tmp
2010-01-22 06:58 . 2010-01-22 07:38 49664 ----a-w- c:\windows\Internet Logs\xDB25.tmp
2010-01-22 05:17 . 2007-11-11 03:37 4828308 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-01-21 05:10 . 2010-01-21 07:34 69120 ----a-w- c:\windows\Internet Logs\xDB24.tmp
2010-01-20 22:07 . 2009-03-28 02:51 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 06:15 . 2010-01-18 06:17 2381312 ----a-w- c:\windows\Internet Logs\xDB23.tmp
2010-01-18 06:15 . 2010-01-18 06:17 65024 ----a-w- c:\windows\Internet Logs\xDB22.tmp
2010-01-17 03:38 . 2010-01-17 03:39 58880 ----a-w- c:\windows\Internet Logs\xDB21.tmp
2010-01-16 08:21 . 2010-01-16 23:22 134656 ----a-w- c:\windows\Internet Logs\xDB20.tmp
2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 07:08 . 2009-12-31 07:08 10134 ----a-r- c:\documents and settings\M Chung\Application Data\Microsoft\Installer\{638965F2-4A84-F3D5-DE33-FE6A8B1EF01C}\ARPPRODUCTICON.exe
2009-12-27 05:50 . 2009-12-28 00:52 204800 ----a-w- c:\windows\Internet Logs\xDB1F.tmp
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2000-01-01 00:00 . 2000-01-01 00:00 23 --sh--r- c:\windows\mtlid64s2.dat
.
------- Sigcheck -------
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
c:\windows\System32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 08:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2010-01-22 67128]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-24 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"DNTVSchedulerProTray Icon"="c:\program files\DNTV Scheduler Pro\DNTVSchedulerProTray.exe" [2009-03-14 167936]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 03:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 01:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt\0sprestrt\0lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Battle For Middle Earth I\\game.dat"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Call of Duty Modern Warfare\\iw3mp.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"h:\\Nexon\\Combat Arms\\NMService.exe"=
"h:\combat arms\CombatArms.exe"= h:\combat arms\CombatArms.exe:*Enabled:CombatArms.exe
"h:\combat arms\Engine.exe"= h:\combat arms\Engine.exe:*Enabled:Engine.exe
"h:\\Combat Arms\\NMService.exe"=
"h:\\Prince of Persia\\Prince of Persia.exe"=
"h:\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"h:\\BFME2\\game.dat"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\S Chung\\Desktop\\ \\Downloadz\\utorrent(2).exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58508:TCP"= 58508:TCP:Pando Media Booster
"58508:UDP"= 58508:UDP:Pando Media Booster
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [26/12/2009 10:07 PM 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [26/01/2010 2:06 PM 207792]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/02/2010 10:20 PM 162512]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 8:43 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/02/2010 10:20 PM 19024]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [26/01/2010 2:08 PM 112592]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [23/01/2010 11:38 AM 10384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19/02/2010 6:58 PM 236368]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [16/02/2010 8:48 PM 17984]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19/02/2010 6:58 PM 19160]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 DNTVSchedulerPro;DNTV Scheduler Pro Service;c:\program files\DNTV Scheduler Pro\wrapper.exe -s wrapper.conf --> c:\program files\DNTV Scheduler Pro\wrapper.exe -s wrapper.conf [?]
S2 gupdate1ca0c3d8ecb7ade;Google Update Service (gupdate1ca0c3d8ecb7ade);c:\program files\Google\Update\GoogleUpdate.exe [24/07/2009 8:03 PM 133104]
S2 msrvc;msrvc;c:\ssrcc\msrvc.exe --> c:\ssrcc\msrvc.exe [?]
S2 ssrcc;ssrcc;c:\ssrcc\ssrcc.exe --> c:\ssrcc\ssrcc.exe [?]
S3 gagp440p;gAGP440p;
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [5/02/2010 2:52 AM 1228208]
S3 lwadihid;Logitech WingMan Digital Devices(Auto-Detect);c:\windows\system32\drivers\LwAdiHid.sys [24/06/2008 8:01 PM 20864]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\A.tmp --> c:\windows\system32\A.tmp [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 8:43 AM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [26/01/2010 2:10 PM 359624]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-02-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:52]
2010-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 01:34]
2010-02-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-02 09:01]
2009-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca5adf3171372.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 09:02]
2009-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 09:02]
2010-02-19 c:\windows\Tasks\Malwarebytes' Scheduled Scan for S Chung.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-02-19 05:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: buttongenerator.com
Trusted Zone: wtso.net\www
TCP: {871466D7-BD14-429F-A174-40DED368A122} = 93.188.163.113,93.188.161.83
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\S Chung\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-02-25 18:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\sys_drv.dat 9036 bytes
c:\windows\system32\sys_drv_2.dat 6024 bytes
c:\windows\system32\WinFLdrv.sys 17984 bytes executable
c:\documents and settings\S Chung\Application Data\systemfl.$dk 990 bytes
scan completed successfully
hidden files: 4
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x8A6278C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf758ecb8
\Driver\atapi -> atapi.sys @ 0xf7483b3a
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\A.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1644)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\S Chung\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(1412)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-25 18:51:29
ComboFix-quarantined-files.txt 2010-02-25 07:51
ComboFix2.txt 2010-02-04 08:28
Pre-Run: 20,544,013,824 bytes free
Post-Run: 20,515,973,120 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\="Unidentified operating system on drive C."
- - End Of File - - 338F557B0607EB00986C291F98BBD68B