Here are the OTL files. FYI to get extra.txt we need to check extra registry.
Also I don’t know if it makes a difference but to prevent to much damage, I have been booting with the rescue disk, and also Karpersky was running.
Let me know.
Thanks
Hi,
Good job getting those ran. Unless I ask you to boot from a rescue disk please just boot normally. 
Run TDSSKiller again.
When you get to the following entry:
\Device\Harddisk0\DR0 ( TDSS File System )
Delete that entry and then attach the newly made log.
Here is the log
Hi,
Sorry about the delay…I had class yesterday and last night. I will return as quick as I can.
Hi,
[*]Please open Notepad (Start → Run → type notepad in the Open field → OK) and copy and paste the text present inside the code box below:
ClearJavaCache::
DDS::
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uInternet Settings,ProxyOverride = localhost
File::
c:\documents and settings\Erid Le Balanger\Local Settings\Application Data\Akamai\netsession_win.exe
c:\windows\system32\drivers\ifxkch.sys
c:\windows\system32\drivers\rwoyc.sys
c:\windows\system32\drivers\ifmlxv.sys
c:\docume~1\ERIDLE~1\LOCALS~1\Temp\fxf5c497.tmp\tidhook.sys
Firefox::
FF - ProfilePath - c:\documents and settings\Erid Le Balanger\Application Data\Mozilla\Firefox\Profiles\o30x4hhj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.search.selectedengine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=2&q=
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Iomega App Services"=-
"Updater Service for StartNow Toolbar"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"=-
"3540:UDP"=-
"1037:TCP"=-
"5000:UDP"=-
Driver::
fnurceg
iqnsg
nvnbmbih
TIDHOOK
[*]Save this as CFScript.txt and change the “Save as type” to “All Files” and place it on your desktop.
http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif
[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
[*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix’s window while it is running. That may cause it to stall.
Hello Jeffce.
That’s cool. It seems my computer is clear now, I can use safemode (which was really the last symptom( but I am still following up.
Ok, I get this warning from Combofix that I have the Norman Suite running. I don’t even know what that is.
Please advise.
Go ahead and run ComboFix anyway.
If you have problems with it go to Control Panel >> Add/Remove Programs and remove Norman Suite.
In your next reply attach the new ComboFix log.
I did that already, but I see no Norman suite anywhere. I looked on the web and it seems it is some kind of a malware, There even have some Norman removal tool… Ok I run combofix
Here is the log
Hi,
While I am reviewing the new log please do the following…
Download and run the tool here >> http://download.norman.no/public/Delnvc5.exe and this should remove all of that Norman Suite.
Hi,
I need some information on some unidentified files. We will use Virustotal Please submit these files for analysis
To submit a file to virustotal, please click VirusTotal
copy and paste the following into the upload a file box (one at a time if more than one file is listed)
c:\documents and settings\All Users\Application Data\SSS_AutoUpdateChecker\SSS_AutoUpdateChecker.exe
scroll down a bit and click “send file”, wait for the results and then attach a link to the results in your next reply.
Please note that sometimes the scans take a few minutes. Please ensure that the scan has completed and the results are complete before submitting the next sample. Also please make sure each result is clearly identified as to which sample they belong to.
Hey Jeffce,
I did that, then I looked at it, and deleted it and saved it
Hello Jeffce,
Will you be in during the week end (just to know if I need to check or not)
My computer appears to be fine.
Thanks again for your help.
Eric1234
Hi,
Yes I am here on the weekends. I will be limited on time this next week…I have Finals for college I have to study for.
[*]Please open Notepad (Start → Run → type notepad in the Open field → OK) and copy and paste the text present inside the code box below:
ClearJavaCache::
DDS::
uStart Page = hxxp://search.babylon.com/?affID=110014&tl=ykn003793&babsrc=HP_ss&mntrId=20a5903e000000000000001d0912c785
File::
c:\windows\system32\6384.sys
c:\windows\system32\3042.sys
Folder::
c:\program files\BabylonToolbar
c:\documents and settings\Erid Le Balanger\Local Settings\Application Data\Babylon
c:\documents and settings\Erid Le Balanger\Application Data\Babylon
[*]Save this as CFScript.txt and change the “Save as type” to “All Files” and place it on your desktop.
http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif
[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
[*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix’s window while it is running. That may cause it to stall.
Hello
Here is the combofix file.
Hi,
Malwarebytes
I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
ESET Online Scanner:
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
[*]Please go here then click on:
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS1.gif
[*][quote]Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
[*]Select the option YES, I accept the Terms of Use then click on:
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
[*]When prompted allow the Add-On/Active X to install.
[*]Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
[*]Now click on Advanced Settings and select the following:
[*]Scan for potentially unwanted applications
[*]Scan for potentially unsafe applications
[*]Enable Anti-Stealth Technology
[*]Now click on:
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
[*]The virus signature database… will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
[*]When completed the Online Scan will begin automatically.
[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
[*]Now click on:
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
[*]Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
In your next reply please attach the logs made by Malwarebytes and ESET online scanner.
Hellol Jeffce;
Sorry for the delay, I had to catch up with my work.
Here are the logs.
So you said you had finals, what are you studying?
Regards.
Hi,
Don’t worry about the delay. I have had to study for finals this week. I am finishing them up today though…
Oooops…I see you ran a scan with Kaspersky…could you run the scan with Malwarebytes and attach that log too please?
You said Malwarebyte, lol
Sorry about that after a while I get mixed up.
;D Not a problem.
Well those looked good. How is your system behaving?