My comp was infected with trogen in Jan and I took it to a comp techie to fix it. But now when I select a link off my Favourites, I some times get direct to the ' you computer is infected' site. It has maybe happed 3-4 times since. I know there is something wrong but the scans produced no results. I use Eset 3.0. Thanks you so very much for your generous help. I am not very good with computers so I hope I have followed the instructions correctly. Here is the dds.txt DDS (Ver_09-12-01.01) - NTFSx86 Run by Sarah at 23:19:19.62 on 11/03/2010 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.703.375 [GMT -8:00] AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe svchost.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Sarah\Desktop\dds.scr ============== Pseudo HJT Report =============== uWindow Title = Microsoft Internet Explorer uStart Page = hxxp://ca.search.yahoo.com/web/advanced?ei=UTF-8&fr=yfp-t-501 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [ssAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263694369483 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263694357776 ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\sarah\applic~1\mozilla\firefox\profiles\xc93xfwc.default\ FF - prefs.js: browser.startup.homepage - hxxp://hk.yahoo.com/ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800] R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224] S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?] =============== Created Last 30 ================ 2010-03-12 07:15:21 0 ----a-w- c:\documents and settings\sarah\defogger_reenable 2010-03-09 07:24:24 3245 ----a-w- c:\windows\system32\wbem\Outlook_01cabf598b4dae70.mof 2010-03-07 23:08:11 0 d-----w- c:\windows\system32\NtmsData 2010-02-22 05:59:29 398 ----a-w- c:\windows\NJCOM.INI 2010-02-22 05:59:23 0 d-----w- c:\docume~1\sarah\applic~1\NJStar 2010-02-22 05:59:05 0 d-----w- c:\program files\NJStar Communicator ==================== Find3M ==================== 2010-01-17 06:39:48 390240 ----a-w- c:\windows\system32\mkdriver.dll 2010-01-17 06:39:48 292696 ----a-w- c:\windows\system32\XceedFtp.dll 2010-01-16 16:53:17 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll 2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll 2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll ============= FINISH: 23:19:48.37 =============== Malwarebytes log Malwarebytes' Anti-Malware 1.44 Database version: 3857 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 11/03/2010 11:11:31 PM mbam-log-2010-03-11 (23-11-31).txt Scan type: Full Scan (A:\|C:\|D:\|E:\|) Objects scanned: 141053 Time elapsed: 36 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Gmer log GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-03-11 23:49:40 Windows 5.1.2600 Service Pack 3 Running: wu5x6g84.exe; Driver: C:\DOCUME~1\Sarah\LOCALS~1\Temp\kxtdapob.sys ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG) AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG) AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET) ---- EOF - GMER 1.0.15 ---- Please let me know what I should do next. Thanks again for all the help. ark.zip Attach.zip