Tyler_Durden

So far so good, the redirects and pop ups are gone!!! It took a while but it seems that the problem is gone for now! My question is how was only the router affected? Most importantly how did this happen? BTW thank you for help

So far so good the redirects and pop ups are gone for now!!! I cannot believe that worked! My question is how was just the router affected? and how did it happen?

Ok just went through a big hassle doing that now, I fully reset and changed passwords everywhere, I hope this works.

Ok I just called Netgear and they said to hold two buttons on the side to reset it. I was holding only one. Ok I am going to reset the router, and I'm going to assume I will have to call my ISP, just as you said because the information will then be different.

Thank you elise, my router is a NETgear Wireless-N 300 Router with DSL Modem DGN2000.

My brother's computer is the only laptop that connects to our router. He is not here right now, but we did take it to a friend's house the other day, and while there were still pop ups, he did manage to update all his AV programs, which at our house , is impossible.

Well my router is a NETgear ADSL2, and it doesnt have a pinhole sized button to reset it. So I looked on the website and it said to unplug it for two minutes, and hold down the power button. I did this and it reset to where i had to enter the default login and PW (i.e. admin, password) I went in there and changed the password. After that I couldnt connect to the internet and had to call my isp to get me back online they gave me a random PW and now it works again.

I plugged the cable directly into my comp and nothing, because my router is also my modem I believe.

Hi elise I did not backup anything, which is fine because i had nothing important on this computer. I also do not use a shared folder, I use my own. I will try to by pass the router to see what happens. Thank you for your reply.

Can anyone please help me with this? I dont know what to do here, I'm willing to try anything.

Hello, I have posted here before on how to stop browser redirects. I recieved a lengthy analysis from MBAM forum member Kenny94, http://forums.malwarebytes.org/index.php?s...=58546&st=0 I reset the router, and changed passworeds.I have reformated and installed a fresh OS. The problem is still happening. I am at wits end ith this. All the computers in my house suffer the same thing. I tried to update MBAM on my brother's computer and it would not let me, just as I expected. But then we took his computer to his friends house and connected to the internet there. From there he was able to update MBAM, and other AV and anti-malware programs as well. They detected and deleted numerous virus and malware. Why is it only at my router we suffer from this? If anyone can give me more info please.

One last question should i reformat and reinstall all comps in house first, or reset the rotuer and change PW first?

Ok I will start working on this when I get back home. By the way is there a link somewhere that informs me on how to reset the router and change its password?

Hi Kenny, I feel that may be my only option at this point. I did some more investigating though, and I found out that all the computers in my house have the same thing. I also ran Drweb Cure it in safe mode and it found something here is the log A0006034.exe/data002\nircmd.exe;C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP19\A0006034.exe/data002;Tool.NirCmd.1;; data002;C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP19;Archive contains infected objects;; A0006034.exe;C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP19;Container contains infected objects;Moved.; The objects were called A006034; descript; and hosts The problem still persists though and i will reformat

The log seems to be the same after running the fix.bat file. The only thing that seems to change is that my Norton antivirus needs to be reactivated. Ok Kenny We have battled this beast for a long time I have to get some rest. As much as I want to stay and figure this out I need to sleep. I will log on first thing when I wake up. Bootkit Remover © 2009 eSage Lab www.esagelab.com Program version: 1.1.0.0 OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600) System volume is \\.\C: \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found) Done; Press any key to quit...

bootkit remover log Bootkit Remover © 2009 eSage Lab www.esagelab.com Program version: 1.1.0.0 OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600) System volume is \\.\C: \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found) Done; Press any key to quit...

no networking, it is very simple setup. just connected to router directly while two other computers in house share the wireless connection that is it. I checked out the other computers and they are running fine.

just 1 i believe

Combofix log ComboFix 10-07-27.02 - Administrator 07/28/2010 4:20.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3055.2435 [GMT -5:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} . ((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-28 ))))))))))))))))))))))))))))))) . 2010-07-28 09:02 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-28 09:02 . 2010-07-28 09:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-28 09:02 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-28 08:22 . 2010-07-28 08:22 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec 2010-07-28 08:22 . 2010-07-28 08:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Tific 2010-07-28 08:01 . 2010-07-28 08:01 -------- d-----w- c:\program files\7-Zip 2010-07-28 07:35 . 2010-07-28 07:35 0 ----a-w- c:\windows\nsreg.dat 2010-07-28 07:35 . 2010-07-28 07:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2010-07-28 05:02 . 2010-07-28 05:02 -------- d-----w- C:\_OTM 2010-07-27 09:44 . 2010-05-21 19:14 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-07-27 09:43 . 2010-07-27 09:43 -------- d-----w- c:\program files\Windows Defender 2010-07-27 09:27 . 2010-07-27 09:27 -------- d-----w- c:\program files\Common Files\Java 2010-07-27 09:26 . 2010-07-27 09:26 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62ee3fed-n\msvcp71.dll 2010-07-27 09:26 . 2010-07-27 09:26 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62ee3fed-n\jmc.dll 2010-07-27 09:26 . 2010-07-27 09:26 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62ee3fed-n\msvcr71.dll 2010-07-27 09:26 . 2010-07-27 09:26 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1a66e7b6-n\decora-sse.dll 2010-07-27 09:26 . 2010-07-27 09:26 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1a66e7b6-n\decora-d3d.dll 2010-07-27 09:26 . 2010-07-27 09:26 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-27 09:26 . 2010-07-27 09:26 -------- d-----w- c:\program files\Java 2010-07-27 09:22 . 2010-07-27 09:22 -------- d-----w- c:\windows\Sun 2010-07-27 05:40 . 2010-07-27 05:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp 2010-07-27 05:40 . 2010-07-27 05:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2010-07-27 05:35 . 2010-07-27 05:35 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2010-07-27 04:50 . 2010-07-28 05:06 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google 2010-07-27 04:49 . 2010-07-27 04:49 -------- d-----w- c:\program files\Trend Micro 2010-07-27 04:47 . 2010-07-27 05:35 -------- d-----w- c:\program files\Google 2010-07-27 04:47 . 2010-07-27 04:47 1975408 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en32_signed.exe 2010-07-27 04:47 . 2010-07-27 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-07-27 04:35 . 2010-07-27 04:35 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2010-07-27 04:35 . 2010-07-27 04:41 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin 2010-07-27 04:35 . 2010-07-27 04:41 1 ----a-w- c:\windows\system32\nvdrssel.bin 2010-07-27 04:35 . 2010-07-27 04:41 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin 2010-07-27 04:35 . 2010-07-27 04:36 -------- d-----w- c:\program files\NVIDIA Corporation 2010-07-27 04:35 . 2010-07-09 22:38 61440 ----a-w- c:\windows\system32\OpenCL.dll 2010-07-27 04:35 . 2010-07-09 22:38 4595712 ----a-w- c:\windows\system32\nvcuda.dll 2010-07-27 04:35 . 2010-07-09 22:38 2914408 ----a-w- c:\windows\system32\nvcuvid.dll 2010-07-27 04:35 . 2010-07-09 22:38 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll 2010-07-27 04:35 . 2010-07-09 22:38 2195030 ----a-w- c:\windows\system32\nvdata.bin 2010-07-27 04:35 . 2010-07-09 22:38 10260480 ----a-w- c:\windows\system32\nvcompiler.dll 2010-07-27 04:35 . 2010-07-27 04:35 -------- d-----w- C:\NVIDIA 2010-07-27 03:53 . 2010-07-27 03:53 -------- d-----w- c:\windows\ServicePackFiles 2010-07-27 03:11 . 2010-07-27 04:10 -------- d-----w- c:\windows\system32\CatRoot_bak 2010-07-27 03:09 . 2009-11-21 16:36 470528 ------w- c:\windows\system32\dllcache\aclayers.dll 2010-07-27 03:09 . 2010-06-14 14:30 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-27 03:09 . 2009-10-15 17:21 82432 ------w- c:\windows\system32\dllcache\fontsub.dll 2010-07-27 03:09 . 2009-06-21 22:04 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2010-07-27 03:09 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe 2010-07-27 03:07 . 2010-07-28 09:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-07-27 03:07 . 2010-07-28 09:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-07-27 03:07 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys 2010-07-27 03:07 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys 2010-07-27 03:07 . 2009-12-31 16:14 352640 ------w- c:\windows\system32\dllcache\srv.sys 2010-07-27 03:06 . 2010-02-24 12:31 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2010-07-27 03:04 . 2008-05-08 12:28 202752 ------w- c:\windows\system32\dllcache\rmcast.sys 2010-07-27 02:54 . 2008-06-12 14:16 91648 ------w- c:\windows\system32\dllcache\mtxoci.dll 2010-07-27 02:54 . 2008-06-12 14:16 66560 ------w- c:\windows\system32\dllcache\mtxclu.dll 2010-07-27 02:54 . 2008-06-12 14:16 58880 ------w- c:\windows\system32\dllcache\msdtclog.dll 2010-07-27 02:54 . 2008-06-12 14:16 161792 ------w- c:\windows\system32\dllcache\msdtcuiu.dll 2010-07-27 02:54 . 2008-06-12 14:16 956928 ------w- c:\windows\system32\dllcache\msdtctm.dll 2010-07-27 02:54 . 2008-06-12 14:16 428032 ------w- c:\windows\system32\dllcache\msdtcprx.dll 2010-07-27 02:54 . 2008-10-23 13:01 283648 ------w- c:\windows\system32\dllcache\gdi32.dll 2010-07-27 02:54 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe 2010-07-27 02:54 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll 2010-07-27 02:53 . 2009-12-24 07:05 177664 ------w- c:\windows\system32\dllcache\wintrust.dll 2010-07-27 02:53 . 2010-01-13 14:10 85504 ------w- c:\windows\system32\dllcache\cabview.dll 2010-07-27 02:53 . 2010-07-27 02:53 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache 2010-07-27 02:52 . 2010-07-27 02:52 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2010-07-27 02:51 . 2010-07-27 02:51 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2010-07-27 02:50 . 2010-07-28 08:00 -------- d-----w- c:\windows\ie8updates 2010-07-27 02:49 . 2010-07-27 02:50 -------- dc-h--w- c:\windows\ie8 2010-07-27 02:49 . 2008-06-24 16:23 74240 ------w- c:\windows\system32\dllcache\mscms.dll 2010-07-27 02:49 . 2009-05-07 15:44 344064 ------w- c:\windows\system32\dllcache\localspl.dll 2010-07-27 02:49 . 2009-11-27 17:33 17920 ------w- c:\windows\system32\dllcache\msyuv.dll 2010-07-27 02:49 . 2009-07-31 04:57 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll 2010-07-27 02:43 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2010-07-27 02:43 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll 2010-07-27 02:43 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-07-27 02:43 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll 2010-07-27 02:43 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll 2010-07-27 02:43 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll 2010-07-27 02:43 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll 2010-07-27 02:42 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll 2010-07-27 02:42 . 2008-02-26 11:59 294912 ------w- c:\windows\system32\dllcache\msctf.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-27 01:19 . 2010-07-27 01:19 -------- d-----w- c:\program files\Program Shortcuts 2010-07-27 01:15 . 2010-07-27 01:15 1744 --sha-r- c:\windows\system32\drivers\103C_HP_WS_HP xw4600 Workstation_YW_0xw_Q2UA805_EU_48WS_I0AA0h_SHP_V_B786F3 v01.04_T071108_WXP2_L409_M3056_J250_7Intel_8Core2 Duo E6850_93_#100726_N14E4167B_()_X_CD6_Z_2_G10DE040E_OATAPI DVD A DH16A1L_DDEFAULT.MRK 2010-07-27 01:15 . 2010-07-27 01:13 -------- d-----w- c:\program files\Hewlett-Packard 2010-07-27 01:14 . 2006-04-26 00:31 91227 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-07-27 01:14 . 2010-07-27 01:14 -------- d-----w- c:\program files\Hewlett-Packard Company 2010-07-27 01:14 . 2010-07-27 01:10 -------- d-----w- c:\program files\Broadcom 2010-07-27 01:13 . 2010-07-27 01:13 -------- d-----w- c:\program files\PDF Complete 2010-07-27 01:13 . 2010-07-27 01:13 -------- d-----w- c:\program files\Common Files\LightScribe 2010-07-27 01:13 . 2010-07-27 01:13 -------- d-----w- c:\program files\Intel 2010-07-27 01:12 . 2010-07-27 01:11 -------- d-----w- c:\program files\HPQ 2010-07-27 01:11 . 2010-07-27 01:11 -------- d-----w- c:\program files\HP 2010-07-27 01:11 . 2010-07-27 01:11 315392 ----a-w- c:\windows\HideWin.exe 2010-07-27 01:11 . 2010-07-27 01:11 -------- d-----w- c:\program files\Realtek 2010-07-27 01:10 . 2010-07-27 01:10 -------- d-----w- c:\program files\Common Files\InstallShield 2010-07-27 01:05 . 2010-07-27 00:53 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-07-27 01:03 . 2010-07-27 01:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\SampleView 2010-07-27 01:03 . 2010-07-27 01:03 -------- d-----w- c:\program files\microsoft frontpage 2010-07-27 00:53 . 2010-07-27 00:53 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2010-07-27 00:53 . 2010-07-27 00:53 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2010-07-27 00:53 . 2010-07-27 00:53 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2010-07-27 00:53 . 2010-07-27 00:53 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-07-27 00:53 . 2010-07-27 00:53 -------- d-----w- c:\program files\Symantec 2010-07-27 00:53 . 2010-07-27 00:53 -------- d-----w- c:\program files\Norton AntiVirus 2010-07-27 00:53 . 2010-07-27 00:53 -------- d-----w- c:\program files\Windows Sidebar 2010-07-27 00:53 . 2010-07-27 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-07-27 00:51 . 2010-07-27 00:50 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2010-07-27 00:50 . 2010-07-27 00:50 -------- d-----w- c:\program files\NortonInstaller 2010-07-26 23:22 . 2010-07-26 23:22 14024 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-26 23:21 . 2010-07-26 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles 2010-07-26 23:20 . 2010-07-27 01:11 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-09 22:38 . 2010-07-27 01:10 604776 ----a-w- c:\windows\system32\nvudisp.exe 2010-07-09 22:38 . 2010-07-27 00:59 13549568 ----a-w- c:\windows\system32\nvoglnt.dll 2010-07-09 22:38 . 2010-07-27 00:59 236136 ----a-w- c:\windows\system32\nvcodins.dll 2010-07-09 22:38 . 2010-07-27 00:59 236136 ----a-w- c:\windows\system32\nvcod.dll 2010-07-09 22:38 . 2010-07-27 00:59 1388544 ----a-w- c:\windows\system32\nvapi.dll 2010-07-09 22:38 . 2010-07-27 00:59 6343040 ----a-w- c:\windows\system32\nv4_disp.dll 2010-07-09 22:38 . 2010-07-27 00:59 10604128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2010-07-09 21:24 . 2010-07-09 21:24 81920 ----a-w- c:\windows\system32\nvwddi.dll 2010-07-09 21:24 . 2010-07-09 21:24 277608 ----a-w- c:\windows\system32\nvmccs.dll 2010-07-09 21:24 . 2010-07-09 21:24 110696 ----a-w- c:\windows\system32\nvmctray.dll 2010-07-09 21:24 . 2010-07-09 21:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe 2010-07-09 21:24 . 2010-07-09 21:24 145000 ----a-w- c:\windows\system32\nvcolor.exe 2010-07-09 21:24 . 2010-07-09 21:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll 2010-07-07 18:46 . 2010-07-27 01:10 604776 ----a-w- c:\windows\system32\NVUNINST.EXE 2010-06-14 14:30 . 2004-08-04 07:56 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-05-06 10:41 . 2004-08-04 07:56 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 07:09 . 2004-08-04 06:17 1859968 ----a-w- c:\windows\system32\win32k.sys . ((((((((((((((((((((((((((((( SnapShot@2010-07-27_19.32.58 ))))))))))))))))))))))))))))))))))))))))) . + 2010-07-28 09:00 . 2010-07-28 09:00 16384 c:\windows\Temp\Perflib_Perfdata_5e4.dat + 2010-07-28 08:59 . 2010-07-28 08:59 16384 c:\windows\Temp\Perflib_Perfdata_570.dat + 2004-08-04 07:56 . 2009-10-21 06:00 75776 c:\windows\system32\strmfilt.dll - 2004-08-04 07:56 . 2004-08-04 07:56 75776 c:\windows\system32\strmfilt.dll - 2006-04-26 00:43 . 2010-07-27 17:52 52968 c:\windows\system32\perfc009.dat + 2006-04-26 00:43 . 2010-07-28 09:03 52968 c:\windows\system32\perfc009.dat + 2004-08-04 07:56 . 2009-10-21 06:00 25088 c:\windows\system32\httpapi.dll + 2009-10-21 06:00 . 2009-10-21 06:00 75776 c:\windows\system32\dllcache\strmfilt.dll + 2009-10-21 06:00 . 2009-10-21 06:00 25088 c:\windows\system32\dllcache\httpapi.dll + 2004-08-04 07:56 . 2009-08-25 09:47 352256 c:\windows\system32\winhttp.dll + 2004-08-04 07:56 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll - 2004-08-04 07:56 . 2009-03-08 09:33 420352 c:\windows\system32\vbscript.dll + 2006-04-26 00:43 . 2010-07-28 09:03 380680 c:\windows\system32\perfh009.dat - 2006-04-26 00:43 . 2010-07-27 17:52 380680 c:\windows\system32\perfh009.dat + 2004-08-04 07:56 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll - 2004-08-04 07:56 . 2009-03-08 09:33 726528 c:\windows\system32\jscript.dll + 2004-08-04 06:00 . 2009-10-20 14:58 263552 c:\windows\system32\drivers\http.sys + 2008-12-16 12:47 . 2009-08-25 09:47 352256 c:\windows\system32\dllcache\winhttp.dll + 2009-03-08 09:33 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll - 2009-03-08 09:33 . 2009-03-08 09:33 420352 c:\windows\system32\dllcache\vbscript.dll - 2009-03-08 09:33 . 2009-03-08 09:33 726528 c:\windows\system32\dllcache\jscript.dll + 2009-03-08 09:33 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll + 2009-10-20 14:58 . 2009-10-20 14:58 263552 c:\windows\system32\dllcache\http.sys + 2010-07-28 08:00 . 2009-03-08 09:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll + 2010-07-28 08:00 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll + 2010-07-28 08:00 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe + 2010-07-28 08:00 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll + 2010-07-28 08:00 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe + 2010-07-28 08:00 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll + 2010-07-28 08:00 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll + 2010-07-28 08:00 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe + 2010-07-28 08:00 . 2009-03-08 09:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll + 2009-10-20 14:58 . 2009-10-20 14:58 263552 c:\windows\Driver Cache\i386\http.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344] "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-06-25 331288] "Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856] "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1107000.00C\symds.sys [7/26/2010 8:55 PM 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1107000.00C\symefa.sys [7/26/2010 8:55 PM 173104] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20100709.001\BHDrvx86.sys [7/9/2010 9:44 PM 691248] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1107000.00C\cchpx86.sys [7/26/2010 8:55 PM 501888] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1107000.00C\ironx86.sys [7/26/2010 8:55 PM 116784] R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe [7/26/2010 8:55 PM 126392] R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [4/30/2010 6:52 AM 3795560] R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [7/26/2010 8:13 PM 540184] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/26/2010 8:02 PM 102448] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20100726.001\IDSXpx86.sys [7/27/2010 11:39 PM 331640] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/27/2010 12:35 AM 135664] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder 2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-27 05:35] 2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-27 05:35] 2010-07-28 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/ IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o2o9ixg6.default\ FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\IPSFFPlgn\components\IPSFFPl.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-28 04:22 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.7.0.12\diMaster.dll\" /prefetch:1" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(920) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2010-07-28 04:23:16 ComboFix-quarantined-files.txt 2010-07-28 09:23 ComboFix2.txt 2010-07-27 20:35 ComboFix3.txt 2010-07-27 19:33 Pre-Run: 227,001,962,496 bytes free Post-Run: 227,027,501,056 bytes free - - End Of File - - 2004BDB69F7BDB64ED64B1260797B1E7

That line never came this all i got and i ran it three times to be sure MBRCheck, version 1.1.1 © 2010, AD \\.\C: --> \\.\PhysicalDrive0 \\.\D: --> \\.\PhysicalDrive0 Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Windows XP MBR code detected Done! Press ENTER to exit...

Still not working, after following your instructions exactly. Something to note, when i download it from Cnet, I always get a pop up or redirect, which just happened.

Here is log from the quick scan Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 7/28/2010 3:48:15 AM mbam-log-2010-07-28 (03-48-15).txt Scan type: Quick scan Objects scanned: 108754 Time elapsed: 3 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Ok rebooted still wont let me, the most current version I can get is from april of 2010, i have ran the quick scan anyways to see if it catches anything. I feel we are close, thank you

It is not letting me update MBAM still. Is the installer file called mbam-setup-1.46?

Finally got, that was wierd here it is Bootkit Remover © 2009 eSage Lab www.esagelab.com Program version: 1.1.0.0 OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600) System volume is \\.\C: \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found) Done; Press any key to quit... Also my AV is not working right and is advising me to reinstall should I proceed?