Jump to content

jujuman

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks a bunch, Kenny! You're literally a lifesaver! Have fun with your girlfriend!
  2. Okay, things are looking pretty clean, I think. Here's the log: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=c2f8c0a84c60df48b3824845157591c2 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-10-24 07:38:11 # local_time=2010-10-24 12:38:11 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=769 16774142 0 1 0 0 0 0 # compatibility_mode=3584 16777191 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=129876 # found=0 # cleaned=0 # scan_time=6739
  3. Okay, here it's the log: ComboFix 10-10-22.05 - Compaq_Owner 10/23/2010 18:11:17.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1470.819 [GMT -7:00] Running from: d:\downloads\ComboFix.exe AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . E:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 ((((((((((((((((((((((((( Files Created from 2010-09-24 to 2010-10-24 ))))))))))))))))))))))))))))))) . 2010-10-24 01:07 . 2010-10-24 01:07 -------- d-----w- c:\windows\system32\LogFiles 2010-10-22 02:57 . 2010-10-22 02:57 -------- d-----w- c:\program files\Glary Utilities 2010-10-21 14:31 . 2010-10-21 14:31 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2010-10-21 14:31 . 2010-10-21 14:31 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-10-21 14:31 . 2010-10-21 14:31 -------- d-----w- c:\program files\Symantec 2010-10-21 14:29 . 2010-10-21 14:29 -------- d-----w- c:\windows\system32\drivers\NIS 2010-10-21 14:29 . 2010-10-21 14:29 -------- d-----w- c:\program files\Norton Internet Security 2010-10-21 14:29 . 2010-10-21 14:29 -------- d-----w- c:\program files\Windows Sidebar 2010-10-21 14:29 . 2010-10-21 14:29 -------- d-----w- c:\program files\NortonInstaller 2010-10-21 01:03 . 2010-10-21 01:03 -------- d-----w- c:\documents and settings\Administrator 2010-10-19 18:53 . 2010-10-19 18:53 48640 ----a-w- c:\windows\system32\ANPD64.SYS 2010-10-19 18:53 . 2010-10-19 18:53 34008 ----a-w- c:\windows\system32\ANPD.VXD 2010-10-19 18:53 . 2010-10-19 18:53 315392 ----a-w- c:\windows\system32\ANPDApi.dll 2010-10-19 18:53 . 2010-10-19 18:53 29411 ----a-w- c:\windows\system32\ANPD.SYS 2010-10-19 18:52 . 2009-09-15 21:09 779136 ----a-w- c:\windows\system32\drivers\Drt2870.sys 2010-10-19 18:52 . 2009-09-15 21:08 221184 ----a-w- c:\windows\system32\RaCoInst.dll 2010-10-19 18:52 . 2010-10-19 18:52 -------- d-----w- c:\program files\D-Link 2010-10-11 22:32 . 2010-10-11 22:32 -------- d-----w- c:\windows\ServicePackFiles 2010-10-11 22:31 . 2010-10-11 22:31 -------- d-----w- c:\program files\MSXML 4.0 2010-10-11 06:09 . 2010-10-11 06:09 -------- d-s---w- c:\documents and settings\NetworkService\UserData 2010-10-10 19:48 . 2010-10-12 03:12 -------- d-----w- c:\windows\Sun 2010-10-10 19:45 . 2010-10-10 19:45 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-10-10 19:45 . 2010-10-10 19:45 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-10-10 17:38 . 2010-10-10 17:38 -------- d-----w- c:\program files\VideoLAN 2010-10-10 10:22 . 2010-10-10 10:42 -------- d-----w- c:\windows\system32\CatRoot_bak 2010-10-10 10:16 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys 2010-10-10 01:12 . 2010-10-10 01:12 -------- d-----w- c:\program files\LastPass 2010-10-10 00:41 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-10 00:41 . 2010-10-19 19:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-10 00:41 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-10 00:21 . 2010-10-10 00:21 -------- d-----w- c:\program files\Alwil Software 2010-10-10 00:20 . 2004-08-04 06:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2010-10-09 23:57 . 2010-10-09 23:57 -------- d-----w- c:\program files\VS Revo Group 2010-10-09 19:05 . 2003-04-10 10:44 636502 ----a-r- c:\windows\system32\drivers\PRISMUSB.sys 2010-10-09 18:57 . 2010-10-24 01:18 -------- d-----w- c:\documents and settings\Compaq_Owner 2010-10-09 18:57 . 2006-05-20 03:04 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS 2010-10-09 18:56 . 2006-05-20 03:04 -------- d-----w- c:\documents and settings\Default User\WINDOWS 2010-10-09 18:53 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2010-10-09 18:53 . 2004-08-04 05:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2010-10-09 18:53 . 2001-08-17 21:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys 2010-10-09 18:40 . 2010-10-10 17:30 -------- d-----r- c:\documents and settings\All Users\Documents 2010-10-09 18:37 . 2010-10-11 22:40 -------- d-sh--r- c:\windows\system32\dllcache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856] "HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "D-Link D-Link DWA-125"="c:\program files\D-Link\DWA-125 revA\AirGCFG.exe" [2009-10-20 995328] "WZCSLDR2"="c:\program files\D-Link\DWA-125 revA\WZCSLDR2.exe" [2009-10-20 122880] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-19 27136] c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\Compaq_Owner\Application Data\Dropbox\bin\Dropbox.exe [2010-2-25 21979992] c:\documents and settings\Default User\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-19 27136] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"= "c:\\Documents and Settings\\Compaq_Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"= R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1201000.025\SymDS.sys [10/21/2010 7:30 AM 339504] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1201000.025\SymEFA.sys [10/21/2010 7:30 AM 666672] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [8/31/2010 3:57 PM 692272] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1201000.025\Ironx86.sys [10/21/2010 7:30 AM 134704] R2 ANPD;ANPD Service;c:\windows\system32\ANPD.SYS [10/19/2010 11:53 AM 29411] R2 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:\program files\D-Link\DWA-125 revA\ANIWConnService.exe [10/19/2010 11:52 AM 40960] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/9/2010 5:41 PM 304464] R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [10/21/2010 7:30 AM 126904] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/21/2010 7:36 AM 102448] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101021.003\IDSXpx86.sys [10/23/2010 10:27 AM 341880] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/9/2010 5:41 PM 20952] S2 D_Link_DWA-125;D_Link_DWA-125 Service;c:\program files\D-Link\DWA-125 revA\ANIWZCSdS.exe [10/19/2010 11:52 AM 126976] S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [10/9/2010 12:05 PM 636502] . Contents of the 'Scheduled Tasks' folder 2010-10-24 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2010-10-22 04:55] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6f0meohk.default\ FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll FF - component: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6f0meohk.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-10-23 18:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(716) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2972) c:\documents and settings\Compaq_Owner\Application Data\Dropbox\bin\DropboxExt.13.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\brss01a.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe . ************************************************************************** . Completion time: 2010-10-23 18:24:07 - machine was rebooted ComboFix-quarantined-files.txt 2010-10-24 01:24 Pre-Run: 479,198,150,656 bytes free Post-Run: 479,274,348,544 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 8FC1048C1F72FB41E380286594EE327A
  4. Thanks a bunch, Kenny! Here is the TDSSKiller log: 2010/10/23 17:40:02.0140 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59 2010/10/23 17:40:02.0140 ================================================================================ 2010/10/23 17:40:02.0140 SystemInfo: 2010/10/23 17:40:02.0140 2010/10/23 17:40:02.0140 OS Version: 5.1.2600 ServicePack: 2.0 2010/10/23 17:40:02.0140 Product type: Workstation 2010/10/23 17:40:02.0140 ComputerName: YOUR-D0F670B45A 2010/10/23 17:40:02.0140 UserName: Compaq_Owner 2010/10/23 17:40:02.0140 Windows directory: C:\WINDOWS 2010/10/23 17:40:02.0140 System windows directory: C:\WINDOWS 2010/10/23 17:40:02.0140 Processor architecture: Intel x86 2010/10/23 17:40:02.0140 Number of processors: 1 2010/10/23 17:40:02.0140 Page size: 0x1000 2010/10/23 17:40:02.0140 Boot type: Normal boot 2010/10/23 17:40:02.0140 ================================================================================ 2010/10/23 17:40:02.0796 Initialize success 2010/10/23 17:40:06.0453 ================================================================================ 2010/10/23 17:40:06.0453 Scan started 2010/10/23 17:40:06.0453 Mode: Manual; 2010/10/23 17:40:06.0453 ================================================================================ 2010/10/23 17:40:07.0828 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/10/23 17:40:07.0921 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/10/23 17:40:08.0015 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys 2010/10/23 17:40:08.0109 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys 2010/10/23 17:40:08.0187 AgereSoftModem (994a42d273c35b43ee9d1e8a5d8bc639) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 2010/10/23 17:40:08.0468 ANPD (d33b28d9ed695ccf9520d70d825f9d85) C:\WINDOWS\system32\ANPD.sys 2010/10/23 17:40:08.0687 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/10/23 17:40:08.0765 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/10/23 17:40:08.0937 ati2mtag (8a1a80ef7455244530b117eead8a427f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2010/10/23 17:40:09.0031 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/10/23 17:40:09.0093 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/10/23 17:40:09.0140 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys 2010/10/23 17:40:09.0218 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/10/23 17:40:09.0453 BHDrvx86 (5138da8715da5f9823b753b6cb36a9a9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101001.001\BHDrvx86.sys 2010/10/23 17:40:09.0656 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/10/23 17:40:09.0796 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/10/23 17:40:09.0843 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/10/23 17:40:09.0890 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/10/23 17:40:10.0265 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/10/23 17:40:10.0421 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys 2010/10/23 17:40:10.0515 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys 2010/10/23 17:40:10.0562 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/10/23 17:40:10.0671 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 2010/10/23 17:40:10.0812 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/10/23 17:40:10.0984 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 2010/10/23 17:40:11.0078 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 2010/10/23 17:40:11.0218 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/10/23 17:40:11.0343 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys 2010/10/23 17:40:11.0453 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys 2010/10/23 17:40:11.0500 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys 2010/10/23 17:40:11.0562 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2010/10/23 17:40:11.0625 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/10/23 17:40:11.0671 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/10/23 17:40:11.0843 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys 2010/10/23 17:40:11.0906 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/10/23 17:40:12.0000 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2010/10/23 17:40:12.0078 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/10/23 17:40:12.0171 HTTP (bfb7b73c942e816c4fb4a5a7bae87136) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/10/23 17:40:12.0343 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/10/23 17:40:12.0421 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys 2010/10/23 17:40:12.0625 IDSxpx86 (74e8463447101ecf0165ddc7e5168b7e) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101021.003\IDSxpx86.sys 2010/10/23 17:40:12.0734 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/10/23 17:40:12.0968 IntcAzAudAddService (64be56b8858ca0153c725c720ffd194f) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2010/10/23 17:40:13.0078 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys 2010/10/23 17:40:13.0156 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/10/23 17:40:13.0250 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2010/10/23 17:40:13.0296 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/10/23 17:40:13.0343 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/10/23 17:40:13.0375 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/10/23 17:40:13.0421 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/10/23 17:40:13.0468 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/10/23 17:40:13.0531 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/10/23 17:40:13.0593 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/10/23 17:40:13.0656 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2010/10/23 17:40:13.0703 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys 2010/10/23 17:40:13.0765 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/10/23 17:40:14.0015 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys 2010/10/23 17:40:14.0093 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/10/23 17:40:14.0328 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys 2010/10/23 17:40:14.0390 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/10/23 17:40:14.0468 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/10/23 17:40:14.0562 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/10/23 17:40:14.0687 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/10/23 17:40:14.0937 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/10/23 17:40:15.0046 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 2010/10/23 17:40:15.0218 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/10/23 17:40:15.0296 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/10/23 17:40:15.0406 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/10/23 17:40:15.0515 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/10/23 17:40:15.0671 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 2010/10/23 17:40:15.0859 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101023.004\NAVENG.SYS 2010/10/23 17:40:16.0015 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101023.004\NAVEX15.SYS 2010/10/23 17:40:16.0156 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 2010/10/23 17:40:16.0218 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/10/23 17:40:16.0281 Ndisuio (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/10/23 17:40:16.0312 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/10/23 17:40:16.0390 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/10/23 17:40:16.0468 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/10/23 17:40:16.0531 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/10/23 17:40:16.0625 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 2010/10/23 17:40:16.0687 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/10/23 17:40:16.0765 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/10/23 17:40:16.0828 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/10/23 17:40:16.0859 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/10/23 17:40:16.0906 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys 2010/10/23 17:40:16.0984 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/10/23 17:40:17.0031 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/10/23 17:40:17.0187 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/10/23 17:40:17.0265 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/10/23 17:40:17.0296 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/10/23 17:40:17.0703 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/10/23 17:40:17.0859 PRISM_USB (d5e90cd0e51130e0a1c3fec82684fb7d) C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys 2010/10/23 17:40:17.0937 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/10/23 17:40:17.0968 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/10/23 17:40:18.0015 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/10/23 17:40:18.0250 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/10/23 17:40:18.0296 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/10/23 17:40:18.0343 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/10/23 17:40:18.0421 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/10/23 17:40:18.0546 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/10/23 17:40:18.0609 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/10/23 17:40:18.0703 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/10/23 17:40:19.0031 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/10/23 17:40:19.0250 rt2870 (ad0bad5d585afc1cb1cd5eafcae50ed4) C:\WINDOWS\system32\DRIVERS\Drt2870.sys 2010/10/23 17:40:19.0328 RTL8023xp (7988bfe882bcd94199225b5c3482f1bd) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 2010/10/23 17:40:19.0406 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2010/10/23 17:40:19.0500 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/10/23 17:40:19.0578 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys 2010/10/23 17:40:19.0625 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/10/23 17:40:19.0734 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys 2010/10/23 17:40:19.0796 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/10/23 17:40:19.0890 SRTSP (d0ab8e989935d895f1bed8f607fa0948) C:\WINDOWS\system32\drivers\NIS\1201000.025\SRTSP.SYS 2010/10/23 17:40:19.0953 SRTSPX (fae9f5558a1f53670e579f9ffb4a67cc) C:\WINDOWS\system32\drivers\NIS\1201000.025\SRTSPX.SYS 2010/10/23 17:40:20.0015 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/10/23 17:40:20.0093 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/10/23 17:40:20.0125 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 2010/10/23 17:40:20.0296 SymDS (67e83f8c7e80dc898a1d73b38412ba7a) C:\WINDOWS\system32\drivers\NIS\1201000.025\SYMDS.SYS 2010/10/23 17:40:20.0359 SymEFA (3986a8de371e985ba6c82eb8da3b1e98) C:\WINDOWS\system32\drivers\NIS\1201000.025\SYMEFA.SYS 2010/10/23 17:40:20.0468 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 2010/10/23 17:40:20.0562 SymIRON (8ae632773b5192dce48f4ec8de753863) C:\WINDOWS\system32\drivers\NIS\1201000.025\Ironx86.SYS 2010/10/23 17:40:20.0609 SYMTDI (34ff2368b7914d1b29d16aba865e982d) C:\WINDOWS\system32\drivers\NIS\1201000.025\SYMTDI.SYS 2010/10/23 17:40:20.0765 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/10/23 17:40:20.0875 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/10/23 17:40:20.0953 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/10/23 17:40:21.0062 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/10/23 17:40:21.0125 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/10/23 17:40:21.0234 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 2010/10/23 17:40:21.0343 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys 2010/10/23 17:40:21.0437 usbehci (7481d843e672b51039b7e8a161b746b8) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/10/23 17:40:21.0484 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/10/23 17:40:21.0531 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2010/10/23 17:40:21.0609 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/10/23 17:40:21.0656 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/10/23 17:40:21.0718 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/10/23 17:40:21.0781 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 2010/10/23 17:40:21.0828 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys 2010/10/23 17:40:21.0859 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/10/23 17:40:21.0921 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/10/23 17:40:22.0000 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/10/23 17:40:22.0203 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0) 2010/10/23 17:40:22.0296 ================================================================================ 2010/10/23 17:40:22.0296 Scan finished 2010/10/23 17:40:22.0296 ================================================================================ 2010/10/23 17:40:22.0328 Detected object count: 1 2010/10/23 17:40:48.0312 \HardDisk0\MBR - will be cured after reboot 2010/10/23 17:40:48.0312 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure 2010/10/23 17:41:10.0140 Deinitialize success
  5. I think I have acquired the virus from hell. About three weeks ago, a virus attacked my computer with the following symptoms: 1) redirecting Firebox pages and popups 2) freezing my taskbar and not allowing me to open Task Manager 3) preventing Windows from shutting down properly I tried Norton, Kaspersky, Avast, and Malwarebytes with no effect, and even when I reinstalled Windows from my recovery disks, the virus was still there. I opted to just buy a new hard drive, and reinstalled Windows from recovery disks onto this new drive (drive C). Unfortunately, either the virus is back, is on another hard drive that transported over (drive D), or I was unlucky enough to acquire it again somehow. The virus no longer freezes my taskbar or prevents Task Manager from opening, but it still redirects Firebox pages and often pops up new pages. Again, I've tried Norton, Kaspersky, Avast, and Malwarebytes (all with the newest virus definitions) with no effect. I've purchased the professional version of Malwarebytes, and popups of "Successfully blocked access to a potentially malicious website" are nearly constant. I have Norton installed and often it would warn me that "A recent attempt to attack your computer was blocked." I'm at the end of my rope. If anyone can help me, I would think you a genius because the virus has defeated everything! Thanks a bunch. I've gone through all the steps on the "I'm infected - What do I do now?" link. MBAM log: 13:47:10 Compaq_Owner MESSAGE Protection started successfully 13:47:23 Compaq_Owner MESSAGE IP Protection started successfully 13:49:21 Compaq_Owner IP-BLOCK 91.216.73.60 13:49:24 Compaq_Owner IP-BLOCK 91.216.73.60 13:49:30 Compaq_Owner IP-BLOCK 91.216.73.60 13:49:48 Compaq_Owner IP-BLOCK 91.216.73.61 13:49:51 Compaq_Owner IP-BLOCK 91.216.73.61 13:49:56 Compaq_Owner IP-BLOCK 91.216.73.61 13:50:09 Compaq_Owner IP-BLOCK 194.60.205.232 13:50:12 Compaq_Owner IP-BLOCK 194.60.205.232 13:50:18 Compaq_Owner IP-BLOCK 194.60.205.232 13:50:30 Compaq_Owner IP-BLOCK 194.60.205.233 13:50:33 Compaq_Owner IP-BLOCK 194.60.205.233 13:50:39 Compaq_Owner IP-BLOCK 194.60.205.233 13:50:52 Compaq_Owner IP-BLOCK 194.60.205.234 13:50:55 Compaq_Owner IP-BLOCK 194.60.205.234 13:51:00 Compaq_Owner IP-BLOCK 194.60.205.234 13:51:13 Compaq_Owner IP-BLOCK 91.216.73.60 13:51:16 Compaq_Owner IP-BLOCK 91.216.73.60 13:51:21 Compaq_Owner IP-BLOCK 91.216.73.60 13:51:34 Compaq_Owner IP-BLOCK 91.216.73.61 13:51:36 Compaq_Owner IP-BLOCK 91.216.73.61 13:51:43 Compaq_Owner IP-BLOCK 91.216.73.61 13:51:54 Compaq_Owner IP-BLOCK 194.60.205.232 13:51:57 Compaq_Owner IP-BLOCK 194.60.205.232 13:52:04 Compaq_Owner IP-BLOCK 194.60.205.232 13:52:16 Compaq_Owner IP-BLOCK 91.216.73.60 13:52:19 Compaq_Owner IP-BLOCK 91.216.73.60 13:52:25 Compaq_Owner IP-BLOCK 91.216.73.60 13:52:37 Compaq_Owner IP-BLOCK 194.60.205.233 13:52:40 Compaq_Owner IP-BLOCK 194.60.205.233 13:52:45 Compaq_Owner IP-BLOCK 194.60.205.233 13:52:58 Compaq_Owner IP-BLOCK 91.216.73.61 13:53:00 Compaq_Owner IP-BLOCK 91.216.73.61 13:53:07 Compaq_Owner IP-BLOCK 91.216.73.61 13:53:18 Compaq_Owner IP-BLOCK 194.60.205.234 13:53:21 Compaq_Owner IP-BLOCK 194.60.205.234 13:53:28 Compaq_Owner IP-BLOCK 194.60.205.234 13:53:39 Compaq_Owner IP-BLOCK 194.60.205.232 13:53:43 Compaq_Owner IP-BLOCK 194.60.205.232 13:53:49 Compaq_Owner IP-BLOCK 194.60.205.232 13:54:01 Compaq_Owner IP-BLOCK 194.60.205.233 13:54:04 Compaq_Owner IP-BLOCK 194.60.205.233 13:54:09 Compaq_Owner IP-BLOCK 194.60.205.233 13:54:24 Compaq_Owner IP-BLOCK 194.60.205.234 13:54:27 Compaq_Owner IP-BLOCK 194.60.205.234 13:54:33 Compaq_Owner IP-BLOCK 194.60.205.234 13:54:45 Compaq_Owner IP-BLOCK 91.216.73.60 13:54:48 Compaq_Owner IP-BLOCK 91.216.73.60 13:54:54 Compaq_Owner IP-BLOCK 91.216.73.60 13:55:06 Compaq_Owner IP-BLOCK 91.216.73.60 13:55:09 Compaq_Owner IP-BLOCK 91.216.73.60 13:55:15 Compaq_Owner IP-BLOCK 91.216.73.60 13:55:27 Compaq_Owner IP-BLOCK 91.216.73.61 13:55:30 Compaq_Owner IP-BLOCK 91.216.73.61 13:55:36 Compaq_Owner IP-BLOCK 91.216.73.61 13:55:48 Compaq_Owner IP-BLOCK 91.216.73.61 13:55:51 Compaq_Owner IP-BLOCK 91.216.73.61 13:55:57 Compaq_Owner IP-BLOCK 91.216.73.61 13:56:09 Compaq_Owner IP-BLOCK 91.216.73.60 13:56:12 Compaq_Owner IP-BLOCK 91.216.73.60 13:56:18 Compaq_Owner IP-BLOCK 91.216.73.60 13:56:30 Compaq_Owner IP-BLOCK 194.60.205.232 13:56:33 Compaq_Owner IP-BLOCK 194.60.205.232 13:56:39 Compaq_Owner IP-BLOCK 194.60.205.232 13:56:45 Compaq_Owner IP-BLOCK 62.122.75.136 13:56:48 Compaq_Owner IP-BLOCK 62.122.75.136 13:56:51 Compaq_Owner IP-BLOCK 194.60.205.232 13:56:54 Compaq_Owner IP-BLOCK 62.122.75.136 13:56:54 Compaq_Owner IP-BLOCK 194.60.205.232 13:57:00 Compaq_Owner IP-BLOCK 194.60.205.232 13:57:06 Compaq_Owner IP-BLOCK 62.122.75.136 13:57:09 Compaq_Owner IP-BLOCK 62.122.75.136 13:57:12 Compaq_Owner IP-BLOCK 91.216.73.61 13:57:15 Compaq_Owner IP-BLOCK 62.122.75.136 13:57:15 Compaq_Owner IP-BLOCK 91.216.73.61 13:57:21 Compaq_Owner IP-BLOCK 91.216.73.61 13:57:27 Compaq_Owner IP-BLOCK 62.122.75.138 13:57:30 Compaq_Owner IP-BLOCK 62.122.75.138 13:57:33 Compaq_Owner IP-BLOCK 194.60.205.233 13:57:36 Compaq_Owner IP-BLOCK 194.60.205.233 13:57:42 Compaq_Owner IP-BLOCK 194.60.205.233 13:57:54 Compaq_Owner IP-BLOCK 194.60.205.233 13:57:57 Compaq_Owner IP-BLOCK 194.60.205.233 13:58:03 Compaq_Owner IP-BLOCK 194.60.205.233 13:58:15 Compaq_Owner IP-BLOCK 91.216.73.60 13:58:18 Compaq_Owner IP-BLOCK 91.216.73.60 13:58:24 Compaq_Owner IP-BLOCK 91.216.73.60 13:58:36 Compaq_Owner IP-BLOCK 194.60.205.232 13:58:39 Compaq_Owner IP-BLOCK 194.60.205.232 13:58:45 Compaq_Owner IP-BLOCK 194.60.205.232 13:58:57 Compaq_Owner IP-BLOCK 194.60.205.234 13:59:00 Compaq_Owner IP-BLOCK 194.60.205.234 13:59:06 Compaq_Owner IP-BLOCK 194.60.205.234 13:59:18 Compaq_Owner IP-BLOCK 194.60.205.234 13:59:21 Compaq_Owner IP-BLOCK 194.60.205.234 13:59:27 Compaq_Owner IP-BLOCK 194.60.205.234 13:59:39 Compaq_Owner IP-BLOCK 91.216.73.60 13:59:42 Compaq_Owner IP-BLOCK 91.216.73.60 13:59:47 Compaq_Owner IP-BLOCK 91.212.226.6 13:59:48 Compaq_Owner IP-BLOCK 91.216.73.60 13:59:50 Compaq_Owner IP-BLOCK 91.212.226.6 13:59:56 Compaq_Owner IP-BLOCK 91.212.226.6 14:00:00 Compaq_Owner IP-BLOCK 91.216.73.61 14:00:03 Compaq_Owner IP-BLOCK 91.216.73.61 14:00:09 Compaq_Owner IP-BLOCK 91.216.73.61 14:00:21 Compaq_Owner IP-BLOCK 194.60.205.233 14:00:24 Compaq_Owner IP-BLOCK 194.60.205.233 14:00:30 Compaq_Owner IP-BLOCK 194.60.205.233 14:00:42 Compaq_Owner IP-BLOCK 91.216.73.60 14:00:45 Compaq_Owner IP-BLOCK 91.216.73.60 14:00:51 Compaq_Owner IP-BLOCK 91.216.73.60 14:01:03 Compaq_Owner IP-BLOCK 91.216.73.61 14:01:06 Compaq_Owner IP-BLOCK 91.216.73.61 14:01:12 Compaq_Owner IP-BLOCK 91.216.73.61 14:01:24 Compaq_Owner IP-BLOCK 91.216.73.60 14:01:27 Compaq_Owner IP-BLOCK 91.216.73.60 14:01:33 Compaq_Owner IP-BLOCK 91.216.73.60 14:01:45 Compaq_Owner IP-BLOCK 194.60.205.232 14:01:48 Compaq_Owner IP-BLOCK 194.60.205.232 14:01:54 Compaq_Owner IP-BLOCK 194.60.205.232 14:02:06 Compaq_Owner IP-BLOCK 194.60.205.234 14:02:09 Compaq_Owner IP-BLOCK 194.60.205.234 14:02:15 Compaq_Owner IP-BLOCK 194.60.205.234 14:02:29 Compaq_Owner IP-BLOCK 91.216.73.61 14:02:32 Compaq_Owner IP-BLOCK 91.216.73.61 14:02:38 Compaq_Owner IP-BLOCK 91.216.73.61 14:02:50 Compaq_Owner IP-BLOCK 194.60.205.232 14:02:53 Compaq_Owner IP-BLOCK 194.60.205.232 14:02:59 Compaq_Owner IP-BLOCK 194.60.205.232 14:03:11 Compaq_Owner IP-BLOCK 91.216.73.61 14:03:14 Compaq_Owner IP-BLOCK 91.216.73.61 14:03:20 Compaq_Owner IP-BLOCK 91.216.73.61 14:03:32 Compaq_Owner IP-BLOCK 194.60.205.233 14:03:35 Compaq_Owner IP-BLOCK 194.60.205.233 14:03:41 Compaq_Owner IP-BLOCK 194.60.205.233 14:03:53 Compaq_Owner IP-BLOCK 91.216.73.60 14:03:56 Compaq_Owner IP-BLOCK 91.216.73.60 14:04:02 Compaq_Owner IP-BLOCK 91.216.73.60 14:04:14 Compaq_Owner IP-BLOCK 194.60.205.232 14:04:17 Compaq_Owner IP-BLOCK 194.60.205.232 14:04:23 Compaq_Owner IP-BLOCK 194.60.205.232 14:04:35 Compaq_Owner IP-BLOCK 194.60.205.233 14:04:38 Compaq_Owner IP-BLOCK 194.60.205.233 14:04:44 Compaq_Owner IP-BLOCK 194.60.205.233 14:04:56 Compaq_Owner IP-BLOCK 194.60.205.232 14:04:59 Compaq_Owner IP-BLOCK 194.60.205.232 14:05:05 Compaq_Owner IP-BLOCK 194.60.205.232 14:05:17 Compaq_Owner IP-BLOCK 194.60.205.234 14:05:20 Compaq_Owner IP-BLOCK 194.60.205.234 14:05:26 Compaq_Owner IP-BLOCK 194.60.205.234 14:05:38 Compaq_Owner IP-BLOCK 91.216.73.61 14:05:41 Compaq_Owner IP-BLOCK 91.216.73.61 14:05:47 Compaq_Owner IP-BLOCK 91.216.73.61 14:05:59 Compaq_Owner IP-BLOCK 194.60.205.233 14:06:02 Compaq_Owner IP-BLOCK 194.60.205.233 14:06:08 Compaq_Owner IP-BLOCK 194.60.205.233 14:06:20 Compaq_Owner IP-BLOCK 194.60.205.234 14:06:23 Compaq_Owner IP-BLOCK 194.60.205.234 14:06:29 Compaq_Owner IP-BLOCK 194.60.205.234 14:06:41 Compaq_Owner IP-BLOCK 194.60.205.233 14:06:44 Compaq_Owner IP-BLOCK 194.60.205.233 14:06:50 Compaq_Owner IP-BLOCK 194.60.205.233 14:07:02 Compaq_Owner IP-BLOCK 91.216.73.60 14:07:05 Compaq_Owner IP-BLOCK 91.216.73.60 14:07:11 Compaq_Owner IP-BLOCK 91.216.73.60 14:07:23 Compaq_Owner IP-BLOCK 194.60.205.232 14:07:26 Compaq_Owner IP-BLOCK 194.60.205.232 14:07:32 Compaq_Owner IP-BLOCK 194.60.205.232 14:07:44 Compaq_Owner IP-BLOCK 194.60.205.234 14:07:47 Compaq_Owner IP-BLOCK 194.60.205.234 14:07:53 Compaq_Owner IP-BLOCK 194.60.205.234 14:08:05 Compaq_Owner IP-BLOCK 91.216.73.60 14:08:08 Compaq_Owner IP-BLOCK 91.216.73.60 14:08:14 Compaq_Owner IP-BLOCK 91.216.73.60 14:08:26 Compaq_Owner IP-BLOCK 194.60.205.234 14:08:29 Compaq_Owner IP-BLOCK 194.60.205.234 14:08:36 Compaq_Owner IP-BLOCK 194.60.205.234 14:08:47 Compaq_Owner IP-BLOCK 91.216.73.61 14:08:51 Compaq_Owner IP-BLOCK 91.216.73.61 14:08:57 Compaq_Owner IP-BLOCK 91.216.73.61 14:09:09 Compaq_Owner IP-BLOCK 194.60.205.233 14:09:12 Compaq_Owner IP-BLOCK 194.60.205.233 14:09:18 Compaq_Owner IP-BLOCK 194.60.205.233 14:09:30 Compaq_Owner IP-BLOCK 91.216.73.61 14:09:33 Compaq_Owner IP-BLOCK 91.216.73.61 14:09:38 Compaq_Owner IP-BLOCK 91.216.73.61 14:09:51 Compaq_Owner IP-BLOCK 91.216.73.60 14:09:53 Compaq_Owner IP-BLOCK 91.216.73.60 14:10:00 Compaq_Owner IP-BLOCK 91.216.73.60 14:10:08 Compaq_Owner IP-BLOCK 193.27.232.75 14:10:11 Compaq_Owner IP-BLOCK 193.27.232.75 14:10:11 Compaq_Owner IP-BLOCK 91.216.73.60 14:10:14 Compaq_Owner IP-BLOCK 91.216.73.60 14:10:17 Compaq_Owner IP-BLOCK 193.27.232.75 14:10:21 Compaq_Owner IP-BLOCK 91.216.73.60 14:10:33 Compaq_Owner IP-BLOCK 194.60.205.232 14:10:36 Compaq_Owner IP-BLOCK 194.60.205.232 14:10:42 Compaq_Owner IP-BLOCK 194.60.205.232 14:10:54 Compaq_Owner IP-BLOCK 91.216.73.60 14:10:57 Compaq_Owner IP-BLOCK 91.216.73.60 14:11:03 Compaq_Owner IP-BLOCK 91.216.73.60 14:11:15 Compaq_Owner IP-BLOCK 91.216.73.60 14:11:18 Compaq_Owner IP-BLOCK 91.216.73.60 14:11:24 Compaq_Owner IP-BLOCK 91.216.73.60 14:11:36 Compaq_Owner IP-BLOCK 194.60.205.234 14:11:39 Compaq_Owner IP-BLOCK 194.60.205.234 14:11:45 Compaq_Owner IP-BLOCK 194.60.205.234 14:11:57 Compaq_Owner IP-BLOCK 194.60.205.232 14:12:00 Compaq_Owner IP-BLOCK 194.60.205.232 14:12:06 Compaq_Owner IP-BLOCK 194.60.205.232 14:12:18 Compaq_Owner IP-BLOCK 91.216.73.61 14:12:21 Compaq_Owner IP-BLOCK 91.216.73.61 14:12:27 Compaq_Owner IP-BLOCK 91.216.73.61 14:12:39 Compaq_Owner IP-BLOCK 91.216.73.61 14:12:42 Compaq_Owner IP-BLOCK 91.216.73.61 14:12:48 Compaq_Owner IP-BLOCK 91.216.73.61 14:13:00 Compaq_Owner IP-BLOCK 194.60.205.233 14:13:03 Compaq_Owner IP-BLOCK 194.60.205.233 14:13:09 Compaq_Owner IP-BLOCK 194.60.205.233 14:13:21 Compaq_Owner IP-BLOCK 91.216.73.61 14:13:24 Compaq_Owner IP-BLOCK 91.216.73.61 14:13:30 Compaq_Owner IP-BLOCK 91.216.73.61 14:13:42 Compaq_Owner IP-BLOCK 91.216.73.60 14:13:45 Compaq_Owner IP-BLOCK 91.216.73.60 14:13:51 Compaq_Owner IP-BLOCK 91.216.73.60 14:14:03 Compaq_Owner IP-BLOCK 91.216.73.60 14:14:06 Compaq_Owner IP-BLOCK 91.216.73.60 14:14:12 Compaq_Owner IP-BLOCK 91.216.73.60 14:14:24 Compaq_Owner IP-BLOCK 91.216.73.61 14:14:27 Compaq_Owner IP-BLOCK 91.216.73.61 14:14:33 Compaq_Owner IP-BLOCK 91.216.73.61 14:14:45 Compaq_Owner IP-BLOCK 194.60.205.233 14:14:48 Compaq_Owner IP-BLOCK 194.60.205.233 14:14:54 Compaq_Owner IP-BLOCK 194.60.205.233 14:15:06 Compaq_Owner IP-BLOCK 194.60.205.232 14:15:09 Compaq_Owner IP-BLOCK 194.60.205.232 14:15:15 Compaq_Owner IP-BLOCK 194.60.205.232 14:15:27 Compaq_Owner IP-BLOCK 194.60.205.232 14:15:30 Compaq_Owner IP-BLOCK 194.60.205.232 14:15:36 Compaq_Owner IP-BLOCK 194.60.205.232 14:15:48 Compaq_Owner IP-BLOCK 194.60.205.234 14:15:51 Compaq_Owner IP-BLOCK 194.60.205.234 14:15:57 Compaq_Owner IP-BLOCK 194.60.205.234 14:16:09 Compaq_Owner IP-BLOCK 194.60.205.232 14:16:12 Compaq_Owner IP-BLOCK 194.60.205.232 14:16:18 Compaq_Owner IP-BLOCK 194.60.205.232 14:16:30 Compaq_Owner IP-BLOCK 91.216.73.61 14:16:39 Compaq_Owner IP-BLOCK 91.216.73.61 14:16:51 Compaq_Owner IP-BLOCK 91.216.73.61 14:16:54 Compaq_Owner IP-BLOCK 91.216.73.61 14:17:00 Compaq_Owner IP-BLOCK 91.216.73.61 14:17:12 Compaq_Owner IP-BLOCK 194.60.205.232 14:17:15 Compaq_Owner IP-BLOCK 194.60.205.232 14:17:21 Compaq_Owner IP-BLOCK 194.60.205.232 14:17:33 Compaq_Owner IP-BLOCK 194.60.205.234 14:17:36 Compaq_Owner IP-BLOCK 194.60.205.234 14:17:42 Compaq_Owner IP-BLOCK 194.60.205.234 14:17:55 Compaq_Owner IP-BLOCK 194.60.205.233 14:17:57 Compaq_Owner IP-BLOCK 194.60.205.233 14:18:04 Compaq_Owner IP-BLOCK 194.60.205.233 14:18:15 Compaq_Owner IP-BLOCK 194.60.205.233 14:18:18 Compaq_Owner IP-BLOCK 194.60.205.233 14:18:25 Compaq_Owner IP-BLOCK 194.60.205.233 14:18:37 Compaq_Owner IP-BLOCK 194.60.205.233 14:18:40 Compaq_Owner IP-BLOCK 194.60.205.233 14:18:45 Compaq_Owner IP-BLOCK 194.60.205.233 14:18:57 Compaq_Owner IP-BLOCK 194.60.205.232 14:19:01 Compaq_Owner IP-BLOCK 194.60.205.232 14:19:07 Compaq_Owner IP-BLOCK 194.60.205.232 14:19:18 Compaq_Owner IP-BLOCK 194.60.205.232 14:19:22 Compaq_Owner IP-BLOCK 194.60.205.232 14:19:28 Compaq_Owner IP-BLOCK 194.60.205.232 14:19:40 Compaq_Owner IP-BLOCK 194.60.205.233 14:19:43 Compaq_Owner IP-BLOCK 194.60.205.233 14:19:49 Compaq_Owner IP-BLOCK 194.60.205.233 14:20:01 Compaq_Owner IP-BLOCK 194.60.205.234 14:20:04 Compaq_Owner IP-BLOCK 194.60.205.234 14:20:10 Compaq_Owner IP-BLOCK 194.60.205.234 21:07:35 (null) MESSAGE Protection started successfully 21:07:50 Compaq_Owner MESSAGE IP Protection started successfully DDS log: DDS (Ver_10-10-21.02) - NTFSx86 Run by Compaq_Owner at 15:28:32.37 on Fri 10/22/2010 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_21 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1470.620 [GMT -7:00] AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\windows\system\hpsysdrv.exe C:\Documents and Settings\Compaq_Owner\Application Data\Dropbox\bin\Dropbox.exe D:\Downloads\sxk6j74p.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe D:\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.1.0.37\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.1.0.37\IPSBHO.DLL BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.1.0.37\coIEPlg.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [D-Link D-Link DWA-125] c:\program files\d-link\dwa-125 reva\AirGCFG.exe mRun: [WZCSLDR2] c:\program files\d-link\dwa-125 reva\WZCSLDR2.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\compaq_owner\application data\dropbox\bin\Dropbox.exe IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab Notify: AtiExtEvent - Ati2evxx.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\6f0meohk.default\ FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll FF - component: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\6f0meohk.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); ============= SERVICES / DRIVERS =============== R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1201000.025\SymDS.sys [2010-10-21 339504] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1201000.025\SymEFA.sys [2010-10-21 666672] R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20101001.001\BHDrvx86.sys [2010-8-31 692272] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1201000.025\Ironx86.sys [2010-10-21 134704] R2 ANPD;ANPD Service;c:\windows\system32\ANPD.SYS [2010-10-19 29411] R2 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:\program files\d-link\dwa-125 reva\ANIWConnService.exe [2010-10-19 40960] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-9 304464] R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.1.0.37\ccSvcHst.exe [2010-10-21 126904] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-21 102448] R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20101020.001\IDSXpx86.sys [2010-10-19 341880] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-9 20952] R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20101021.049\NAVENG.SYS [2010-10-22 86064] R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20101021.049\NAVEX15.SYS [2010-10-22 1371184] S2 D_Link_DWA-125;D_Link_DWA-125 Service;c:\program files\d-link\dwa-125 reva\ANIWZCSdS.exe [2010-10-19 126976] S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [2010-10-9 636502] S3 rt2870;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Drt2870.sys [2010-10-19 779136] =============== Created Last 30 ================ 2010-10-22 02:58:32 -------- d-----w- c:\docume~1\compaq~1\applic~1\GlarySoft 2010-10-22 02:57:05 -------- d-----w- c:\program files\Glary Utilities 2010-10-22 02:45:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools 2010-10-21 14:31:38 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2010-10-21 14:31:38 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-10-21 14:31:37 -------- d-----w- c:\program files\Symantec 2010-10-21 14:30:46 369072 ----a-r- c:\windows\system32\drivers\nis\1201000.025\symtdi.sys 2010-10-21 14:30:46 331312 ----a-r- c:\windows\system32\drivers\nis\1201000.025\symtdiv.sys 2010-10-21 14:30:46 294448 ----a-r- c:\windows\system32\drivers\nis\1201000.025\symnets.sys 2010-10-21 14:30:45 666672 ----a-r- c:\windows\system32\drivers\nis\1201000.025\SymEFA.sys 2010-10-21 14:30:45 50096 ----a-r- c:\windows\system32\drivers\nis\1201000.025\srtspx.sys 2010-10-21 14:30:45 489008 ----a-r- c:\windows\system32\drivers\nis\1201000.025\srtsp.sys 2010-10-21 14:30:45 339504 ----a-r- c:\windows\system32\drivers\nis\1201000.025\SymDS.sys 2010-10-21 14:30:44 134704 ----a-r- c:\windows\system32\drivers\nis\1201000.025\Ironx86.sys 2010-10-21 14:29:45 -------- d-----w- c:\windows\system32\drivers\nis\1201000.025 2010-10-21 14:29:45 -------- d-----w- c:\windows\system32\drivers\NIS 2010-10-21 14:29:39 -------- d-----w- c:\program files\Norton Internet Security 2010-10-21 14:29:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton 2010-10-21 14:29:04 -------- d-----w- c:\program files\NortonInstaller 2010-10-21 14:29:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller 2010-10-21 03:02:13 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Sunbelt Software 2010-10-21 02:58:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData 2010-10-19 18:53:06 48640 ----a-w- c:\windows\system32\ANPD64.SYS 2010-10-19 18:53:06 34008 ----a-w- c:\windows\system32\ANPD.VXD 2010-10-19 18:53:06 315392 ----a-w- c:\windows\system32\ANPDApi.dll 2010-10-19 18:53:06 29411 ----a-w- c:\windows\system32\ANPD.SYS 2010-10-19 18:52:09 779136 ----a-w- c:\windows\system32\drivers\Drt2870.sys 2010-10-19 18:52:08 221184 ----a-w- c:\windows\system32\RaCoInst.dll 2010-10-19 18:52:07 -------- d-----w- c:\program files\D-Link 2010-10-11 22:32:32 -------- d-----w- c:\windows\ServicePackFiles 2010-10-11 22:31:25 -------- d-----w- c:\program files\MSXML 4.0 2010-10-10 19:45:48 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-10-10 19:45:48 423656 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll 2010-10-10 19:45:47 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-10-10 17:38:27 -------- d-----w- c:\program files\VideoLAN 2010-10-10 10:22:41 -------- d-----w- c:\windows\system32\CatRoot_bak 2010-10-10 10:20:34 2137088 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-10-10 10:20:32 2181376 ------w- c:\windows\system32\dllcache\ntoskrnl.exe 2010-10-10 10:20:31 2016768 ------w- c:\windows\system32\dllcache\ntkrpamp.exe 2010-10-10 10:20:29 2058368 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe 2010-10-10 10:16:54 272128 ------w- c:\windows\system32\drivers\bthport.sys 2010-10-10 10:16:54 272128 ------w- c:\windows\system32\dllcache\bthport.sys 2010-10-10 10:15:29 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2010-10-10 10:00:42 -------- d-----w- c:\windows\system32\PreInstall 2010-10-10 06:48:25 -------- d-----w- c:\docume~1\compaq~1\applic~1\Enovy 2010-10-10 06:28:10 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Adobe 2010-10-10 06:17:49 -------- d-----w- c:\docume~1\compaq~1\applic~1\Aquwpu 2010-10-10 01:12:33 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\LastPass 2010-10-10 01:12:16 -------- d-----w- c:\program files\LastPass 2010-10-10 00:41:37 -------- d-----w- c:\docume~1\compaq~1\applic~1\Malwarebytes 2010-10-10 00:41:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-10 00:41:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-10-10 00:41:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-10 00:41:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-10 00:32:57 -------- d-----w- c:\windows\system32\SoftwareDistribution 2010-10-10 00:20:33 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2010-10-10 00:20:33 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys 2010-10-09 23:57:56 -------- d-----w- c:\program files\VS Revo Group 2010-10-09 23:47:44 -------- d-----w- c:\docume~1\compaq~1\applic~1\Dropbox 2010-10-09 23:44:06 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Mozilla 2010-10-09 19:07:50 -------- d-s---w- c:\documents and settings\compaq_owner\UserData 2010-10-09 19:05:17 -------- d-sh--r- C:\cmdcons 2010-10-09 19:05:16 -------- d-----w- c:\windows\setup.pss 2010-10-09 19:05:10 636502 ----a-r- c:\windows\system32\drivers\PRISMUSB.sys 2010-10-09 18:53:55 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2010-10-09 18:53:53 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2010-10-09 18:53:50 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys 2010-10-09 18:40:41 -------- d-----r- c:\documents and settings\all users\Documents 2010-10-09 18:40:04 -------- d-----r- c:\windows\Offline Web Pages 2010-10-09 18:37:58 -------- d-sh--r- c:\windows\system32\dllcache ==================== Find3M ==================== ============= FINISH: 15:29:50.42 =============== Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.