Hijacked1977

Thats exactly what I am getting. It won't go away

I keep getting a popup in Firefox from eekielovendal.org claiming to be an addon, google search does not return anything. Anybody know what it is?

Thanks Kenny, used for a few hours now and all looks well!

Kenny, I have tried a dozen different searches and have had no redirect! The numlock no longer comes on when reboot, and the search reply seems to be much faster. This is a 7 year old computer and very slow internet (download between 50-100k usually), so it has taken a lot of time. I thank you very much!!, I will continue to watch this overthe next few days. As part of the sticky I ran defogger, not sure it actually did anything.. I have this file trying to contact the internet: nikon\wireless\camera setup utility\nkplpenum.exe The Win32/Adware.WBug.A bug has me worried: What does it do? How long has it been there? Where did I get? (prob can't answer2 of 3) Looks like my wireless router has lost all protection, will need to work onthat I have another computer in the house, I will look at java and adobe, I suspect it may have something also, should I scan with something and start a new thread? Thanks Kenny!!!!!!!!!!!!!!

ok, here is the OTm log, it did have to reboot All processes killed ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== D:\AOL Instant Messenger\AIM.exe moved successfully. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\Frank\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\Frank\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Diane ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Frank ->Temp folder emptied: 2080584 bytes ->Temporary Internet Files folder emptied: 174085 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 44573395 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Halle ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Kayla ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Owner User: Riley ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 43670 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 45.00 mb Restore point Set: OTM Restore Point (0) OTM by OldTimer - Version 3.1.17.2 log created on 03132011_144211 Files moved on Reboot... Registry entries deleted on Reboot...

2 hours of scan time!!... ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6425 # api_version=3.0.2 # EOSSerial=aaa0b311616e65418c763c59419a8471 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-03-13 06:26:52 # local_time=2011-03-13 02:26:52 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=5121 16777189 100 75 4606913 12610590 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=123783 # found=1 # cleaned=0 # scan_time=6957 D:\AOL Instant Messenger\AIM.exe Win32/Adware.WBug.A application (unable to clean) 00000000000000000000000000000000 I Results of screen317's Security Check version 0.99.9 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! ESET Online Scanner v3 McAfee SecurityCenter ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java 6 Update 15 Out of date Java installed! Adobe Flash Player 10.2.152.26 Adobe Atmosphere Player for Acrobat and Adobe Reader Adobe Reader 7.1.0 Out of date Adobe Reader installed! Mozilla Firefox (3.6.8) ```````````````````````````````` Process Check: objlist.exe by Laurent ``````````End of Log````````````

tdskiller, then gooredfix 2011/03/13 11:59:59.0593 1924 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/03/13 12:00:00.0921 1924 ================================================================================ 2011/03/13 12:00:00.0921 1924 SystemInfo: 2011/03/13 12:00:00.0921 1924 2011/03/13 12:00:00.0921 1924 OS Version: 5.1.2600 ServicePack: 3.0 2011/03/13 12:00:00.0921 1924 Product type: Workstation 2011/03/13 12:00:00.0921 1924 ComputerName: VALUED-3253602F 2011/03/13 12:00:00.0921 1924 UserName: Frank 2011/03/13 12:00:00.0921 1924 Windows directory: C:\WINDOWS 2011/03/13 12:00:00.0921 1924 System windows directory: C:\WINDOWS 2011/03/13 12:00:00.0921 1924 Processor architecture: Intel x86 2011/03/13 12:00:00.0921 1924 Number of processors: 2 2011/03/13 12:00:00.0921 1924 Page size: 0x1000 2011/03/13 12:00:00.0921 1924 Boot type: Normal boot 2011/03/13 12:00:00.0921 1924 ================================================================================ 2011/03/13 12:00:01.0359 1924 Initialize success 2011/03/13 12:00:08.0484 2164 ================================================================================ 2011/03/13 12:00:08.0484 2164 Scan started 2011/03/13 12:00:08.0484 2164 Mode: Manual; 2011/03/13 12:00:08.0484 2164 ================================================================================ 2011/03/13 12:00:09.0734 2164 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/03/13 12:00:09.0812 2164 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/03/13 12:00:09.0953 2164 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys 2011/03/13 12:00:10.0046 2164 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/03/13 12:00:10.0156 2164 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/03/13 12:00:10.0234 2164 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys 2011/03/13 12:00:10.0343 2164 AgereSoftModem (f1a97570ea402493bcc22246e8141ae6) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 2011/03/13 12:00:10.0468 2164 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/03/13 12:00:10.0703 2164 ALCXWDM (18d0ae5bc1d09d55bd6837a409bb2ffc) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2011/03/13 12:00:10.0984 2164 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/03/13 12:00:11.0234 2164 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys 2011/03/13 12:00:11.0328 2164 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/03/13 12:00:11.0375 2164 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/03/13 12:00:11.0515 2164 ati2mtag (5c14ed10c8f55968ad87e2ed0df5a745) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/03/13 12:00:11.0625 2164 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/03/13 12:00:11.0703 2164 ATWPKT2 (6276b02b10e55ccbb2a23979ad345aa9) C:\WINDOWS\system32\drivers\ATWPKT2.SYS 2011/03/13 12:00:11.0796 2164 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/03/13 12:00:11.0875 2164 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/03/13 12:00:11.0953 2164 BEFCMV3XP (37536ccb9e3f60b125949d25a64068a5) C:\WINDOWS\system32\DRIVERS\BEFCM3XP.sys 2011/03/13 12:00:12.0046 2164 BMLoad (c9c78e00a21d3fe21ce5d81ba5b45e21) C:\WINDOWS\system32\drivers\BMLoad.sys 2011/03/13 12:00:12.0125 2164 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/03/13 12:00:12.0187 2164 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/03/13 12:00:12.0312 2164 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/03/13 12:00:12.0375 2164 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/03/13 12:00:12.0562 2164 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/03/13 12:00:12.0656 2164 cfwids (7e6f7da1c4de5680820f964562548949) C:\WINDOWS\system32\drivers\cfwids.sys 2011/03/13 12:00:12.0750 2164 CH341SER (a3e467ef4a30ccf8ae674ac879cc56fe) C:\WINDOWS\system32\Drivers\CH341SER.SYS 2011/03/13 12:00:13.0156 2164 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/03/13 12:00:13.0250 2164 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/03/13 12:00:13.0343 2164 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys 2011/03/13 12:00:13.0421 2164 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/03/13 12:00:13.0484 2164 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/03/13 12:00:13.0562 2164 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/03/13 12:00:13.0640 2164 Dot4 HPH11 (a93ae4414505a8095ec4820c4312b5df) C:\WINDOWS\system32\DRIVERS\hphid411.sys 2011/03/13 12:00:13.0734 2164 Dot4Print HPH11 (4f8681519ea48757148895811f2aa051) C:\WINDOWS\system32\DRIVERS\hphipr11.sys 2011/03/13 12:00:13.0812 2164 Dot4Usb HPH11 (c6608b2afb2567f0fa6b4bd8837f1660) C:\WINDOWS\system32\drivers\hphius11.sys 2011/03/13 12:00:13.0937 2164 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/03/13 12:00:14.0031 2164 E1000 (2476936f4994e9084ccfe75ed4f6226a) C:\WINDOWS\system32\DRIVERS\e1000325.sys 2011/03/13 12:00:14.0093 2164 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/03/13 12:00:14.0203 2164 EL90X (653394706ff5634f4b5180b8294badb1) C:\WINDOWS\system32\DRIVERS\el90xnd5.sys 2011/03/13 12:00:14.0312 2164 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/03/13 12:00:14.0390 2164 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/03/13 12:00:14.0453 2164 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/03/13 12:00:14.0531 2164 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/03/13 12:00:14.0593 2164 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/03/13 12:00:14.0671 2164 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/03/13 12:00:14.0765 2164 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/03/13 12:00:14.0859 2164 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 2011/03/13 12:00:15.0046 2164 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/03/13 12:00:15.0140 2164 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/03/13 12:00:15.0265 2164 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/03/13 12:00:15.0468 2164 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/03/13 12:00:15.0562 2164 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 2011/03/13 12:00:15.0640 2164 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/03/13 12:00:15.0796 2164 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/03/13 12:00:15.0875 2164 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/03/13 12:00:15.0968 2164 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/03/13 12:00:16.0046 2164 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/03/13 12:00:16.0125 2164 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/03/13 12:00:16.0203 2164 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/03/13 12:00:16.0296 2164 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/03/13 12:00:16.0375 2164 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/03/13 12:00:16.0453 2164 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/03/13 12:00:16.0531 2164 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/03/13 12:00:16.0593 2164 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/03/13 12:00:16.0687 2164 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/03/13 12:00:16.0859 2164 LxrJD31d (72f30fa2e98d628dff8d82011e687ebb) C:\WINDOWS\system32\Drivers\LxrJD31d.sys 2011/03/13 12:00:17.0031 2164 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\WINDOWS\system32\drivers\mfeapfk.sys 2011/03/13 12:00:17.0093 2164 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\WINDOWS\system32\drivers\mfeavfk.sys 2011/03/13 12:00:17.0203 2164 mfebopk (19161b1796cf74a6a326abde309062ba) C:\WINDOWS\system32\drivers\mfebopk.sys 2011/03/13 12:00:17.0296 2164 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\WINDOWS\system32\drivers\mfefirek.sys 2011/03/13 12:00:17.0390 2164 mfehidk (0efab2b91b27543fe589de700de07136) C:\WINDOWS\system32\drivers\mfehidk.sys 2011/03/13 12:00:17.0500 2164 mfendisk (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys 2011/03/13 12:00:17.0531 2164 mfendiskmp (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys 2011/03/13 12:00:17.0609 2164 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\WINDOWS\system32\drivers\mferkdet.sys 2011/03/13 12:00:17.0687 2164 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\WINDOWS\system32\drivers\mfetdi2k.sys 2011/03/13 12:00:17.0812 2164 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/03/13 12:00:17.0906 2164 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/03/13 12:00:17.0968 2164 motccgp (a10fa04b73a9d97e5cf77eb1d5a88165) C:\WINDOWS\system32\DRIVERS\motccgp.sys 2011/03/13 12:00:18.0031 2164 motccgpfl (aad6191a4daa519f04ab12b2af73e356) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys 2011/03/13 12:00:18.0109 2164 MotDev (80bda4ac4b2834ca522b7386fc1f6a20) C:\WINDOWS\system32\DRIVERS\motodrv.sys 2011/03/13 12:00:18.0187 2164 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys 2011/03/13 12:00:18.0265 2164 motport (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motport.sys 2011/03/13 12:00:18.0343 2164 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/03/13 12:00:18.0421 2164 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/03/13 12:00:18.0531 2164 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/03/13 12:00:18.0625 2164 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/03/13 12:00:18.0750 2164 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/03/13 12:00:18.0859 2164 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/03/13 12:00:18.0937 2164 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/03/13 12:00:19.0015 2164 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/03/13 12:00:19.0125 2164 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/03/13 12:00:19.0203 2164 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/03/13 12:00:19.0281 2164 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/03/13 12:00:19.0359 2164 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/03/13 12:00:19.0453 2164 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/03/13 12:00:19.0531 2164 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/03/13 12:00:19.0593 2164 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/03/13 12:00:19.0671 2164 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/03/13 12:00:19.0750 2164 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/03/13 12:00:19.0828 2164 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/03/13 12:00:19.0875 2164 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/03/13 12:00:19.0953 2164 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/03/13 12:00:20.0078 2164 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/03/13 12:00:20.0156 2164 Nmea (b0d5188e282dc4edae7020f333427bc8) C:\WINDOWS\system32\DRIVERS\pctnullport.sys 2011/03/13 12:00:20.0234 2164 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/03/13 12:00:20.0343 2164 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/03/13 12:00:20.0453 2164 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/03/13 12:00:20.0578 2164 nv (9d0f1b4fcf4f5cdfbc2d0c878f380b83) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/03/13 12:00:20.0734 2164 NWADI (93213c7ec08e01e37a935bf144e75df6) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys 2011/03/13 12:00:20.0812 2164 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/03/13 12:00:20.0890 2164 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/03/13 12:00:20.0984 2164 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/03/13 12:00:21.0093 2164 PalmUSBD (803cf09c795290825607505d37819135) C:\WINDOWS\system32\drivers\PalmUSBD.sys 2011/03/13 12:00:21.0171 2164 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/03/13 12:00:21.0265 2164 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/03/13 12:00:21.0343 2164 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/03/13 12:00:21.0421 2164 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys 2011/03/13 12:00:21.0515 2164 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/03/13 12:00:21.0640 2164 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/03/13 12:00:21.0734 2164 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/03/13 12:00:21.0796 2164 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS 2011/03/13 12:00:22.0296 2164 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/03/13 12:00:22.0375 2164 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/03/13 12:00:22.0468 2164 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/03/13 12:00:22.0562 2164 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/03/13 12:00:22.0640 2164 PxHelp20 (fd9d44ec6d99edfa3782f870b7e00682) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys 2011/03/13 12:00:22.0968 2164 RasAcd (6698c22fadfe8cad3db7ebb4debd8fd6) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/03/13 12:00:22.0968 2164 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\rasacd.sys. Real md5: 6698c22fadfe8cad3db7ebb4debd8fd6, Fake md5: fe0d99d6f31e4fad8159f690d68ded9c 2011/03/13 12:00:22.0984 2164 RasAcd - detected Rootkit.Win32.TDSS.tdl3 (0) 2011/03/13 12:00:23.0062 2164 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/03/13 12:00:23.0140 2164 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/03/13 12:00:23.0218 2164 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/03/13 12:00:23.0312 2164 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/03/13 12:00:23.0406 2164 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/03/13 12:00:23.0500 2164 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/03/13 12:00:23.0593 2164 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/03/13 12:00:23.0687 2164 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys 2011/03/13 12:00:23.0765 2164 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 2011/03/13 12:00:23.0875 2164 rtl8139 (d0ac0b0355a3ffb85eb77b083cd0627c) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS 2011/03/13 12:00:23.0984 2164 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/03/13 12:00:24.0078 2164 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/03/13 12:00:24.0140 2164 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/03/13 12:00:24.0234 2164 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/03/13 12:00:24.0375 2164 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/03/13 12:00:24.0468 2164 smrt (b9b97c295f65a84b62ecf68882823a15) C:\WINDOWS\system32\DRIVERS\smrt.sys 2011/03/13 12:00:24.0609 2164 smwdm (22f5db6724fea2f330e1f5ee44af93ea) C:\WINDOWS\system32\drivers\smwdm.sys 2011/03/13 12:00:24.0703 2164 snapman (68cbdfdee8498c75d7cef82552fdf984) C:\WINDOWS\system32\DRIVERS\snapman.sys 2011/03/13 12:00:24.0796 2164 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 2011/03/13 12:00:24.0921 2164 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/03/13 12:00:25.0031 2164 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/03/13 12:00:25.0125 2164 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/03/13 12:00:25.0234 2164 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys 2011/03/13 12:00:25.0296 2164 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys 2011/03/13 12:00:25.0375 2164 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys 2011/03/13 12:00:25.0437 2164 sscdserd (9fa66e361a99f8920c7609bae6814a0e) C:\WINDOWS\system32\DRIVERS\sscdserd.sys 2011/03/13 12:00:25.0515 2164 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/03/13 12:00:25.0593 2164 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/03/13 12:00:25.0656 2164 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/03/13 12:00:25.0750 2164 swmsflt (3d4776ab6520240ae06d277ac45bf836) C:\WINDOWS\system32\DRIVERS\swmsflt.sys 2011/03/13 12:00:25.0843 2164 swmx00 (af88ae62b84d016eb5bdc12ddf1005a3) C:\WINDOWS\system32\DRIVERS\swmx00.sys 2011/03/13 12:00:25.0921 2164 SWNC5E00 (24bce62e4da07c6488e3a7ff37a6b6ae) C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys 2011/03/13 12:00:26.0265 2164 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/03/13 12:00:26.0375 2164 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/03/13 12:00:26.0468 2164 tcpipBM (b1a9e04d803fde6b78314455211b726e) C:\WINDOWS\system32\drivers\tcpipBM.sys 2011/03/13 12:00:26.0531 2164 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/03/13 12:00:26.0593 2164 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/03/13 12:00:26.0656 2164 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/03/13 12:00:26.0828 2164 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/03/13 12:00:26.0968 2164 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/03/13 12:00:27.0093 2164 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/03/13 12:00:27.0140 2164 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/03/13 12:00:27.0218 2164 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/03/13 12:00:27.0281 2164 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/03/13 12:00:27.0343 2164 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/03/13 12:00:27.0437 2164 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/03/13 12:00:27.0515 2164 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/03/13 12:00:27.0671 2164 VBus (2f819aa4b3171efc050b648430800dc2) C:\WINDOWS\system32\DRIVERS\NkVBus.sys 2011/03/13 12:00:27.0765 2164 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/03/13 12:00:27.0906 2164 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/03/13 12:00:28.0031 2164 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/03/13 12:00:28.0109 2164 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys 2011/03/13 12:00:28.0218 2164 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys 2011/03/13 12:00:28.0375 2164 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/03/13 12:00:28.0515 2164 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys 2011/03/13 12:00:28.0625 2164 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2011/03/13 12:00:28.0703 2164 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2011/03/13 12:00:28.0796 2164 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/03/13 12:00:28.0890 2164 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/03/13 12:00:28.0953 2164 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/03/13 12:00:29.0078 2164 XUIF (41cf36a3cc7786575247ed456918e112) C:\WINDOWS\system32\Drivers\x10ufx2.sys 2011/03/13 12:00:29.0156 2164 zumbus (85281f709ea678382f370ee1052bbbac) C:\WINDOWS\system32\DRIVERS\zumbus.sys 2011/03/13 12:00:29.0296 2164 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys 2011/03/13 12:00:29.0406 2164 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys 2011/03/13 12:00:29.0640 2164 ================================================================================ 2011/03/13 12:00:29.0640 2164 Scan finished 2011/03/13 12:00:29.0640 2164 ================================================================================ 2011/03/13 12:00:29.0671 3092 Detected object count: 1 2011/03/13 12:00:50.0593 3092 RasAcd (6698c22fadfe8cad3db7ebb4debd8fd6) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/03/13 12:00:50.0593 3092 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\rasacd.sys. Real md5: 6698c22fadfe8cad3db7ebb4debd8fd6, Fake md5: fe0d99d6f31e4fad8159f690d68ded9c 2011/03/13 12:00:51.0875 3092 Backup copy found, using it.. 2011/03/13 12:00:51.0875 3092 C:\WINDOWS\system32\DRIVERS\rasacd.sys - will be cured after reboot 2011/03/13 12:00:51.0875 3092 Rootkit.Win32.TDSS.tdl3(RasAcd) - User select action: Cure 2011/03/13 12:00:59.0937 1160 Deinitialize success GooredFix by jpshortstuff (03.07.10.1) Log created at 12:07 on 13/03/2011 (Frank) Firefox version 3.6.8 (en-US) ========== GooredScan ========== ========== GooredLog ========== C:\Program Files\Mozilla Firefox\extensions\ (none) C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\8dnp25hj.default\extensions\ runtime@panda3d.org [22:38 05/05/2010] {20a82645-c095-46ed-80e3-08825760534b} [02:04 24/06/2010] [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [07:12 17/08/2009] "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [03:17 22/08/2010] -=E.O.F=-

i should add that when I run combofix a small window with a progress bar opens and runs for 20-30 seconds (runs to completion), then the incompatible message window opens (has about 10 languages)

I ran tfc, it cleaned 455 mb. (mcafee was off) copied the command line small box appeared, counted down from 30 and restarted the computer HDD light was on for about 2 min after boot, then nothing. No message showed on screen Ran combofix and got same incompatible message

combofix crashed with an incompatible os. Combo fix only works with widows 2000 up mssage

And I run through a wireless router, this machine is hard connected.

Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6037 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 3/12/2011 3:43:44 PM malware quickscan 110312 Scan type: Quick scan Objects scanned: 213295 Time elapsed: 8 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Sorry, my scan of malware bytes does show 2 item from microsft. Been there for a long time, read somewhere they are ok. Scanning again so that I can post

Thanks Kenny - More info, Have noticed upon bootup that the numlock light is on Also noticed the 'I'm infected..." sticky so I followed those steps: I have used malwarebytes for a while, last scan a week ago Today I did the fast scan, it found nothing. Then updated my mcafee and did a full scan, also nothing The I downloaded defogger and ran it. It said Finished!. I waited 5 min for it to rebott, or ask, never did, so I did it. then I downloaded DDS, the scan will be below. then i downloaded gmer, unchecked the boxes it states, scans for about 1 min, then blue screen, rebooted, same thing Here is dds, then I will do attach in next post hmmmmm the dds is too big for the post, had to delete most of it, I will attach both as a zip . DDS (Ver_11-03-05.01) - NTFSx86 Run by at 18:31:15.35 on Sat 03/12/2011 internet explorer: 8.0.6001.18702 browserjavaversion: 1.6.0_15 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.978 [GMT -5:00] . AV: AOL Antivirus *Enabled/Updated* {164FF91F-F5BD-4B74-A9DC-932CECB1603B} AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: AOL Firewall *Disabled* FW: McAfee Firewall *Enabled* . DDS.zip Attach.zip

Hello, Looks like I have a common problem: when using Mozilla/google search, I get the search pages, click one, then get redirected somewhere. Searched with AOL (only tried once) on same machine and no issue. I did download DDS, and have the 2 files on my root directory (same time if they are needed) attach is 341k, dds is about 255k. Also notice as I type, sometimes nothing shows on the screen, then all of a sudden my words appear as if from a buffer. Thanks for the help!