Cripes

If no response I'll probably start trying things from other people with similar issues...otherwise looks like a reformat is in my near future.

???

Any ideas? Thanks!

I followed the "I'm infected--What do I do now?" (at least I think I did). The latest MBAM log is below the DDS log. It started with numerous trojans being found, and now this one keeps popping back up on reboot (I only posted my last MBAM log so it doesn't list the other malware it found at first). I THINK the others are gone. MBAM and Norton aren't finding them any more at least. Thanks for any and all help in advance! This one just won't DIE!!! . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22 Run by Kelsey2 at 15:08:55 on 2011-07-28 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1201 [GMT -5:00] . AV: Norton AntiVirus Online *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton AntiVirus Online *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\authz32.exe C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\ProgramData\audiosrv32.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve BHO: {0e5f4811-d95f-420a-ad44-2f473c6ffdee} - c:\windows\system32\audiosrv32.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.6.0.29\ips\IPSBHO.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900 mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{7CE2C0CB-ACF4-43BA-B8B3-1BF56138D788} : DhcpNameServer = 192.168.1.1 . ================= FIREFOX =================== . FF - ProfilePath - c:\users\kelsey2\appdata\roaming\mozilla\firefox\profiles\0p8pyb25.default\ FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\users\kelsey2\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\users\kelsey2\appdata\roaming\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\users\kelsey2\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll . ============= SERVICES / DRIVERS =============== . R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2008-1-20 4608] R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1206000.01d\symds.sys [2011-6-13 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1206000.01d\symefa.sys [2011-6-13 744568] R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20110723.001\BHDrvx86.sys [2011-7-22 815736] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20110727.030\IDSvix86.sys [2011-7-27 367736] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1206000.01d\ironx86.sys [2011-6-13 136312] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nav\1206000.01d\symtdiv.sys [2011-6-13 331384] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736] R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.6.0.29\ccsvchst.exe [2011-6-13 130008] R2 TapiSrv32;Telephony ;c:\windows\system32\authz32.exe [2011-7-26 793600] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-27 105592] R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-1-20 987648] R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-1-20 251904] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-7-21 41272] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-07-28 15:13:36 -------- d-----w- c:\users\kelsey2\appdata\local\Microsoft Games 2011-07-28 04:01:45 363008 ----a-w- c:\windows\system32\audiosrv32.dll 2011-07-28 03:08:39 793600 ----a-w- c:\programdata\audiosrv32.exe 2011-07-28 02:55:49 -------- d-----w- c:\users\kelsey2\appdata\local\temp 2011-07-28 02:55:04 -------- d-----w- c:\users\kelsey2\appdata\local\CrashDumps 2011-07-28 02:51:25 -------- d-sh--w- C:\$RECYCLE.BIN 2011-07-27 20:10:47 98816 ----a-w- c:\windows\sed.exe 2011-07-27 20:10:47 518144 ----a-w- c:\windows\SWREG.exe 2011-07-27 20:10:47 256000 ----a-w- c:\windows\PEV.exe 2011-07-27 20:10:47 208896 ----a-w- c:\windows\MBR.exe 2011-07-27 13:40:48 -------- d-----w- c:\users\kelsey2\appdata\roaming\SUPERAntiSpyware.com 2011-07-27 13:40:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-07-27 13:40:34 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-07-27 13:38:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-07-27 13:38:18 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-07-27 05:29:20 0 ---ha-w- c:\windows\qjajvlpexc.tmp 2011-07-26 13:06:24 793600 ----a-w- c:\windows\system32\authz32.exe 2011-07-24 18:50:10 0 ---ha-w- c:\windows\system32\qjajvlpexc.tmp 2011-07-21 14:16:58 -------- d-----w- c:\users\kelsey2\appdata\roaming\Malwarebytes 2011-07-21 14:16:43 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-21 14:16:42 -------- d-----w- c:\programdata\Malwarebytes 2011-07-21 14:16:38 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-21 14:16:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-20 23:36:03 0 ----a-w- c:\users\kelsey2\appdata\local\Qviseyogomus.bin 2011-07-14 03:15:17 -------- d-----w- c:\users\kelsey2\appdata\local\Google 2011-07-13 12:45:07 2043392 ----a-w- c:\windows\system32\win32k.sys 2011-07-13 12:45:02 49152 ----a-w- c:\windows\system32\csrsrv.dll 2011-07-13 12:45:02 375808 ----a-w- c:\windows\system32\winsrv.dll 2011-06-29 12:53:08 276992 ----a-w- c:\windows\system32\schannel.dll . ==================== Find3M ==================== . 2011-07-28 02:12:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-14 02:34:29 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2011-05-30 18:26:43 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-25 00:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-02 17:16:14 739328 ----a-w- c:\windows\system32\inetcomm.dll . ============= FINISH: 15:09:30.54 =============== Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7309 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 7/28/2011 2:51:25 PM mbam-log-2011-07-28 (14-51-25).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 415942 Time elapsed: 2 hour(s), 53 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Attach.zip ark.zip