The virus from hell

[jujuman]

I think I have acquired the virus from hell. About three weeks ago, a virus attacked my computer with the following symptoms:

1) redirecting Firebox pages and popups

2) freezing my taskbar and not allowing me to open Task Manager

3) preventing Windows from shutting down properly

I tried Norton, Kaspersky, Avast, and Malwarebytes with no effect, and even when I reinstalled Windows from my recovery disks, the virus was still there. I opted to just buy a new hard drive, and reinstalled Windows from recovery disks onto this new drive (drive C). Unfortunately, either the virus is back, is on another hard drive that transported over (drive D), or I was unlucky enough to acquire it again somehow.

The virus no longer freezes my taskbar or prevents Task Manager from opening, but it still redirects Firebox pages and often pops up new pages. Again, I've tried Norton, Kaspersky, Avast, and Malwarebytes (all with the newest virus definitions) with no effect. I've purchased the professional version of Malwarebytes, and popups of "Successfully blocked access to a potentially malicious website" are nearly constant. I have Norton installed and often it would warn me that "A recent attempt to attack your computer was blocked."

I'm at the end of my rope. If anyone can help me, I would think you a genius because the virus has defeated everything! Thanks a bunch.

I've gone through all the steps on the "I'm infected - What do I do now?" link.

MBAM log:

13:47:10 Compaq_Owner MESSAGE Protection started successfully

13:47:23 Compaq_Owner MESSAGE IP Protection started successfully

13:49:21 Compaq_Owner IP-BLOCK 91.216.73.60

13:49:24 Compaq_Owner IP-BLOCK 91.216.73.60

13:49:30 Compaq_Owner IP-BLOCK 91.216.73.60

13:49:48 Compaq_Owner IP-BLOCK 91.216.73.61

13:49:51 Compaq_Owner IP-BLOCK 91.216.73.61

13:49:56 Compaq_Owner IP-BLOCK 91.216.73.61

13:50:09 Compaq_Owner IP-BLOCK 194.60.205.232

13:50:12 Compaq_Owner IP-BLOCK 194.60.205.232

13:50:18 Compaq_Owner IP-BLOCK 194.60.205.232

13:50:30 Compaq_Owner IP-BLOCK 194.60.205.233

13:50:33 Compaq_Owner IP-BLOCK 194.60.205.233

13:50:39 Compaq_Owner IP-BLOCK 194.60.205.233

13:50:52 Compaq_Owner IP-BLOCK 194.60.205.234

13:50:55 Compaq_Owner IP-BLOCK 194.60.205.234

13:51:00 Compaq_Owner IP-BLOCK 194.60.205.234

13:51:13 Compaq_Owner IP-BLOCK 91.216.73.60

13:51:16 Compaq_Owner IP-BLOCK 91.216.73.60

13:51:21 Compaq_Owner IP-BLOCK 91.216.73.60

13:51:34 Compaq_Owner IP-BLOCK 91.216.73.61

13:51:36 Compaq_Owner IP-BLOCK 91.216.73.61

13:51:43 Compaq_Owner IP-BLOCK 91.216.73.61

13:51:54 Compaq_Owner IP-BLOCK 194.60.205.232

13:51:57 Compaq_Owner IP-BLOCK 194.60.205.232

13:52:04 Compaq_Owner IP-BLOCK 194.60.205.232

13:52:16 Compaq_Owner IP-BLOCK 91.216.73.60

13:52:19 Compaq_Owner IP-BLOCK 91.216.73.60

13:52:25 Compaq_Owner IP-BLOCK 91.216.73.60

13:52:37 Compaq_Owner IP-BLOCK 194.60.205.233

13:52:40 Compaq_Owner IP-BLOCK 194.60.205.233

13:52:45 Compaq_Owner IP-BLOCK 194.60.205.233

13:52:58 Compaq_Owner IP-BLOCK 91.216.73.61

13:53:00 Compaq_Owner IP-BLOCK 91.216.73.61

13:53:07 Compaq_Owner IP-BLOCK 91.216.73.61

13:53:18 Compaq_Owner IP-BLOCK 194.60.205.234

13:53:21 Compaq_Owner IP-BLOCK 194.60.205.234

13:53:28 Compaq_Owner IP-BLOCK 194.60.205.234

13:53:39 Compaq_Owner IP-BLOCK 194.60.205.232

13:53:43 Compaq_Owner IP-BLOCK 194.60.205.232

13:53:49 Compaq_Owner IP-BLOCK 194.60.205.232

13:54:01 Compaq_Owner IP-BLOCK 194.60.205.233

13:54:04 Compaq_Owner IP-BLOCK 194.60.205.233

13:54:09 Compaq_Owner IP-BLOCK 194.60.205.233

13:54:24 Compaq_Owner IP-BLOCK 194.60.205.234

13:54:27 Compaq_Owner IP-BLOCK 194.60.205.234

13:54:33 Compaq_Owner IP-BLOCK 194.60.205.234

13:54:45 Compaq_Owner IP-BLOCK 91.216.73.60

13:54:48 Compaq_Owner IP-BLOCK 91.216.73.60

13:54:54 Compaq_Owner IP-BLOCK 91.216.73.60

13:55:06 Compaq_Owner IP-BLOCK 91.216.73.60

13:55:09 Compaq_Owner IP-BLOCK 91.216.73.60

13:55:15 Compaq_Owner IP-BLOCK 91.216.73.60

13:55:27 Compaq_Owner IP-BLOCK 91.216.73.61

13:55:30 Compaq_Owner IP-BLOCK 91.216.73.61

13:55:36 Compaq_Owner IP-BLOCK 91.216.73.61

13:55:48 Compaq_Owner IP-BLOCK 91.216.73.61

13:55:51 Compaq_Owner IP-BLOCK 91.216.73.61

13:55:57 Compaq_Owner IP-BLOCK 91.216.73.61

13:56:09 Compaq_Owner IP-BLOCK 91.216.73.60

13:56:12 Compaq_Owner IP-BLOCK 91.216.73.60

13:56:18 Compaq_Owner IP-BLOCK 91.216.73.60

13:56:30 Compaq_Owner IP-BLOCK 194.60.205.232

13:56:33 Compaq_Owner IP-BLOCK 194.60.205.232

13:56:39 Compaq_Owner IP-BLOCK 194.60.205.232

13:56:45 Compaq_Owner IP-BLOCK 62.122.75.136

13:56:48 Compaq_Owner IP-BLOCK 62.122.75.136

13:56:51 Compaq_Owner IP-BLOCK 194.60.205.232

13:56:54 Compaq_Owner IP-BLOCK 62.122.75.136

13:56:54 Compaq_Owner IP-BLOCK 194.60.205.232

13:57:00 Compaq_Owner IP-BLOCK 194.60.205.232

13:57:06 Compaq_Owner IP-BLOCK 62.122.75.136

13:57:09 Compaq_Owner IP-BLOCK 62.122.75.136

13:57:12 Compaq_Owner IP-BLOCK 91.216.73.61

13:57:15 Compaq_Owner IP-BLOCK 62.122.75.136

13:57:15 Compaq_Owner IP-BLOCK 91.216.73.61

13:57:21 Compaq_Owner IP-BLOCK 91.216.73.61

13:57:27 Compaq_Owner IP-BLOCK 62.122.75.138

13:57:30 Compaq_Owner IP-BLOCK 62.122.75.138

13:57:33 Compaq_Owner IP-BLOCK 194.60.205.233

13:57:36 Compaq_Owner IP-BLOCK 194.60.205.233

13:57:42 Compaq_Owner IP-BLOCK 194.60.205.233

13:57:54 Compaq_Owner IP-BLOCK 194.60.205.233

13:57:57 Compaq_Owner IP-BLOCK 194.60.205.233

13:58:03 Compaq_Owner IP-BLOCK 194.60.205.233

13:58:15 Compaq_Owner IP-BLOCK 91.216.73.60

13:58:18 Compaq_Owner IP-BLOCK 91.216.73.60

13:58:24 Compaq_Owner IP-BLOCK 91.216.73.60

13:58:36 Compaq_Owner IP-BLOCK 194.60.205.232

13:58:39 Compaq_Owner IP-BLOCK 194.60.205.232

13:58:45 Compaq_Owner IP-BLOCK 194.60.205.232

13:58:57 Compaq_Owner IP-BLOCK 194.60.205.234

13:59:00 Compaq_Owner IP-BLOCK 194.60.205.234

13:59:06 Compaq_Owner IP-BLOCK 194.60.205.234

13:59:18 Compaq_Owner IP-BLOCK 194.60.205.234

13:59:21 Compaq_Owner IP-BLOCK 194.60.205.234

13:59:27 Compaq_Owner IP-BLOCK 194.60.205.234

13:59:39 Compaq_Owner IP-BLOCK 91.216.73.60

13:59:42 Compaq_Owner IP-BLOCK 91.216.73.60

13:59:47 Compaq_Owner IP-BLOCK 91.212.226.6

13:59:48 Compaq_Owner IP-BLOCK 91.216.73.60

13:59:50 Compaq_Owner IP-BLOCK 91.212.226.6

13:59:56 Compaq_Owner IP-BLOCK 91.212.226.6

14:00:00 Compaq_Owner IP-BLOCK 91.216.73.61

14:00:03 Compaq_Owner IP-BLOCK 91.216.73.61

14:00:09 Compaq_Owner IP-BLOCK 91.216.73.61

14:00:21 Compaq_Owner IP-BLOCK 194.60.205.233

14:00:24 Compaq_Owner IP-BLOCK 194.60.205.233

14:00:30 Compaq_Owner IP-BLOCK 194.60.205.233

14:00:42 Compaq_Owner IP-BLOCK 91.216.73.60

14:00:45 Compaq_Owner IP-BLOCK 91.216.73.60

14:00:51 Compaq_Owner IP-BLOCK 91.216.73.60

14:01:03 Compaq_Owner IP-BLOCK 91.216.73.61

14:01:06 Compaq_Owner IP-BLOCK 91.216.73.61

14:01:12 Compaq_Owner IP-BLOCK 91.216.73.61

14:01:24 Compaq_Owner IP-BLOCK 91.216.73.60

14:01:27 Compaq_Owner IP-BLOCK 91.216.73.60

14:01:33 Compaq_Owner IP-BLOCK 91.216.73.60

14:01:45 Compaq_Owner IP-BLOCK 194.60.205.232

14:01:48 Compaq_Owner IP-BLOCK 194.60.205.232

14:01:54 Compaq_Owner IP-BLOCK 194.60.205.232

14:02:06 Compaq_Owner IP-BLOCK 194.60.205.234

14:02:09 Compaq_Owner IP-BLOCK 194.60.205.234

14:02:15 Compaq_Owner IP-BLOCK 194.60.205.234

14:02:29 Compaq_Owner IP-BLOCK 91.216.73.61

14:02:32 Compaq_Owner IP-BLOCK 91.216.73.61

14:02:38 Compaq_Owner IP-BLOCK 91.216.73.61

14:02:50 Compaq_Owner IP-BLOCK 194.60.205.232

14:02:53 Compaq_Owner IP-BLOCK 194.60.205.232

14:02:59 Compaq_Owner IP-BLOCK 194.60.205.232

14:03:11 Compaq_Owner IP-BLOCK 91.216.73.61

14:03:14 Compaq_Owner IP-BLOCK 91.216.73.61

14:03:20 Compaq_Owner IP-BLOCK 91.216.73.61

14:03:32 Compaq_Owner IP-BLOCK 194.60.205.233

14:03:35 Compaq_Owner IP-BLOCK 194.60.205.233

14:03:41 Compaq_Owner IP-BLOCK 194.60.205.233

14:03:53 Compaq_Owner IP-BLOCK 91.216.73.60

14:03:56 Compaq_Owner IP-BLOCK 91.216.73.60

14:04:02 Compaq_Owner IP-BLOCK 91.216.73.60

14:04:14 Compaq_Owner IP-BLOCK 194.60.205.232

14:04:17 Compaq_Owner IP-BLOCK 194.60.205.232

14:04:23 Compaq_Owner IP-BLOCK 194.60.205.232

14:04:35 Compaq_Owner IP-BLOCK 194.60.205.233

14:04:38 Compaq_Owner IP-BLOCK 194.60.205.233

14:04:44 Compaq_Owner IP-BLOCK 194.60.205.233

14:04:56 Compaq_Owner IP-BLOCK 194.60.205.232

14:04:59 Compaq_Owner IP-BLOCK 194.60.205.232

14:05:05 Compaq_Owner IP-BLOCK 194.60.205.232

14:05:17 Compaq_Owner IP-BLOCK 194.60.205.234

14:05:20 Compaq_Owner IP-BLOCK 194.60.205.234

14:05:26 Compaq_Owner IP-BLOCK 194.60.205.234

14:05:38 Compaq_Owner IP-BLOCK 91.216.73.61

14:05:41 Compaq_Owner IP-BLOCK 91.216.73.61

14:05:47 Compaq_Owner IP-BLOCK 91.216.73.61

14:05:59 Compaq_Owner IP-BLOCK 194.60.205.233

14:06:02 Compaq_Owner IP-BLOCK 194.60.205.233

14:06:08 Compaq_Owner IP-BLOCK 194.60.205.233

14:06:20 Compaq_Owner IP-BLOCK 194.60.205.234

14:06:23 Compaq_Owner IP-BLOCK 194.60.205.234

14:06:29 Compaq_Owner IP-BLOCK 194.60.205.234

14:06:41 Compaq_Owner IP-BLOCK 194.60.205.233

14:06:44 Compaq_Owner IP-BLOCK 194.60.205.233

14:06:50 Compaq_Owner IP-BLOCK 194.60.205.233

14:07:02 Compaq_Owner IP-BLOCK 91.216.73.60

14:07:05 Compaq_Owner IP-BLOCK 91.216.73.60

14:07:11 Compaq_Owner IP-BLOCK 91.216.73.60

14:07:23 Compaq_Owner IP-BLOCK 194.60.205.232

14:07:26 Compaq_Owner IP-BLOCK 194.60.205.232

14:07:32 Compaq_Owner IP-BLOCK 194.60.205.232

14:07:44 Compaq_Owner IP-BLOCK 194.60.205.234

14:07:47 Compaq_Owner IP-BLOCK 194.60.205.234

14:07:53 Compaq_Owner IP-BLOCK 194.60.205.234

14:08:05 Compaq_Owner IP-BLOCK 91.216.73.60

14:08:08 Compaq_Owner IP-BLOCK 91.216.73.60

14:08:14 Compaq_Owner IP-BLOCK 91.216.73.60

14:08:26 Compaq_Owner IP-BLOCK 194.60.205.234

14:08:29 Compaq_Owner IP-BLOCK 194.60.205.234

14:08:36 Compaq_Owner IP-BLOCK 194.60.205.234

14:08:47 Compaq_Owner IP-BLOCK 91.216.73.61

14:08:51 Compaq_Owner IP-BLOCK 91.216.73.61

14:08:57 Compaq_Owner IP-BLOCK 91.216.73.61

14:09:09 Compaq_Owner IP-BLOCK 194.60.205.233

14:09:12 Compaq_Owner IP-BLOCK 194.60.205.233

14:09:18 Compaq_Owner IP-BLOCK 194.60.205.233

14:09:30 Compaq_Owner IP-BLOCK 91.216.73.61

14:09:33 Compaq_Owner IP-BLOCK 91.216.73.61

14:09:38 Compaq_Owner IP-BLOCK 91.216.73.61

14:09:51 Compaq_Owner IP-BLOCK 91.216.73.60

14:09:53 Compaq_Owner IP-BLOCK 91.216.73.60

14:10:00 Compaq_Owner IP-BLOCK 91.216.73.60

14:10:08 Compaq_Owner IP-BLOCK 193.27.232.75

14:10:11 Compaq_Owner IP-BLOCK 193.27.232.75

14:10:11 Compaq_Owner IP-BLOCK 91.216.73.60

14:10:14 Compaq_Owner IP-BLOCK 91.216.73.60

14:10:17 Compaq_Owner IP-BLOCK 193.27.232.75

14:10:21 Compaq_Owner IP-BLOCK 91.216.73.60

14:10:33 Compaq_Owner IP-BLOCK 194.60.205.232

14:10:36 Compaq_Owner IP-BLOCK 194.60.205.232

14:10:42 Compaq_Owner IP-BLOCK 194.60.205.232

14:10:54 Compaq_Owner IP-BLOCK 91.216.73.60

14:10:57 Compaq_Owner IP-BLOCK 91.216.73.60

14:11:03 Compaq_Owner IP-BLOCK 91.216.73.60

14:11:15 Compaq_Owner IP-BLOCK 91.216.73.60

14:11:18 Compaq_Owner IP-BLOCK 91.216.73.60

14:11:24 Compaq_Owner IP-BLOCK 91.216.73.60

14:11:36 Compaq_Owner IP-BLOCK 194.60.205.234

14:11:39 Compaq_Owner IP-BLOCK 194.60.205.234

14:11:45 Compaq_Owner IP-BLOCK 194.60.205.234

14:11:57 Compaq_Owner IP-BLOCK 194.60.205.232

14:12:00 Compaq_Owner IP-BLOCK 194.60.205.232

14:12:06 Compaq_Owner IP-BLOCK 194.60.205.232

14:12:18 Compaq_Owner IP-BLOCK 91.216.73.61

14:12:21 Compaq_Owner IP-BLOCK 91.216.73.61

14:12:27 Compaq_Owner IP-BLOCK 91.216.73.61

14:12:39 Compaq_Owner IP-BLOCK 91.216.73.61

14:12:42 Compaq_Owner IP-BLOCK 91.216.73.61

14:12:48 Compaq_Owner IP-BLOCK 91.216.73.61

14:13:00 Compaq_Owner IP-BLOCK 194.60.205.233

14:13:03 Compaq_Owner IP-BLOCK 194.60.205.233

14:13:09 Compaq_Owner IP-BLOCK 194.60.205.233

14:13:21 Compaq_Owner IP-BLOCK 91.216.73.61

14:13:24 Compaq_Owner IP-BLOCK 91.216.73.61

14:13:30 Compaq_Owner IP-BLOCK 91.216.73.61

14:13:42 Compaq_Owner IP-BLOCK 91.216.73.60

14:13:45 Compaq_Owner IP-BLOCK 91.216.73.60

14:13:51 Compaq_Owner IP-BLOCK 91.216.73.60

14:14:03 Compaq_Owner IP-BLOCK 91.216.73.60

14:14:06 Compaq_Owner IP-BLOCK 91.216.73.60

14:14:12 Compaq_Owner IP-BLOCK 91.216.73.60

14:14:24 Compaq_Owner IP-BLOCK 91.216.73.61

14:14:27 Compaq_Owner IP-BLOCK 91.216.73.61

14:14:33 Compaq_Owner IP-BLOCK 91.216.73.61

14:14:45 Compaq_Owner IP-BLOCK 194.60.205.233

14:14:48 Compaq_Owner IP-BLOCK 194.60.205.233

14:14:54 Compaq_Owner IP-BLOCK 194.60.205.233

14:15:06 Compaq_Owner IP-BLOCK 194.60.205.232

14:15:09 Compaq_Owner IP-BLOCK 194.60.205.232

14:15:15 Compaq_Owner IP-BLOCK 194.60.205.232

14:15:27 Compaq_Owner IP-BLOCK 194.60.205.232

14:15:30 Compaq_Owner IP-BLOCK 194.60.205.232

14:15:36 Compaq_Owner IP-BLOCK 194.60.205.232

14:15:48 Compaq_Owner IP-BLOCK 194.60.205.234

14:15:51 Compaq_Owner IP-BLOCK 194.60.205.234

14:15:57 Compaq_Owner IP-BLOCK 194.60.205.234

14:16:09 Compaq_Owner IP-BLOCK 194.60.205.232

14:16:12 Compaq_Owner IP-BLOCK 194.60.205.232

14:16:18 Compaq_Owner IP-BLOCK 194.60.205.232

14:16:30 Compaq_Owner IP-BLOCK 91.216.73.61

14:16:39 Compaq_Owner IP-BLOCK 91.216.73.61

14:16:51 Compaq_Owner IP-BLOCK 91.216.73.61

14:16:54 Compaq_Owner IP-BLOCK 91.216.73.61

14:17:00 Compaq_Owner IP-BLOCK 91.216.73.61

14:17:12 Compaq_Owner IP-BLOCK 194.60.205.232

14:17:15 Compaq_Owner IP-BLOCK 194.60.205.232

14:17:21 Compaq_Owner IP-BLOCK 194.60.205.232

14:17:33 Compaq_Owner IP-BLOCK 194.60.205.234

14:17:36 Compaq_Owner IP-BLOCK 194.60.205.234

14:17:42 Compaq_Owner IP-BLOCK 194.60.205.234

14:17:55 Compaq_Owner IP-BLOCK 194.60.205.233

14:17:57 Compaq_Owner IP-BLOCK 194.60.205.233

14:18:04 Compaq_Owner IP-BLOCK 194.60.205.233

14:18:15 Compaq_Owner IP-BLOCK 194.60.205.233

14:18:18 Compaq_Owner IP-BLOCK 194.60.205.233

14:18:25 Compaq_Owner IP-BLOCK 194.60.205.233

14:18:37 Compaq_Owner IP-BLOCK 194.60.205.233

14:18:40 Compaq_Owner IP-BLOCK 194.60.205.233

14:18:45 Compaq_Owner IP-BLOCK 194.60.205.233

14:18:57 Compaq_Owner IP-BLOCK 194.60.205.232

14:19:01 Compaq_Owner IP-BLOCK 194.60.205.232

14:19:07 Compaq_Owner IP-BLOCK 194.60.205.232

14:19:18 Compaq_Owner IP-BLOCK 194.60.205.232

14:19:22 Compaq_Owner IP-BLOCK 194.60.205.232

14:19:28 Compaq_Owner IP-BLOCK 194.60.205.232

14:19:40 Compaq_Owner IP-BLOCK 194.60.205.233

14:19:43 Compaq_Owner IP-BLOCK 194.60.205.233

14:19:49 Compaq_Owner IP-BLOCK 194.60.205.233

14:20:01 Compaq_Owner IP-BLOCK 194.60.205.234

14:20:04 Compaq_Owner IP-BLOCK 194.60.205.234

14:20:10 Compaq_Owner IP-BLOCK 194.60.205.234

21:07:35 (null) MESSAGE Protection started successfully

21:07:50 Compaq_Owner MESSAGE IP Protection started successfully

DDS log:

DDS (Ver_10-10-21.02) - NTFSx86

Run by Compaq_Owner at 15:28:32.37 on Fri 10/22/2010

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1470.620 [GMT -7:00]

AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe

C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe

C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

c:\windows\system\hpsysdrv.exe

C:\Documents and Settings\Compaq_Owner\Application Data\Dropbox\bin\Dropbox.exe

D:\Downloads\sxk6j74p.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\rundll32.exe

D:\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop

uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop

uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop

mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop

mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop

mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.1.0.37\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.1.0.37\IPSBHO.DLL

BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll

BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.1.0.37\coIEPlg.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run

mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [D-Link D-Link DWA-125] c:\program files\d-link\dwa-125 reva\AirGCFG.exe

mRun: [WZCSLDR2] c:\program files\d-link\dwa-125 reva\WZCSLDR2.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\compaq_owner\application data\dropbox\bin\Dropbox.exe

IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html

IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms

IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\6f0meohk.default\

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll

FF - component: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\6f0meohk.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1201000.025\SymDS.sys [2010-10-21 339504]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1201000.025\SymEFA.sys [2010-10-21 666672]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20101001.001\BHDrvx86.sys [2010-8-31 692272]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1201000.025\Ironx86.sys [2010-10-21 134704]

R2 ANPD;ANPD Service;c:\windows\system32\ANPD.SYS [2010-10-19 29411]

R2 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:\program files\d-link\dwa-125 reva\ANIWConnService.exe [2010-10-19 40960]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-9 304464]

R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.1.0.37\ccSvcHst.exe [2010-10-21 126904]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-21 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20101020.001\IDSXpx86.sys [2010-10-19 341880]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-9 20952]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20101021.049\NAVENG.SYS [2010-10-22 86064]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20101021.049\NAVEX15.SYS [2010-10-22 1371184]

S2 D_Link_DWA-125;D_Link_DWA-125 Service;c:\program files\d-link\dwa-125 reva\ANIWZCSdS.exe [2010-10-19 126976]

S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [2010-10-9 636502]

S3 rt2870;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Drt2870.sys [2010-10-19 779136]

=============== Created Last 30 ================

2010-10-22 02:58:32 -------- d-----w- c:\docume~1\compaq~1\applic~1\GlarySoft

2010-10-22 02:57:05 -------- d-----w- c:\program files\Glary Utilities

2010-10-22 02:45:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools

2010-10-21 14:31:38 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-10-21 14:31:38 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-10-21 14:31:37 -------- d-----w- c:\program files\Symantec

2010-10-21 14:30:46 369072 ----a-r- c:\windows\system32\drivers\nis\1201000.025\symtdi.sys

2010-10-21 14:30:46 331312 ----a-r- c:\windows\system32\drivers\nis\1201000.025\symtdiv.sys

2010-10-21 14:30:46 294448 ----a-r- c:\windows\system32\drivers\nis\1201000.025\symnets.sys

2010-10-21 14:30:45 666672 ----a-r- c:\windows\system32\drivers\nis\1201000.025\SymEFA.sys

2010-10-21 14:30:45 50096 ----a-r- c:\windows\system32\drivers\nis\1201000.025\srtspx.sys

2010-10-21 14:30:45 489008 ----a-r- c:\windows\system32\drivers\nis\1201000.025\srtsp.sys

2010-10-21 14:30:45 339504 ----a-r- c:\windows\system32\drivers\nis\1201000.025\SymDS.sys

2010-10-21 14:30:44 134704 ----a-r- c:\windows\system32\drivers\nis\1201000.025\Ironx86.sys

2010-10-21 14:29:45 -------- d-----w- c:\windows\system32\drivers\nis\1201000.025

2010-10-21 14:29:45 -------- d-----w- c:\windows\system32\drivers\NIS

2010-10-21 14:29:39 -------- d-----w- c:\program files\Norton Internet Security

2010-10-21 14:29:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton

2010-10-21 14:29:04 -------- d-----w- c:\program files\NortonInstaller

2010-10-21 14:29:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller

2010-10-21 03:02:13 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Sunbelt Software

2010-10-21 02:58:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

2010-10-19 18:53:06 48640 ----a-w- c:\windows\system32\ANPD64.SYS

2010-10-19 18:53:06 34008 ----a-w- c:\windows\system32\ANPD.VXD

2010-10-19 18:53:06 315392 ----a-w- c:\windows\system32\ANPDApi.dll

2010-10-19 18:53:06 29411 ----a-w- c:\windows\system32\ANPD.SYS

2010-10-19 18:52:09 779136 ----a-w- c:\windows\system32\drivers\Drt2870.sys

2010-10-19 18:52:08 221184 ----a-w- c:\windows\system32\RaCoInst.dll

2010-10-19 18:52:07 -------- d-----w- c:\program files\D-Link

2010-10-11 22:32:32 -------- d-----w- c:\windows\ServicePackFiles

2010-10-11 22:31:25 -------- d-----w- c:\program files\MSXML 4.0

2010-10-10 19:45:48 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-10-10 19:45:48 423656 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2010-10-10 19:45:47 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-10-10 17:38:27 -------- d-----w- c:\program files\VideoLAN

2010-10-10 10:22:41 -------- d-----w- c:\windows\system32\CatRoot_bak

2010-10-10 10:20:34 2137088 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-10-10 10:20:32 2181376 ------w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-10-10 10:20:31 2016768 ------w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-10-10 10:20:29 2058368 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe

2010-10-10 10:16:54 272128 ------w- c:\windows\system32\drivers\bthport.sys

2010-10-10 10:16:54 272128 ------w- c:\windows\system32\dllcache\bthport.sys

2010-10-10 10:15:29 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2010-10-10 10:00:42 -------- d-----w- c:\windows\system32\PreInstall

2010-10-10 06:48:25 -------- d-----w- c:\docume~1\compaq~1\applic~1\Enovy

2010-10-10 06:28:10 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Adobe

2010-10-10 06:17:49 -------- d-----w- c:\docume~1\compaq~1\applic~1\Aquwpu

2010-10-10 01:12:33 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\LastPass

2010-10-10 01:12:16 -------- d-----w- c:\program files\LastPass

2010-10-10 00:41:37 -------- d-----w- c:\docume~1\compaq~1\applic~1\Malwarebytes

2010-10-10 00:41:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-10 00:41:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-10-10 00:41:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-10 00:41:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-10 00:32:57 -------- d-----w- c:\windows\system32\SoftwareDistribution

2010-10-10 00:20:33 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2010-10-10 00:20:33 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys

2010-10-09 23:57:56 -------- d-----w- c:\program files\VS Revo Group

2010-10-09 23:47:44 -------- d-----w- c:\docume~1\compaq~1\applic~1\Dropbox

2010-10-09 23:44:06 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Mozilla

2010-10-09 19:07:50 -------- d-s---w- c:\documents and settings\compaq_owner\UserData

2010-10-09 19:05:17 -------- d-sh--r- C:\cmdcons

2010-10-09 19:05:16 -------- d-----w- c:\windows\setup.pss

2010-10-09 19:05:10 636502 ----a-r- c:\windows\system32\drivers\PRISMUSB.sys

2010-10-09 18:53:55 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2010-10-09 18:53:53 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2010-10-09 18:53:50 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys

2010-10-09 18:40:41 -------- d-----r- c:\documents and settings\all users\Documents

2010-10-09 18:40:04 -------- d-----r- c:\windows\Offline Web Pages

2010-10-09 18:37:58 -------- d-sh--r- c:\windows\system32\dllcache

==================== Find3M ====================

============= FINISH: 15:29:50.42 ===============

Attach.zip

[Kenny94]

Hi jujuman and Welcome to Malwarebytes Forum!

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
  
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
• Click the Report button and copy/paste the contents of it into your next reply
  

Note:It will also create a log in the C:\ directory.

[jujuman]

Thanks a bunch, Kenny! Here is the TDSSKiller log:

2010/10/23 17:40:02.0140 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/23 17:40:02.0140 ================================================================================

2010/10/23 17:40:02.0140 SystemInfo:

2010/10/23 17:40:02.0140

2010/10/23 17:40:02.0140 OS Version: 5.1.2600 ServicePack: 2.0

2010/10/23 17:40:02.0140 Product type: Workstation

2010/10/23 17:40:02.0140 ComputerName: YOUR-D0F670B45A

2010/10/23 17:40:02.0140 UserName: Compaq_Owner

2010/10/23 17:40:02.0140 Windows directory: C:\WINDOWS

2010/10/23 17:40:02.0140 System windows directory: C:\WINDOWS

2010/10/23 17:40:02.0140 Processor architecture: Intel x86

2010/10/23 17:40:02.0140 Number of processors: 1

2010/10/23 17:40:02.0140 Page size: 0x1000

2010/10/23 17:40:02.0140 Boot type: Normal boot

2010/10/23 17:40:02.0140 ================================================================================

2010/10/23 17:40:02.0796 Initialize success

2010/10/23 17:40:06.0453 ================================================================================

2010/10/23 17:40:06.0453 Scan started

2010/10/23 17:40:06.0453 Mode: Manual;

2010/10/23 17:40:06.0453 ================================================================================

2010/10/23 17:40:07.0828 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/23 17:40:07.0921 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/23 17:40:08.0015 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys

2010/10/23 17:40:08.0109 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

2010/10/23 17:40:08.0187 AgereSoftModem (994a42d273c35b43ee9d1e8a5d8bc639) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

2010/10/23 17:40:08.0468 ANPD (d33b28d9ed695ccf9520d70d825f9d85) C:\WINDOWS\system32\ANPD.sys

2010/10/23 17:40:08.0687 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/23 17:40:08.0765 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/23 17:40:08.0937 ati2mtag (8a1a80ef7455244530b117eead8a427f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/10/23 17:40:09.0031 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/23 17:40:09.0093 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/23 17:40:09.0140 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys

2010/10/23 17:40:09.0218 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/23 17:40:09.0453 BHDrvx86 (5138da8715da5f9823b753b6cb36a9a9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101001.001\BHDrvx86.sys

2010/10/23 17:40:09.0656 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/23 17:40:09.0796 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/23 17:40:09.0843 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/23 17:40:09.0890 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/23 17:40:10.0265 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/23 17:40:10.0421 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/23 17:40:10.0515 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/23 17:40:10.0562 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/23 17:40:10.0671 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/23 17:40:10.0812 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/23 17:40:10.0984 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2010/10/23 17:40:11.0078 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2010/10/23 17:40:11.0218 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/23 17:40:11.0343 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys

2010/10/23 17:40:11.0453 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/23 17:40:11.0500 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/10/23 17:40:11.0562 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2010/10/23 17:40:11.0625 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/23 17:40:11.0671 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/23 17:40:11.0843 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys

2010/10/23 17:40:11.0906 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/23 17:40:12.0000 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/10/23 17:40:12.0078 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/23 17:40:12.0171 HTTP (bfb7b73c942e816c4fb4a5a7bae87136) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/23 17:40:12.0343 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/23 17:40:12.0421 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys

2010/10/23 17:40:12.0625 IDSxpx86 (74e8463447101ecf0165ddc7e5168b7e) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101021.003\IDSxpx86.sys

2010/10/23 17:40:12.0734 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/23 17:40:12.0968 IntcAzAudAddService (64be56b8858ca0153c725c720ffd194f) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/10/23 17:40:13.0078 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/10/23 17:40:13.0156 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/10/23 17:40:13.0250 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2010/10/23 17:40:13.0296 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/23 17:40:13.0343 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/23 17:40:13.0375 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/23 17:40:13.0421 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/23 17:40:13.0468 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/23 17:40:13.0531 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/23 17:40:13.0593 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/23 17:40:13.0656 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/10/23 17:40:13.0703 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/23 17:40:13.0765 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/23 17:40:14.0015 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys

2010/10/23 17:40:14.0093 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/23 17:40:14.0328 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/23 17:40:14.0390 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/23 17:40:14.0468 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/23 17:40:14.0562 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/23 17:40:14.0687 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/23 17:40:14.0937 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/23 17:40:15.0046 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/23 17:40:15.0218 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/23 17:40:15.0296 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/23 17:40:15.0406 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/23 17:40:15.0515 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/23 17:40:15.0671 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/23 17:40:15.0859 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101023.004\NAVENG.SYS

2010/10/23 17:40:16.0015 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101023.004\NAVEX15.SYS

2010/10/23 17:40:16.0156 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/23 17:40:16.0218 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/23 17:40:16.0281 Ndisuio (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/23 17:40:16.0312 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/23 17:40:16.0390 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/23 17:40:16.0468 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/23 17:40:16.0531 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/23 17:40:16.0625 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/23 17:40:16.0687 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/23 17:40:16.0765 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/23 17:40:16.0828 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/23 17:40:16.0859 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/23 17:40:16.0906 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/23 17:40:16.0984 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/23 17:40:17.0031 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/23 17:40:17.0187 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/23 17:40:17.0265 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/23 17:40:17.0296 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/23 17:40:17.0703 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/23 17:40:17.0859 PRISM_USB (d5e90cd0e51130e0a1c3fec82684fb7d) C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys

2010/10/23 17:40:17.0937 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/23 17:40:17.0968 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/23 17:40:18.0015 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/23 17:40:18.0250 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/23 17:40:18.0296 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/23 17:40:18.0343 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/23 17:40:18.0421 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/23 17:40:18.0546 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/23 17:40:18.0609 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/23 17:40:18.0703 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/23 17:40:19.0031 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/23 17:40:19.0250 rt2870 (ad0bad5d585afc1cb1cd5eafcae50ed4) C:\WINDOWS\system32\DRIVERS\Drt2870.sys

2010/10/23 17:40:19.0328 RTL8023xp (7988bfe882bcd94199225b5c3482f1bd) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

2010/10/23 17:40:19.0406 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

2010/10/23 17:40:19.0500 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/23 17:40:19.0578 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys

2010/10/23 17:40:19.0625 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/23 17:40:19.0734 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys

2010/10/23 17:40:19.0796 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/23 17:40:19.0890 SRTSP (d0ab8e989935d895f1bed8f607fa0948) C:\WINDOWS\system32\drivers\NIS\1201000.025\SRTSP.SYS

2010/10/23 17:40:19.0953 SRTSPX (fae9f5558a1f53670e579f9ffb4a67cc) C:\WINDOWS\system32\drivers\NIS\1201000.025\SRTSPX.SYS

2010/10/23 17:40:20.0015 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/23 17:40:20.0093 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/23 17:40:20.0125 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/23 17:40:20.0296 SymDS (67e83f8c7e80dc898a1d73b38412ba7a) C:\WINDOWS\system32\drivers\NIS\1201000.025\SYMDS.SYS

2010/10/23 17:40:20.0359 SymEFA (3986a8de371e985ba6c82eb8da3b1e98) C:\WINDOWS\system32\drivers\NIS\1201000.025\SYMEFA.SYS

2010/10/23 17:40:20.0468 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

2010/10/23 17:40:20.0562 SymIRON (8ae632773b5192dce48f4ec8de753863) C:\WINDOWS\system32\drivers\NIS\1201000.025\Ironx86.SYS

2010/10/23 17:40:20.0609 SYMTDI (34ff2368b7914d1b29d16aba865e982d) C:\WINDOWS\system32\drivers\NIS\1201000.025\SYMTDI.SYS

2010/10/23 17:40:20.0765 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/23 17:40:20.0875 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/23 17:40:20.0953 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/23 17:40:21.0062 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/23 17:40:21.0125 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/23 17:40:21.0234 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/23 17:40:21.0343 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/23 17:40:21.0437 usbehci (7481d843e672b51039b7e8a161b746b8) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/23 17:40:21.0484 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/23 17:40:21.0531 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/10/23 17:40:21.0609 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/10/23 17:40:21.0656 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/23 17:40:21.0718 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/10/23 17:40:21.0781 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2010/10/23 17:40:21.0828 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/10/23 17:40:21.0859 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/23 17:40:21.0921 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/23 17:40:22.0000 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/23 17:40:22.0203 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/10/23 17:40:22.0296 ================================================================================

2010/10/23 17:40:22.0296 Scan finished

2010/10/23 17:40:22.0296 ================================================================================

2010/10/23 17:40:22.0328 Detected object count: 1

2010/10/23 17:40:48.0312 \HardDisk0\MBR - will be cured after reboot

2010/10/23 17:40:48.0312 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure

2010/10/23 17:41:10.0140 Deinitialize success

[Kenny94]

The search redirections should have stopped now. Or slowed down at this point.

1. Download ComboFix from below:
   Combofix download
   * IMPORTANT !!! Place combofix.exe on your Desktop
   
2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
   You can get help on disabling your protection programs here
   
3. Double click on combofix.exe & follow the prompts.
   
4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
   Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
   
   The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
   With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
   Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
   ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
   Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
   The Recovery Console was successfully installed.
   
   Click on Yes, to continue scanning for malware.
   
5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
   
6. When finished, it shall produce a log for you. Post that log in your next reply
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   ---------------------------------------------------------------------------------------------
   
7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
   ---------------------------------------------------------------------------------------------
   

[jujuman]

Okay, here it's the log:

ComboFix 10-10-22.05 - Compaq_Owner 10/23/2010 18:11:17.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1470.819 [GMT -7:00]

Running from: d:\downloads\ComboFix.exe

AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

E:\Autorun.inf

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_6TO4

((((((((((((((((((((((((( Files Created from 2010-09-24 to 2010-10-24 )))))))))))))))))))))))))))))))

.

2010-10-24 01:07 . 2010-10-24 01:07 -------- d-----w- c:\windows\system32\LogFiles

2010-10-22 02:57 . 2010-10-22 02:57 -------- d-----w- c:\program files\Glary Utilities

2010-10-21 14:31 . 2010-10-21 14:31 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-10-21 14:31 . 2010-10-21 14:31 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-10-21 14:31 . 2010-10-21 14:31 -------- d-----w- c:\program files\Symantec

2010-10-21 14:29 . 2010-10-21 14:29 -------- d-----w- c:\windows\system32\drivers\NIS

2010-10-21 14:29 . 2010-10-21 14:29 -------- d-----w- c:\program files\Norton Internet Security

2010-10-21 14:29 . 2010-10-21 14:29 -------- d-----w- c:\program files\Windows Sidebar

2010-10-21 14:29 . 2010-10-21 14:29 -------- d-----w- c:\program files\NortonInstaller

2010-10-21 01:03 . 2010-10-21 01:03 -------- d-----w- c:\documents and settings\Administrator

2010-10-19 18:53 . 2010-10-19 18:53 48640 ----a-w- c:\windows\system32\ANPD64.SYS

2010-10-19 18:53 . 2010-10-19 18:53 34008 ----a-w- c:\windows\system32\ANPD.VXD

2010-10-19 18:53 . 2010-10-19 18:53 315392 ----a-w- c:\windows\system32\ANPDApi.dll

2010-10-19 18:53 . 2010-10-19 18:53 29411 ----a-w- c:\windows\system32\ANPD.SYS

2010-10-19 18:52 . 2009-09-15 21:09 779136 ----a-w- c:\windows\system32\drivers\Drt2870.sys

2010-10-19 18:52 . 2009-09-15 21:08 221184 ----a-w- c:\windows\system32\RaCoInst.dll

2010-10-19 18:52 . 2010-10-19 18:52 -------- d-----w- c:\program files\D-Link

2010-10-11 22:32 . 2010-10-11 22:32 -------- d-----w- c:\windows\ServicePackFiles

2010-10-11 22:31 . 2010-10-11 22:31 -------- d-----w- c:\program files\MSXML 4.0

2010-10-11 06:09 . 2010-10-11 06:09 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2010-10-10 19:48 . 2010-10-12 03:12 -------- d-----w- c:\windows\Sun

2010-10-10 19:45 . 2010-10-10 19:45 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-10-10 19:45 . 2010-10-10 19:45 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-10-10 17:38 . 2010-10-10 17:38 -------- d-----w- c:\program files\VideoLAN

2010-10-10 10:22 . 2010-10-10 10:42 -------- d-----w- c:\windows\system32\CatRoot_bak

2010-10-10 10:16 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys

2010-10-10 01:12 . 2010-10-10 01:12 -------- d-----w- c:\program files\LastPass

2010-10-10 00:41 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-10 00:41 . 2010-10-19 19:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-10 00:41 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-10 00:21 . 2010-10-10 00:21 -------- d-----w- c:\program files\Alwil Software

2010-10-10 00:20 . 2004-08-04 06:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2010-10-09 23:57 . 2010-10-09 23:57 -------- d-----w- c:\program files\VS Revo Group

2010-10-09 19:05 . 2003-04-10 10:44 636502 ----a-r- c:\windows\system32\drivers\PRISMUSB.sys

2010-10-09 18:57 . 2010-10-24 01:18 -------- d-----w- c:\documents and settings\Compaq_Owner

2010-10-09 18:57 . 2006-05-20 03:04 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS

2010-10-09 18:56 . 2006-05-20 03:04 -------- d-----w- c:\documents and settings\Default User\WINDOWS

2010-10-09 18:53 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2010-10-09 18:53 . 2004-08-04 05:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2010-10-09 18:53 . 2001-08-17 21:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys

2010-10-09 18:40 . 2010-10-10 17:30 -------- d-----r- c:\documents and settings\All Users\Documents

2010-10-09 18:37 . 2010-10-11 22:40 -------- d-sh--r- c:\windows\system32\dllcache

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]

"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"D-Link D-Link DWA-125"="c:\program files\D-Link\DWA-125 revA\AirGCFG.exe" [2009-10-20 995328]

"WZCSLDR2"="c:\program files\D-Link\DWA-125 revA\WZCSLDR2.exe" [2009-10-20 122880]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-19 27136]

c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\

Dropbox.lnk - c:\documents and settings\Compaq_Owner\Application Data\Dropbox\bin\Dropbox.exe [2010-2-25 21979992]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-19 27136]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=

"c:\\Documents and Settings\\Compaq_Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1201000.025\SymDS.sys [10/21/2010 7:30 AM 339504]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1201000.025\SymEFA.sys [10/21/2010 7:30 AM 666672]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [8/31/2010 3:57 PM 692272]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1201000.025\Ironx86.sys [10/21/2010 7:30 AM 134704]

R2 ANPD;ANPD Service;c:\windows\system32\ANPD.SYS [10/19/2010 11:53 AM 29411]

R2 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:\program files\D-Link\DWA-125 revA\ANIWConnService.exe [10/19/2010 11:52 AM 40960]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/9/2010 5:41 PM 304464]

R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [10/21/2010 7:30 AM 126904]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/21/2010 7:36 AM 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101021.003\IDSXpx86.sys [10/23/2010 10:27 AM 341880]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/9/2010 5:41 PM 20952]

S2 D_Link_DWA-125;D_Link_DWA-125 Service;c:\program files\D-Link\DWA-125 revA\ANIWZCSdS.exe [10/19/2010 11:52 AM 126976]

S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [10/9/2010 12:05 PM 636502]

.

Contents of the 'Scheduled Tasks' folder

2010-10-24 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2010-10-22 04:55]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop

IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html

IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html

IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms

IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html

FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6f0meohk.default\

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll

FF - component: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6f0meohk.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-10-23 18:20

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2972)

c:\documents and settings\Compaq_Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\brss01a.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\wdfmgr.exe

c:\windows\system32\wscntfy.exe

c:\windows\RTHDCPL.EXE

c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

.

**************************************************************************

.

Completion time: 2010-10-23 18:24:07 - machine was rebooted

ComboFix-quarantined-files.txt 2010-10-24 01:24

Pre-Run: 479,198,150,656 bytes free

Post-Run: 479,274,348,544 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 8FC1048C1F72FB41E380286594EE327A

[Kenny94]

I need to run and take my girlfriend out. Before she pops me with her hair dryer. I'll have some more instructions for you in the next day or so jujuman. Thanks for your patience!

[Kenny94]

There are some older versions of Java on your computer. These can be a source of infection.

[

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
  
• Scroll down to where it says Java SE Runtime Environment (JRE) - JRE 6 Update 22 -
  
• Click the Download button to the right.
  
• Select the Windows platform from the dropdown menu.
  
• Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6u16 with JavaFX 1 License Agreement. Click on Continue.The page will refresh.
  
• Click on the link to download Windows Offline Installation and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u122 -windows-i586-p.exe to install the newest version.
  

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
    
  • Next, click on the Delete Files button
    
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
      

    [*]Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

    [*]Click OK to leave the Temporary Files Window

    [*]Click OK to leave the Java Control Panel.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml

When all is well, you should see Java Version: 1.6.0_21 from Sun Microsystems Inc.

-------------------------------------------------------------------

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

• Please go here then click on:
  
• Select the option YES, I accept the Terms of Use then click on:
  
• When prompted allow the Add-On/Active X to install.
  
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  
• Now click on Advanced Settings and select the following:
  

• • Scan for potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth Technology
    

[*]Now click on:

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on:

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

[jujuman]

Okay, things are looking pretty clean, I think. Here's the log:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=c2f8c0a84c60df48b3824845157591c2

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-10-24 07:38:11

# local_time=2010-10-24 12:38:11 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=769 16774142 0 1 0 0 0 0

# compatibility_mode=3584 16777191 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=129876

# found=0

# cleaned=0

# scan_time=6739

[Kenny94]

Your Computer is Clean

Some final items:

Follow these steps to uninstall Combofix and tools used in the removal of malware

• Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  
• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the x and /)
  
  
• Please follow the prompts to uninstall Combofix.
  
• You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
  

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

• Make your Internet Explorer more secure - This can be done by following these simple instructions:
  
• From within Internet Explorer click on the Tools menu and then click on Options.
  
• Click once on the Security tab
  
• Click once on the Internet icon so it becomes highlighted.
  
• Click once on the Custom Level button.
  
• Change the Download signed ActiveX controls to Prompt
  
• Change the Download unsigned ActiveX controls to Disable
  
• Change the Initialize and script ActiveX controls not marked as safe to Disable
  
• Change the Installation of desktop items to Prompt
  
• Change the Launching programs and files in an IFRAME to Prompt
  
• Change the Navigate sub-frames across different domains to Prompt
  
• When all these settings have been made, click on the OK button
  
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
  
• Next press the Apply button and then the OK to exit the Internet Properties page.
  

Additional Security Measures

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

Secunia software inspector & update checker

Visit My Blog for Malware and Spyware Tips

[jujuman]

Thanks a bunch, Kenny! You're literally a lifesaver! Have fun with your girlfriend!

[Kenny94]

Your Welcome jujuman.....

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.