infected XP-Home laptop

[lermonides]

Hi,

I have an infected WinXP Home laptop. I was able to remove several viruses from it with other software but it is still not fixed. Virus-scans show nothing, but I have these symptoms:
1. Many antivirus software websites are blocked (tracert attempts to any URL containing "lavasoft", for example, is routed to 127.0.0.1 but there is no entry in the hosts file that should be doing that).

2. Some antivirus software will not run - either at all, or until it is renamed.

3. After installing Kaspersky AV just now, as soon as I connected an ethernet cable (to a live router) Kaspersky noted that about 25 attempts were made to connect to "known phishing sites". I blocked those, but clearly something bad is still on this system.

This problem persisted even after I booted into the Recovery Console from an XP install CD and re-wrote the MBR with fixmbr, and the boot sector of the system partition with fixboot. I have no idea how this thing is still loading, though now I suspect that it has simply modified some of the main system files.

I have downloaded and run (in safe-mode) the Kaspersky Virus Removal Tool. I am attaching the result file generated from "Collect System Information". Any advice would be great - thanks!!

--Jeff

[drongo]

Please download in my signature special avz. Put in new folder, for example on Desktop.
Disconnect from internet, unload/exit antivirus
lunch it and execute this script:

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 QuarantineFile('C:\WINDOWS\system32\opnnKDwt.dll','');
 QuarantineFile('C:\WINDOWS\system32\btnnbr.dll','');
 QuarantineFile('C:\WINDOWS\system32\geBttrRl.dll','');
 QuarantineFile('C:\WINDOWS\system32\ezSP_Px.exe','');
 QuarantineFile('C:\WINDOWS\system32\datcpl.exe','');
 QuarantineFile('C:\WINDOWS\system32\PRISMSVR.EXE','');
 QuarantineFile('C:\WINDOWS\system32\drivers\usbvideoo.sys','');
 QuarantineFile('C:\WINDOWS\system32\AWINDIS5.SYS','');
 QuarantineFile('C:\WINDOWS\System32\DRIVERS\PxHelp20.sys','');
BC_ImportAll;
BC_Activate;
RebootWindows(true);
end.

Please upload the quarantine according to appendix 3 of rules, by link http://virusinfo.info/upload_virus_eng.php?tid=38695
Let us know, when you done.