Browser/host problem after malware

Sorry that is my fault. No need to run as Admin as you're running XP. Thought it was Vista.

Either way now that you've posted I would prefer you run this tool.

Download MBRCheck.exe to your desktop
Double click on MBRCheck.exe to run it
It will show a black screen with some data on it
Click on the black C:\ in the upper left hand corner of the black screen
Choose Edit > Select All > Press Enter to copy the data to your clip board
Press Enter again to close MBRCheck
Now open up notepad or wordpad and paste the data in (press Control+V)

Post the results in your reply

MBRCheck, version 1.1.1
(c) 2010, AD

\\.\C: --> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected


Done! Press ENTER to exit...

Okay that is clean.

• Download TDSSKiller and save it to your Desktop.
• Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
• Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.
  
  "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  
  
• If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
• When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

09:38:44:890 3792 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
09:38:44:890 3792 ================================================================================
09:38:44:890 3792 SystemInfo:

09:38:44:890 3792 OS Version: 5.1.2600 ServicePack: 3.0
09:38:44:890 3792 Product type: Workstation
09:38:44:890 3792 ComputerName: OPTIPLEX
09:38:44:890 3792 UserName: Jonathan
09:38:44:890 3792 Windows directory: C:\WINDOWS
09:38:44:890 3792 System windows directory: C:\WINDOWS
09:38:44:890 3792 Processor architecture: Intel x86
09:38:44:890 3792 Number of processors: 2
09:38:44:890 3792 Page size: 0x1000
09:38:44:906 3792 Boot type: Normal boot
09:38:44:906 3792 ================================================================================
09:38:45:328 3792 Initialize success
09:38:45:328 3792
09:38:45:328 3792 Scanning Services ...
09:38:47:234 3792 Raw services enum returned 403 services
09:38:47:843 3792
09:38:47:859 3792 Scanning Drivers ...
09:38:50:312 3792 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:38:50:453 3792 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:38:50:546 3792 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:38:50:671 3792 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:38:50:906 3792 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:38:51:015 3792 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
09:38:51:218 3792 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
09:38:51:406 3792 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
09:38:51:734 3792 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:38:51:812 3792 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:38:51:875 3792 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:38:51:937 3792 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:38:52:000 3792 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:38:52:078 3792 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:38:52:156 3792 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:38:52:234 3792 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:38:52:296 3792 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
09:38:52:468 3792 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
09:38:52:500 3792 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:38:52:656 3792 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:38:52:875 3792 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:38:52:953 3792 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:38:53:125 3792 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:38:53:156 3792 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:38:53:171 3792 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:38:53:187 3792 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:38:53:234 3792 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:38:53:234 3792 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:38:53:265 3792 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:38:53:296 3792 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:38:53:359 3792 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:38:53:390 3792 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:38:53:421 3792 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:38:53:437 3792 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:38:53:484 3792 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
09:38:53:625 3792 CVPNDRVA (244b0408e9e20c734c97ce1e783d67ee) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
09:38:53:812 3792 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:38:53:843 3792 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:38:53:906 3792 DELL_A02 (8a87352d9fb9597511c34d0c8c0e7223) C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
09:38:53:937 3792 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:38:54:046 3792 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
09:38:54:078 3792 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
09:38:54:109 3792 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
09:38:54:125 3792 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
09:38:54:140 3792 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
09:38:54:156 3792 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
09:38:54:171 3792 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
09:38:54:187 3792 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
09:38:54:203 3792 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
09:38:54:281 3792 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:38:54:312 3792 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:38:54:328 3792 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:38:54:343 3792 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:38:54:484 3792 DNE (2eddbb3ef1dd5a28cb07c149d36e7286) C:\WINDOWS\system32\DRIVERS\dne2000.sys
09:38:54:546 3792 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:38:54:687 3792 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:38:54:765 3792 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
09:38:55:062 3792 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
09:38:55:593 3792 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:38:56:281 3792 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
09:38:56:593 3792 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:38:56:921 3792 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:38:57:062 3792 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:38:57:265 3792 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:38:57:406 3792 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:38:57:500 3792 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:38:57:515 3792 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:38:57:578 3792 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:38:57:687 3792 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
09:38:57:984 3792 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:38:58:109 3792 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:38:58:203 3792 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
09:38:58:359 3792 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
09:38:58:750 3792 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
09:38:59:140 3792 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:38:59:234 3792 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:38:59:265 3792 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:38:59:296 3792 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:38:59:359 3792 IABFilt (cbf75f6257751d1089e7e1dd468168df) C:\WINDOWS\system32\DRIVERS\IABFilt.sys
09:38:59:875 3792 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:38:59:953 3792 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:39:00:031 3792 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:39:00:078 3792 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:39:00:234 3792 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:39:00:375 3792 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:39:00:734 3792 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:39:00:890 3792 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:39:00:984 3792 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:39:01:046 3792 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:39:01:187 3792 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:39:01:250 3792 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:39:01:484 3792 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:39:01:750 3792 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:39:02:031 3792 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
09:39:02:312 3792 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:39:02:421 3792 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:39:02:531 3792 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
09:39:02:609 3792 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:39:02:640 3792 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:39:02:718 3792 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:39:03:046 3792 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
09:39:03:234 3792 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:39:03:406 3792 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:39:03:500 3792 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:39:03:640 3792 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:39:04:031 3792 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:39:04:531 3792 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:39:04:890 3792 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:39:04:984 3792 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:39:05:078 3792 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:39:05:281 3792 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:39:05:484 3792 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:39:05:625 3792 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
09:39:06:015 3792 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100714.002\naveng.sys
09:39:06:453 3792 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100714.002\navex15.sys
09:39:06:578 3792 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:39:06:593 3792 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:39:06:609 3792 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:39:06:640 3792 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:39:06:859 3792 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
09:39:07:281 3792 NEOFLTR_600_13487 (e42ebf219cc8781d439690bdf430182a) C:\WINDOWS\system32\Drivers\NEOFLTR_600_13487.SYS
09:39:07:421 3792 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:39:07:562 3792 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

09:35:34:562 6016 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
09:35:34:562 6016 ================================================================================
09:35:34:562 6016 SystemInfo:

09:35:34:562 6016 OS Version: 5.1.2600 ServicePack: 3.0
09:35:34:562 6016 Product type: Workstation
09:35:34:562 6016 ComputerName: OPTIPLEX
09:35:34:578 6016 UserName: Jonathan
09:35:34:578 6016 Windows directory: C:\WINDOWS
09:35:34:578 6016 System windows directory: C:\WINDOWS
09:35:34:578 6016 Processor architecture: Intel x86
09:35:34:578 6016 Number of processors: 2
09:35:34:578 6016 Page size: 0x1000
09:35:34:578 6016 Boot type: Normal boot
09:35:34:578 6016 ================================================================================
09:35:35:203 6016 Initialize success
09:35:35:203 6016
09:35:35:203 6016 Scanning Services ...
09:35:35:843 6016 Raw services enum returned 403 services
09:35:35:859 6016
09:35:35:859 6016 Scanning Drivers ...
09:35:37:125 6016 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:35:37:187 6016 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:35:37:234 6016 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:35:37:281 6016 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:35:37:328 6016 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:35:37:390 6016 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
09:35:37:468 6016 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
09:35:37:500 6016 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
09:35:37:562 6016 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:35:37:593 6016 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:35:37:625 6016 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:35:37:656 6016 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:35:37:687 6016 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:35:37:718 6016 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:35:37:750 6016 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:35:37:796 6016 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:35:37:890 6016 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
09:35:37:937 6016 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
09:35:37:953 6016 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:35:37:968 6016 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:35:38:031 6016 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:35:38:062 6016 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:35:38:093 6016 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:35:38:140 6016 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:35:38:156 6016 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:35:38:187 6016 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:35:38:203 6016 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:35:38:218 6016 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:35:38:250 6016 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:35:38:296 6016 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:35:38:343 6016 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:35:38:359 6016 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:35:38:390 6016 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:35:38:406 6016 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:35:38:468 6016 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
09:35:38:546 6016 CVPNDRVA (244b0408e9e20c734c97ce1e783d67ee) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
09:35:38:562 6016 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:35:38:609 6016 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:35:38:687 6016 DELL_A02 (8a87352d9fb9597511c34d0c8c0e7223) C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
09:35:38:718 6016 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:35:38:781 6016 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
09:35:38:812 6016 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
09:35:38:843 6016 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
09:35:38:859 6016 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
09:35:38:890 6016 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
09:35:38:906 6016 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
09:35:38:921 6016 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
09:35:38:953 6016 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
09:35:38:984 6016 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
09:35:39:093 6016 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:35:39:125 6016 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:35:39:140 6016 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:35:39:171 6016 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:35:39:234 6016 DNE (2eddbb3ef1dd5a28cb07c149d36e7286) C:\WINDOWS\system32\DRIVERS\dne2000.sys
09:35:39:281 6016 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:35:39:328 6016 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:35:39:343 6016 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
09:35:39:375 6016 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
09:35:39:406 6016 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:35:39:593 6016 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
09:35:39:625 6016 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:35:39:687 6016 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:35:39:718 6016 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:35:39:781 6016 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:35:39:812 6016 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:35:39:828 6016 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:35:39:843 6016 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:35:39:875 6016 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:35:39:937 6016 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
09:35:39:984 6016 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:35:40:000 6016 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:35:40:015 6016 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
09:35:40:078 6016 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
09:35:40:281 6016 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
09:35:40:359 6016 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:35:40:468 6016 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:35:40:500 6016 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:35:40:562 6016 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:35:40:593 6016 IABFilt (cbf75f6257751d1089e7e1dd468168df) C:\WINDOWS\system32\DRIVERS\IABFilt.sys
09:35:40:671 6016 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:35:40:718 6016 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:35:40:750 6016 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:35:41:125 6016 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:35:41:281 6016 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:35:41:296 6016 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:35:41:359 6016 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:35:41:390 6016 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:35:41:421 6016 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:35:41:437 6016 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:35:41:468 6016 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:35:41:484 6016 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:35:41:515 6016 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:35:41:531 6016 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:35:41:578 6016 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
09:35:41:625 6016 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:35:41:656 6016 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:35:41:703 6016 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
09:35:41:734 6016 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:35:41:796 6016 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:35:41:828 6016 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:35:41:843 6016 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
09:35:41:875 6016 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:35:41:937 6016 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:35:41:953 6016 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:35:42:000 6016 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:35:42:031 6016 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:35:42:140 6016 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:35:42:156 6016 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:35:42:234 6016 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:35:42:250 6016 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:35:42:281 6016 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:35:42:312 6016 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:35:42:328 6016 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
09:35:42:578 6016 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100714.002\naveng.sys
09:35:42:625 6016 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100714.002\navex15.sys
09:35:42:687 6016 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:35:42:734 6016 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:35:42:750 6016 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:35:42:781 6016 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:35:42:859 6016 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
09:35:42:921 6016 NEOFLTR_600_13487 (e42ebf219cc8781d439690bdf430182a) C:\WINDOWS\system32\Drivers\NEOFLTR_600_13487.SYS
09:35:42:953 6016 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:35:42:984 6016 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:35:43:031 6016 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:35:43:078 6016 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:35:43:125 6016 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:35:43:218 6016 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:35:43:265 6016 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:35:43:281 6016 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:35:43:359 6016 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
09:35:43:437 6016 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:35:43:453 6016 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:35:43:484 6016 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:35:43:515 6016 PCI (afa774202672eb4dc593355e290ebe5e) C:\WINDOWS\system32\DRIVERS\pci.sys
09:35:43:515 6016 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pci.sys. Real md5: afa774202672eb4dc593355e290ebe5e, Fake md5: a219903ccf74233761d92bef471a07b1
09:35:43:515 6016 File "C:\WINDOWS\system32\DRIVERS\pci.sys" infected by TDSS rootkit ... 09:35:44:796 6016 Backup copy found, using it..
09:35:45:093 6016 will be cured on next reboot
09:35:45:328 6016 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:35:45:375 6016 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:35:45:468 6016 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys
09:35:45:531 6016 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
09:35:45:546 6016 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:35:45:625 6016 PortlUSB (895dbe112ef6435dda75c8c9698e400b) C:\WINDOWS\system32\DRIVERS\H10USB.sys
09:35:45:687 6016 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:35:45:703 6016 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:35:45:734 6016 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:35:45:796 6016 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:35:45:828 6016 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:35:45:843 6016 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:35:45:890 6016 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:35:45:906 6016 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:35:45:937 6016 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:35:45:984 6016 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:35:46:015 6016 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:35:46:046 6016 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:35:46:062 6016 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:35:46:125 6016 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:35:46:156 6016 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:35:46:187 6016 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:35:46:218 6016 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
09:35:46:250 6016 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

Looks like the log is getting cut off for some reason. But I can see that it did find the rootkit.

How is it running now? Can you get to those sites now?

I may have accidently cut off the bottom of the log. here it is again




09:38:44:890 3792 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
09:38:44:890 3792 ================================================================================
09:38:44:890 3792 SystemInfo:

09:38:44:890 3792 OS Version: 5.1.2600 ServicePack: 3.0
09:38:44:890 3792 Product type: Workstation
09:38:44:890 3792 ComputerName: OPTIPLEX
09:38:44:890 3792 UserName: Jonathan
09:38:44:890 3792 Windows directory: C:\WINDOWS
09:38:44:890 3792 System windows directory: C:\WINDOWS
09:38:44:890 3792 Processor architecture: Intel x86
09:38:44:890 3792 Number of processors: 2
09:38:44:890 3792 Page size: 0x1000
09:38:44:906 3792 Boot type: Normal boot
09:38:44:906 3792 ================================================================================
09:38:45:328 3792 Initialize success
09:38:45:328 3792
09:38:45:328 3792 Scanning Services ...
09:38:47:234 3792 Raw services enum returned 403 services
09:38:47:843 3792
09:38:47:859 3792 Scanning Drivers ...
09:38:50:312 3792 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:38:50:453 3792 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:38:50:546 3792 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:38:50:671 3792 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:38:50:906 3792 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:38:51:015 3792 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
09:38:51:218 3792 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
09:38:51:406 3792 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
09:38:51:734 3792 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:38:51:812 3792 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:38:51:875 3792 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:38:51:937 3792 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:38:52:000 3792 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:38:52:078 3792 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:38:52:156 3792 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:38:52:234 3792 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:38:52:296 3792 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
09:38:52:468 3792 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
09:38:52:500 3792 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:38:52:656 3792 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:38:52:875 3792 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:38:52:953 3792 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:38:53:125 3792 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:38:53:156 3792 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:38:53:171 3792 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:38:53:187 3792 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:38:53:234 3792 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:38:53:234 3792 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:38:53:265 3792 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:38:53:296 3792 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:38:53:359 3792 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:38:53:390 3792 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:38:53:421 3792 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:38:53:437 3792 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:38:53:484 3792 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
09:38:53:625 3792 CVPNDRVA (244b0408e9e20c734c97ce1e783d67ee) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
09:38:53:812 3792 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:38:53:843 3792 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:38:53:906 3792 DELL_A02 (8a87352d9fb9597511c34d0c8c0e7223) C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
09:38:53:937 3792 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:38:54:046 3792 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
09:38:54:078 3792 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
09:38:54:109 3792 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
09:38:54:125 3792 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
09:38:54:140 3792 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
09:38:54:156 3792 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
09:38:54:171 3792 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
09:38:54:187 3792 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
09:38:54:203 3792 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
09:38:54:281 3792 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:38:54:312 3792 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:38:54:328 3792 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:38:54:343 3792 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:38:54:484 3792 DNE (2eddbb3ef1dd5a28cb07c149d36e7286) C:\WINDOWS\system32\DRIVERS\dne2000.sys
09:38:54:546 3792 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:38:54:687 3792 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:38:54:765 3792 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
09:38:55:062 3792 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
09:38:55:593 3792 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:38:56:281 3792 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
09:38:56:593 3792 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:38:56:921 3792 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:38:57:062 3792 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:38:57:265 3792 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:38:57:406 3792 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:38:57:500 3792 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:38:57:515 3792 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:38:57:578 3792 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:38:57:687 3792 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
09:38:57:984 3792 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:38:58:109 3792 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:38:58:203 3792 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
09:38:58:359 3792 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
09:38:58:750 3792 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
09:38:59:140 3792 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:38:59:234 3792 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:38:59:265 3792 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:38:59:296 3792 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:38:59:359 3792 IABFilt (cbf75f6257751d1089e7e1dd468168df) C:\WINDOWS\system32\DRIVERS\IABFilt.sys
09:38:59:875 3792 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:38:59:953 3792 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:39:00:031 3792 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:39:00:078 3792 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:39:00:234 3792 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:39:00:375 3792 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:39:00:734 3792 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:39:00:890 3792 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:39:00:984 3792 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:39:01:046 3792 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:39:01:187 3792 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:39:01:250 3792 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:39:01:484 3792 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:39:01:750 3792 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:39:02:031 3792 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
09:39:02:312 3792 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:39:02:421 3792 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:39:02:531 3792 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
09:39:02:609 3792 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:39:02:640 3792 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:39:02:718 3792 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:39:03:046 3792 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
09:39:03:234 3792 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:39:03:406 3792 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:39:03:500 3792 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:39:03:640 3792 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:39:04:031 3792 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:39:04:531 3792 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:39:04:890 3792 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:39:04:984 3792 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:39:05:078 3792 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:39:05:281 3792 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:39:05:484 3792 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:39:05:625 3792 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
09:39:06:015 3792 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100714.002\naveng.sys
09:39:06:453 3792 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100714.002\navex15.sys
09:39:06:578 3792 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:39:06:593 3792 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:39:06:609 3792 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:39:06:640 3792 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:39:06:859 3792 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
09:39:07:281 3792 NEOFLTR_600_13487 (e42ebf219cc8781d439690bdf430182a) C:\WINDOWS\system32\Drivers\NEOFLTR_600_13487.SYS
09:39:07:421 3792 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:39:07:562 3792 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:39:07:640 3792 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:39:07:812 3792 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:39:08:218 3792 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:39:08:718 3792 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:39:09:046 3792 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:39:09:156 3792 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:39:09:312 3792 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
09:39:09:468 3792 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:39:09:546 3792 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:39:09:828 3792 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:39:09:968 3792 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\drivers\tsk35.tmp
09:39:10:406 3792 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:39:10:546 3792 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:39:10:671 3792 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys
09:39:11:156 3792 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
09:39:11:218 3792 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:39:11:375 3792 PortlUSB (895dbe112ef6435dda75c8c9698e400b) C:\WINDOWS\system32\DRIVERS\H10USB.sys
09:39:11:515 3792 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:39:11:625 3792 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:39:11:937 3792 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:39:12:046 3792 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:39:12:203 3792 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:39:12:343 3792 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:39:12:531 3792 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:39:12:703 3792 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:39:12:843 3792 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:39:13:015 3792 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:39:13:125 3792 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:39:13:359 3792 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:39:13:437 3792 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:39:13:562 3792 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:39:13:687 3792 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:39:13:859 3792 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:39:14:265 3792 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
09:39:14:406 3792 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:39:14:625 3792 SAVRT (2861c841b03def48402e63277d9cac22) C:\Program Files\Symantec AntiVirus\savrt.sys
09:39:14:921 3792 SAVRTPEL (54484c13e4d9b268c66d59e9ccb570e6) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
09:39:15:000 3792 SCR3XX2K (b442a2470197b3feb38beddae9de9268) C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys
09:39:15:078 3792 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:39:15:187 3792 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
09:39:15:328 3792 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:39:15:437 3792 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:39:15:609 3792 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:39:15:671 3792 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:39:15:703 3792 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
09:39:15:921 3792 sonypvd2 (4101a5a53d93a7c6d059e630992b9149) C:\WINDOWS\system32\DRIVERS\sonypvd2.sys
09:39:16:000 3792 sonypvf2 (8984edfa4e4aae45892a2ba7929b360d) C:\WINDOWS\system32\drivers\sonypvf2.sys
09:39:16:015 3792 sonypvl2 (ec7de9b70ca3218803b4b38d62e7dc39) C:\WINDOWS\system32\drivers\sonypvl2.sys
09:39:16:031 3792 sonypvt2 (bf00283a4c71aae7b46c32a264cea22b) C:\WINDOWS\system32\drivers\sonypvt2.sys
09:39:16:093 3792 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:39:16:343 3792 SPBBCDrv (60053e9c1fc4f6887c296c19cb825244) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
09:39:16:406 3792 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:39:16:437 3792 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:39:16:468 3792 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
09:39:16:531 3792 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:39:16:593 3792 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:39:16:625 3792 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
09:39:16:640 3792 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:39:16:687 3792 SymEvent (c5eafb6a8c73fb26b73ee613c1a5aef6) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
09:39:16:734 3792 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
09:39:16:968 3792 SYMREDRV (5f9055055dc4900f74fb690b61448be4) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
09:39:16:984 3792 SYMTDI (5561a9d2d1b6529a95cbbffaed7791c1) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
09:39:17:031 3792 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:39:17:046 3792 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:39:17:078 3792 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:39:17:156 3792 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:39:17:203 3792 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:39:17:265 3792 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:39:17:328 3792 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:39:17:343 3792 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
09:39:17:406 3792 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:39:17:453 3792 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
09:39:17:703 3792 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:39:17:765 3792 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
09:39:17:812 3792 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:39:17:828 3792 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:39:17:859 3792 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:39:17:890 3792 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:39:17:953 3792 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:39:18:015 3792 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:39:18:062 3792 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:39:18:125 3792 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:39:18:328 3792 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:39:18:359 3792 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
09:39:18:390 3792 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:39:18:468 3792 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
09:39:18:515 3792 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:39:18:562 3792 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:39:18:609 3792 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:39:18:625 3792 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:39:18:687 3792 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:39:18:703 3792 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:39:18:718 3792
09:39:18:718 3792 Completed
09:39:18:718 3792
09:39:18:718 3792 Results:
09:39:18:718 3792 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
09:39:18:718 3792 File objects infected / cured / cured on reboot: 0 / 0 / 0
09:39:18:718 3792
09:39:18:718 3792 KLMD(ARK) unloaded successfully

I can access the windows update page but once I click to download the updates I get a message "The website has encountered a problem and cannot display the page you are trying to view." This happens if I go through the Help center via Start on the computer as well.

I'm also still getting periodic redirects of Internet Explorer. its not happening as frequently but there is still a bug somewhere. Spybot and Malwarebytes are not detecting anything.

Time for combofix:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Also make sure to allow it to install the recovery console.

Please include the C:\ComboFix.txt in your next reply for further review.

below is the log. after running this I was able to download Windows updates and access the site without any problems.


ComboFix 10-07-16.01 - Jonathan 07/17/2010 16:52:12.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3574.3044 [GMT -4:00]
Running from: c:\documents and settings\Jonathan\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\data
c:\documents and settings\All Users\Application Data\459a768
c:\documents and settings\All Users\Application Data\459a768\84.mof
c:\documents and settings\All Users\Application Data\459a768\BackUp\Digital Line Detect.lnk
c:\documents and settings\All Users\Application Data\459a768\BackUp\JHSecure VPN Client.lnk
c:\documents and settings\All Users\Application Data\459a768\BackUp\Kodak EasyShare software.lnk
c:\documents and settings\All Users\Application Data\459a768\BackUp\NkbMonitor.exe.lnk
c:\documents and settings\All Users\Application Data\459a768\BackUp\Wireless USB 2.0 WLAN Card Utility.lnk
c:\documents and settings\All Users\Application Data\459a768\MSE.ico
c:\documents and settings\All Users\Application Data\459a768\MSESys\vd952342.bd
c:\documents and settings\Jonathan\g2mdlhlpx.exe
c:\documents and settings\Regina\Local Settings\Temporary Internet Files\BL_H10.rom
c:\documents and settings\Regina\Local Settings\Temporary Internet Files\bootloader.inf
c:\documents and settings\Regina\Local Settings\Temporary Internet Files\firmware.inf
c:\documents and settings\Regina\Local Settings\Temporary Internet Files\history(firmware).txt
c:\documents and settings\Regina\Local Settings\Temporary Internet Files\history(plus).txt
c:\documents and settings\Regina\Local Settings\Temporary Internet Files\Plus1_0.mdb
c:\documents and settings\Regina\Local Settings\Temporary Internet Files\update.inf

.
((((((((((((((((((((((((( Files Created from 2010-06-17 to 2010-07-17 )))))))))))))))))))))))))))))))
.

2010-07-17 21:07 . 2010-07-17 21:07 -------- d-----w- c:\windows\LastGood
2010-07-15 16:50 . 2010-07-15 16:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-15 13:08 . 2010-07-15 13:08 -------- d-----w- c:\documents and settings\Jonathan\Application Data\PeaZip
2010-07-15 13:08 . 2010-07-15 13:08 -------- d-----w- c:\program files\PeaZip
2010-07-05 17:27 . 2010-07-05 17:27 293376 ----a-w- C:\7fuz0599.exe
2010-07-05 02:37 . 2010-07-05 02:37 -------- d-----w- c:\program files\Sun
2010-07-05 02:36 . 2010-07-05 02:36 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-04 17:10 . 2010-07-04 17:10 -------- d-----w- c:\program files\ERUNT
2010-07-02 23:25 . 2010-07-02 23:25 -------- d-----w- c:\program files\Trend Micro
2010-07-02 23:17 . 2010-07-02 23:17 -------- d-----w- c:\documents and settings\Jonathan\Local Settings\Application Data\Threat Expert
2010-07-02 22:59 . 2010-07-15 12:38 767928 ----a-w- c:\windows\BDTSupport.dll
2010-07-02 22:59 . 2010-07-15 01:51 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-07-02 22:59 . 2010-07-15 01:51 1435600 ----a-w- c:\windows\PCTBDCore.dll
2010-07-02 22:59 . 2010-06-23 04:01 192 ----a-w- c:\windows\UDB.zip
2010-07-02 22:59 . 2008-11-26 15:08 131 ----a-w- c:\windows\IDB.zip
2010-07-02 22:59 . 2010-07-15 01:51 264144 ----a-w- c:\windows\PCTBDRes.dll
2010-07-02 22:58 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-02 22:58 . 2010-03-29 14:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-02 22:58 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-02 22:57 . 2010-04-08 18:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-02 22:57 . 2010-07-02 23:00 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-30 03:17 . 2010-06-30 03:17 -------- d-----w- C:\c3b08df3689e6543c69b76d6
2010-06-30 03:00 . 2010-07-01 02:56 -------- d-----w- c:\documents and settings\Jonathan\Local Settings\Application Data\hrjamelec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-17 21:01 . 2008-02-06 20:48 -------- d-----w- c:\program files\Spyware Doctor
2010-07-17 20:56 . 2009-02-15 21:43 -------- d-----w- c:\program files\Symantec AntiVirus
2010-07-17 20:51 . 2008-02-06 20:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-17 14:09 . 2006-08-04 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-17 13:35 . 2010-07-17 13:35 68224 ----a-w- c:\windows\system32\drivers\tsk35.tmp
2010-07-17 13:11 . 2010-06-01 10:57 5645311 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-07-05 02:34 . 2006-07-29 13:13 -------- d-----w- c:\program files\Java
2010-07-01 02:55 . 2010-07-01 03:01 1584128 ----a-w- c:\windows\Internet Logs\xDB14.tmp
2010-07-01 02:55 . 2010-07-01 02:55 8704 ----a-w- c:\windows\Internet Logs\xDBB7B.tmp
2010-07-01 02:55 . 2010-07-01 02:55 8192 ----a-w- c:\windows\Internet Logs\xDBB79.tmp
2010-07-01 02:55 . 2010-07-01 02:55 1584128 ----a-w- c:\windows\Internet Logs\xDBB7A.tmp
2010-07-01 02:55 . 2010-07-01 02:55 8704 ----a-w- c:\windows\Internet Logs\xDBB78.tmp
2010-07-01 02:55 . 2010-07-01 02:55 8192 ----a-w- c:\windows\Internet Logs\xDBB77.tmp
2010-07-01 02:55 . 2010-07-01 02:55 1584128 ----a-w- c:\windows\Internet Logs\xDBB76.tmp
2010-07-01 02:55 . 2010-07-01 02:55 8704 ----a-w- c:\windows\Internet Logs\xDBB75.tmp
2010-07-01 02:55 . 2010-07-01 02:55 8192 ----a-w- c:\windows\Internet Logs\xDBB73.tmp
2010-07-01 02:55 . 2010-07-01 02:55 1584128 ----a-w- c:\windows\Internet Logs\xDBB74.tmp
2010-07-01 02:55 . 2010-07-01 02:55 8704 ----a-w- c:\windows\Internet Logs\xDBB72.tmp
2010-07-01 02:53 . 2010-07-01 02:55 8192 ----a-w- c:\windows\Internet Logs\xDBB71.tmp
2010-07-01 02:53 . 2010-07-01 02:53 1584128 ----a-w- c:\windows\Internet Logs\xDBB70.tmp
2010-07-01 02:53 . 2010-07-01 02:53 8704 ----a-w- c:\windows\Internet Logs\xDBB6F.tmp
2010-07-01 02:53 . 2010-07-01 02:53 1584128 ----a-w- c:\windows\Internet Logs\xDBB6E.tmp
2010-07-01 02:53 . 2010-07-01 02:53 8192 ----a-w- c:\windows\Internet Logs\xDBB6D.tmp
2010-07-01 02:53 . 2010-07-01 02:53 8704 ----a-w- c:\windows\Internet Logs\xDBB6B.tmp
2010-07-01 02:53 . 2010-07-01 02:53 1584128 ----a-w- c:\windows\Internet Logs\xDBB6C.tmp
2010-07-01 02:53 . 2010-07-01 02:53 8192 ----a-w- c:\windows\Internet Logs\xDBB69.tmp
2010-07-01 02:53 . 2010-07-01 02:53 1584128 ----a-w- c:\windows\Internet Logs\xDBB6A.tmp
2010-07-01 02:53 . 2010-07-01 02:53 8704 ----a-w- c:\windows\Internet Logs\xDBB68.tmp
2010-07-01 02:51 . 2010-07-01 02:51 1584128 ----a-w- c:\windows\Internet Logs\xDBB32.tmp
2010-07-01 02:50 . 2010-07-01 02:50 8192 ----a-w- c:\windows\Internet Logs\xDBB05.tmp
2010-07-01 02:49 . 2010-07-01 02:49 8704 ----a-w- c:\windows\Internet Logs\xDBAF3.tmp
2010-07-01 02:49 . 2010-07-01 02:49 1584128 ----a-w- c:\windows\Internet Logs\xDBAF4.tmp
2010-07-01 02:49 . 2010-07-01 02:49 8192 ----a-w- c:\windows\Internet Logs\xDBAF1.tmp
2010-07-01 02:49 . 2010-07-01 02:49 1584128 ----a-w- c:\windows\Internet Logs\xDBAF2.tmp
2010-07-01 02:49 . 2010-07-01 02:49 8704 ----a-w- c:\windows\Internet Logs\xDBAEF.tmp
2010-07-01 02:49 . 2010-07-01 02:49 1584128 ----a-w- c:\windows\Internet Logs\xDBAF0.tmp
2010-07-01 02:49 . 2010-07-01 02:49 8192 ----a-w- c:\windows\Internet Logs\xDBAED.tmp
2010-07-01 02:49 . 2010-07-01 02:49 1584128 ----a-w- c:\windows\Internet Logs\xDBAEE.tmp
2010-07-01 02:49 . 2010-07-01 02:49 8704 ----a-w- c:\windows\Internet Logs\xDBAEC.tmp
2010-07-01 02:48 . 2010-07-01 02:49 8192 ----a-w- c:\windows\Internet Logs\xDBAEA.tmp
2010-07-01 02:48 . 2010-07-01 02:49 1584128 ----a-w- c:\windows\Internet Logs\xDBAEB.tmp
2010-07-01 02:48 . 2010-07-01 02:48 8704 ----a-w- c:\windows\Internet Logs\xDBAE9.tmp
2010-07-01 02:48 . 2010-07-01 02:48 8192 ----a-w- c:\windows\Internet Logs\xDBAE8.tmp
2010-07-01 02:48 . 2010-07-01 02:48 24064 ----a-w- c:\windows\Internet Logs\xDBAE7.tmp
2010-06-29 21:26 . 2010-05-25 11:59 439816 ----a-w- c:\documents and settings\Jonathan\Application Data\Real\Update\setup3.10\setup.exe
2010-06-19 01:52 . 2007-12-08 23:19 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2010-06-19 01:52 . 2007-12-08 23:17 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2010-06-05 13:53 . 2007-09-24 01:47 -------- d-----w- c:\documents and settings\Jonathan\Application Data\Apple Computer
2010-05-31 23:45 . 2010-05-31 23:45 503808 ----a-w- c:\documents and settings\Jonathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3efb2bd1-n\msvcp71.dll
2010-05-31 23:45 . 2010-05-31 23:45 499712 ----a-w- c:\documents and settings\Jonathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3efb2bd1-n\jmc.dll
2010-05-31 23:45 . 2010-05-31 23:45 348160 ----a-w- c:\documents and settings\Jonathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3efb2bd1-n\msvcr71.dll
2010-05-31 23:45 . 2010-05-31 23:45 61440 ----a-w- c:\documents and settings\Jonathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2b8a1184-n\decora-sse.dll
2010-05-31 23:45 . 2010-05-31 23:45 12800 ----a-w- c:\documents and settings\Jonathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2b8a1184-n\decora-d3d.dll
2010-05-27 11:08 . 2010-05-27 11:08 49674 ----a-w- c:\windows\Internet Logs\GLB40_2nd_2010_05_27_00_01_01.dmp.zip
2010-05-27 11:08 . 2010-05-27 11:08 49307 ----a-w- c:\windows\Internet Logs\GLB39_2nd_2010_05_26_23_59_44.dmp.zip
2010-05-27 11:08 . 2010-05-27 11:08 49226 ----a-w- c:\windows\Internet Logs\GLB32_2nd_2010_05_26_23_59_31.dmp.zip
2010-05-27 03:49 . 2009-02-15 18:34 -------- d-----w- c:\program files\AVG
2010-05-27 03:47 . 2010-05-27 03:47 -------- d-----w- c:\documents and settings\Jonathan\Application Data\CheckPoint
2010-05-27 03:46 . 2009-02-15 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-27 03:45 . 2010-05-27 03:45 -------- d-----w- c:\program files\CheckPoint
2010-05-27 03:45 . 2010-05-27 03:45 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-05-27 02:59 . 2006-08-04 20:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-27 02:11 . 2010-05-27 02:11 -------- d-----w- c:\documents and settings\Regina\Application Data\Malwarebytes
2010-05-27 02:06 . 2010-05-27 02:06 -------- d-----w- c:\documents and settings\Regina\Application Data\Apple Computer
2010-05-23 18:43 . 2010-05-23 18:43 -------- d-----w- c:\documents and settings\Jonathan\Application Data\Malwarebytes
2010-05-23 18:42 . 2010-05-23 18:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-23 18:42 . 2010-05-23 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-23 18:09 . 2010-05-23 18:09 -------- d-sh--w- c:\documents and settings\All Users\Application Data\MSCTSQE
2010-05-20 22:10 . 2010-05-27 03:45 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-05-20 22:10 . 2010-05-27 03:45 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-05-20 22:10 . 2010-05-27 03:45 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-05-06 10:41 . 2004-08-11 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-11 21:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-05-23 18:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-05-23 18:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-22 13:59 . 2010-04-22 13:59 37230 ----a-w- c:\documents and settings\Jonathan\Application Data\Juniper Networks\Juniper Terminal Services Client\uninstall.exe
2010-04-20 05:30 . 2004-08-11 21:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DLPSP"="c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2005-01-13 126976]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-06-24 53096]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2008-09-30 125368]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-09 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-20 1043968]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-05-11 1287120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Jonathan\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-29 24576]
JHSecure VPN Client.lnk - c:\program files\JHSecure\VPN Client\vpngui.exe [2006-8-9 1524776]
Kodak EasyShare software.lnk - c:\program files\KODAK\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-12-8 118784]
Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe [2006-7-29 921704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2005-12-23 00:08 450646 ----a-w- c:\windows\system32\PRISMAPI.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Jonathan\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

R0 IABFilt;Iomega Snapshot Volume Filter;c:\windows\system32\drivers\IABFilt.sys [8/29/2006 5:41 PM 25344]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/2/2010 6:58 PM 218592]
R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [8/4/2006 10:22 PM 19478]
R1 NEOFLTR_600_13487;Juniper Networks TDI Filter Driver (NEOFLTR_600_13487);c:\windows\system32\drivers\NEOFLTR_600_13487.sys [8/13/2008 9:50 PM 64160]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [8/4/2006 10:22 PM 634798]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [8/4/2006 10:22 PM 430670]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [7/2/2010 6:59 PM 198608]
R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [8/4/2006 4:26 PM 135168]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [7/29/2006 9:15 AM 61526]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/2/2010 6:57 PM 366840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [5/31/2010 5:47 PM 102448]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [8/4/2006 10:22 PM 64093]
S2 gupdate1c99473f33209e4;Google Update Service (gupdate1c99473f33209e4);c:\program files\Google\Update\GoogleUpdate.exe [2/21/2009 6:30 PM 133104]
S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\H10USB.sys [6/24/2004 12:52 AM 7552]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/30/2008 6:41 PM 116664]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [10/17/2007 11:11 PM 56448]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 22:30]

2010-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 22:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
HKU-Default-RunOnce-RealUpgradeHelper - c:\program files\real\realplayer\converter\Update\upgrdhlp.exe
AddRemove-Adobe AIR - c:\program files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe
AddRemove-com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 - c:\program files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Jonathan\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-17 17:11
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\drivers\tsk35.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1543065676-3932340502-659597284-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1262AABE-8920-20ED-9D31-DE48F6154571}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iapmcfgagifgmahbhp"=hex:6b,61,6c,6e,66,65,63,68,69,62,61,6e,63,6d,61,70,63,6d,
6b,67,6b,61,00,00
"hajmeeajenlkocii"=hex:6b,61,6c,6e,66,65,63,68,69,62,61,6e,63,6d,61,70,63,6d,
6b,67,6b,61,00,00

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1348)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2010-07-17 17:16:05
ComboFix-quarantined-files.txt 2010-07-17 21:15

Pre-Run: 81,485,410,304 bytes free
Post-Run: 82,009,362,432 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 9B1EC30A748B5DE69918EC44757366B3

1. Open Notepad

2. Now copy/paste the entire content of the codebox below into the Notepad window:



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new DDS log. Just DDS.txt. .

ComboFix 10-07-21.01 - Jonathan 07/21/2010 18:24:33.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3574.2630 [GMT -4:00]
Running from: c:\documents and settings\Jonathan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jonathan\My Documents\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jonathan\Local Settings\Application Data\hrjamelec

.
((((((((((((((((((((((((( Files Created from 2010-06-21 to 2010-07-21 )))))))))))))))))))))))))))))))
.

2010-07-17 21:19 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-15 16:50 . 2010-07-15 16:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-15 13:08 . 2010-07-15 13:08 -------- d-----w- c:\documents and settings\Jonathan\Application Data\PeaZip
2010-07-15 13:08 . 2010-07-15 13:08 -------- d-----w- c:\program files\PeaZip
2010-07-05 17:27 . 2010-07-05 17:27 293376 ----a-w- C:\7fuz0599.exe
2010-07-05 02:37 . 2010-07-05 02:37 -------- d-----w- c:\program files\Sun
2010-07-05 02:36 . 2010-07-05 02:36 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-04 17:10 . 2010-07-04 17:10 -------- d-----w- c:\program files\ERUNT
2010-07-02 23:25 . 2010-07-02 23:25 -------- d-----w- c:\program files\Trend Micro
2010-07-02 23:17 . 2010-07-02 23:17 -------- d-----w- c:\documents and settings\Jonathan\Local Settings\Application Data\Threat Expert
2010-07-02 22:59 . 2010-07-15 01:51 1435600 ----a-w- c:\windows\PCTBDCore.dll
2010-07-02 22:57 . 2010-07-21 12:05 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-30 03:17 . 2010-06-30 03:17 -------- d-----w- C:\c3b08df3689e6543c69b76d6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-21 22:18 . 2009-02-15 21:43 -------- d-----w- c:\program files\Symantec AntiVirus
2010-07-21 12:05 . 2008-02-06 20:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-21 12:05 . 2008-02-06 20:48 -------- d-----w- c:\program files\Spyware Doctor
2010-07-17 23:57 . 2006-08-04 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-17 13:35 . 2010-07-17 13:35 68224 ----a-w- c:\windows\system32\drivers\tsk35.tmp
2010-07-17 13:11 . 2010-06-01 10:57 5645311 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-07-05 02:34 . 2006-07-29 13:13 -------- d-----w- c:\program files\Java
2010-07-01 02:55 . 2010-07-01 03:01 1584128 ----a-w- c:\windows\Internet Logs\xDB14.tmp
2010-07-01 02:55 . 2010-07-01 02:55 8704 ----a-w- c:\windows\Internet Logs\xDBB7B.tmp
2010-07-01 02:55 . 2010-07-01 02:55 8192 ----a-w- c:\windows\Internet Logs\xDBB79.tmp
2010-07-01 02:55 . 2010-07-01 02:55 1584128 ----a-w- c:\windows\Internet Logs\xDBB7A.tmp
2010-07-01 02:55 . 2010-07-01 02:55 8704 ----a-w- c:\windows\Internet Logs\xDBB78.tmp
2010-07-01 02:55 . 2010-07-01 02:55 8192 ----a-w- c:\windows\Internet Logs\xDBB77.tmp
2010-07-01 02:55 . 2010-07-01 02:55 1584128 ----a-w- c:\windows\Internet Logs\xDBB76.tmp
2010-07-01 02:55 . 2010-07-01 02:55 8704 ----a-w- c:\windows\Internet Logs\xDBB75.tmp
2010-07-01 02:55 . 2010-07-01 02:55 8192 ----a-w- c:\windows\Internet Logs\xDBB73.tmp
2010-07-01 02:55 . 2010-07-01 02:55 1584128 ----a-w- c:\windows\Internet Logs\xDBB74.tmp
2010-07-01 02:55 . 2010-07-01 02:55 8704 ----a-w- c:\windows\Internet Logs\xDBB72.tmp
2010-07-01 02:53 . 2010-07-01 02:55 8192 ----a-w- c:\windows\Internet Logs\xDBB71.tmp
2010-07-01 02:53 . 2010-07-01 02:53 1584128 ----a-w- c:\windows\Internet Logs\xDBB70.tmp
2010-07-01 02:53 . 2010-07-01 02:53 8704 ----a-w- c:\windows\Internet Logs\xDBB6F.tmp
2010-07-01 02:53 . 2010-07-01 02:53 1584128 ----a-w- c:\windows\Internet Logs\xDBB6E.tmp
2010-07-01 02:53 . 2010-07-01 02:53 8192 ----a-w- c:\windows\Internet Logs\xDBB6D.tmp
2010-07-01 02:53 . 2010-07-01 02:53 8704 ----a-w- c:\windows\Internet Logs\xDBB6B.tmp
2010-07-01 02:53 . 2010-07-01 02:53 1584128 ----a-w- c:\windows\Internet Logs\xDBB6C.tmp
2010-07-01 02:53 . 2010-07-01 02:53 8192 ----a-w- c:\windows\Internet Logs\xDBB69.tmp
2010-07-01 02:53 . 2010-07-01 02:53 1584128 ----a-w- c:\windows\Internet Logs\xDBB6A.tmp
2010-07-01 02:53 . 2010-07-01 02:53 8704 ----a-w- c:\windows\Internet Logs\xDBB68.tmp
2010-07-01 02:51 . 2010-07-01 02:51 1584128 ----a-w- c:\windows\Internet Logs\xDBB32.tmp
2010-07-01 02:50 . 2010-07-01 02:50 8192 ----a-w- c:\windows\Internet Logs\xDBB05.tmp
2010-07-01 02:49 . 2010-07-01 02:49 8704 ----a-w- c:\windows\Internet Logs\xDBAF3.tmp
2010-07-01 02:49 . 2010-07-01 02:49 1584128 ----a-w- c:\windows\Internet Logs\xDBAF4.tmp
2010-07-01 02:49 . 2010-07-01 02:49 8192 ----a-w- c:\windows\Internet Logs\xDBAF1.tmp
2010-07-01 02:49 . 2010-07-01 02:49 1584128 ----a-w- c:\windows\Internet Logs\xDBAF2.tmp
2010-07-01 02:49 . 2010-07-01 02:49 8704 ----a-w- c:\windows\Internet Logs\xDBAEF.tmp
2010-07-01 02:49 . 2010-07-01 02:49 1584128 ----a-w- c:\windows\Internet Logs\xDBAF0.tmp
2010-07-01 02:49 . 2010-07-01 02:49 8192 ----a-w- c:\windows\Internet Logs\xDBAED.tmp
2010-07-01 02:49 . 2010-07-01 02:49 1584128 ----a-w- c:\windows\Internet Logs\xDBAEE.tmp
2010-07-01 02:49 . 2010-07-01 02:49 8704 ----a-w- c:\windows\Internet Logs\xDBAEC.tmp
2010-07-01 02:48 . 2010-07-01 02:49 8192 ----a-w- c:\windows\Internet Logs\xDBAEA.tmp
2010-07-01 02:48 . 2010-07-01 02:49 1584128 ----a-w- c:\windows\Internet Logs\xDBAEB.tmp
2010-07-01 02:48 . 2010-07-01 02:48 8704 ----a-w- c:\windows\Internet Logs\xDBAE9.tmp
2010-07-01 02:48 . 2010-07-01 02:48 8192 ----a-w- c:\windows\Internet Logs\xDBAE8.tmp
2010-07-01 02:48 . 2010-07-01 02:48 24064 ----a-w- c:\windows\Internet Logs\xDBAE7.tmp
2010-06-29 21:26 . 2010-05-25 11:59 439816 ----a-w- c:\documents and settings\Jonathan\Application Data\Real\Update\setup3.10\setup.exe
2010-06-19 01:52 . 2007-12-08 23:19 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2010-06-19 01:52 . 2007-12-08 23:17 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2010-06-14 14:31 . 2004-08-11 21:12 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-05 13:53 . 2007-09-24 01:47 -------- d-----w- c:\documents and settings\Jonathan\Application Data\Apple Computer
2010-05-31 23:45 . 2010-05-31 23:45 503808 ----a-w- c:\documents and settings\Jonathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3efb2bd1-n\msvcp71.dll
2010-05-31 23:45 . 2010-05-31 23:45 499712 ----a-w- c:\documents and settings\Jonathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3efb2bd1-n\jmc.dll
2010-05-31 23:45 . 2010-05-31 23:45 348160 ----a-w- c:\documents and settings\Jonathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3efb2bd1-n\msvcr71.dll
2010-05-31 23:45 . 2010-05-31 23:45 61440 ----a-w- c:\documents and settings\Jonathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2b8a1184-n\decora-sse.dll
2010-05-31 23:45 . 2010-05-31 23:45 12800 ----a-w- c:\documents and settings\Jonathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2b8a1184-n\decora-d3d.dll
2010-05-27 11:08 . 2010-05-27 11:08 49674 ----a-w- c:\windows\Internet Logs\GLB40_2nd_2010_05_27_00_01_01.dmp.zip
2010-05-27 11:08 . 2010-05-27 11:08 49307 ----a-w- c:\windows\Internet Logs\GLB39_2nd_2010_05_26_23_59_44.dmp.zip
2010-05-27 11:08 . 2010-05-27 11:08 49226 ----a-w- c:\windows\Internet Logs\GLB32_2nd_2010_05_26_23_59_31.dmp.zip
2010-05-27 03:49 . 2009-02-15 18:34 -------- d-----w- c:\program files\AVG
2010-05-27 03:47 . 2010-05-27 03:47 -------- d-----w- c:\documents and settings\Jonathan\Application Data\CheckPoint
2010-05-27 03:46 . 2009-02-15 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-27 03:45 . 2010-05-27 03:45 -------- d-----w- c:\program files\CheckPoint
2010-05-27 03:45 . 2010-05-27 03:45 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-05-27 02:59 . 2006-08-04 20:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-27 02:11 . 2010-05-27 02:11 -------- d-----w- c:\documents and settings\Regina\Application Data\Malwarebytes
2010-05-27 02:06 . 2010-05-27 02:06 -------- d-----w- c:\documents and settings\Regina\Application Data\Apple Computer
2010-05-23 18:43 . 2010-05-23 18:43 -------- d-----w- c:\documents and settings\Jonathan\Application Data\Malwarebytes
2010-05-23 18:42 . 2010-05-23 18:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-23 18:42 . 2010-05-23 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-23 18:09 . 2010-05-23 18:09 -------- d-sh--w- c:\documents and settings\All Users\Application Data\MSCTSQE
2010-05-20 22:10 . 2010-05-27 03:45 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-05-20 22:10 . 2010-05-27 03:45 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-05-20 22:10 . 2010-05-27 03:45 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-05-06 10:41 . 2004-08-11 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-11 21:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-05-23 18:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-05-23 18:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-07-17_21.11.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-21 11:36 . 2010-07-21 11:36 16384 c:\windows\Temp\Perflib_Perfdata_88.dat
+ 2004-08-04 03:07 . 2008-04-13 17:36 68224 c:\windows\system32\drivers\pci.sys
- 2004-08-04 03:07 . 2008-04-13 18:36 68224 c:\windows\system32\drivers\pci.sys
+ 2004-08-04 03:07 . 2008-04-13 17:36 68224 c:\windows\system32\dllcache\pci.sys
+ 2010-07-21 11:40 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-21-2010\ERDNT.EXE
+ 2010-07-20 00:36 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-19-2010\ERDNT.EXE
+ 2010-07-18 12:25 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-18-2010\ERDNT.EXE
+ 2010-07-21 11:39 . 2010-07-21 11:39 3395584 c:\windows\ERDNT\AutoBackup\7-21-2010\Users\00000002\UsrClass.dat
+ 2010-07-21 11:39 . 2010-07-21 11:39 9318400 c:\windows\ERDNT\AutoBackup\7-21-2010\Users\00000001\NTUSER.DAT
+ 2010-07-20 00:36 . 2010-07-20 00:36 3395584 c:\windows\ERDNT\AutoBackup\7-19-2010\Users\00000002\UsrClass.dat
+ 2010-07-20 00:36 . 2010-07-20 00:36 9318400 c:\windows\ERDNT\AutoBackup\7-19-2010\Users\00000001\NTUSER.DAT
+ 2010-07-18 12:25 . 2010-07-18 12:25 3395584 c:\windows\ERDNT\AutoBackup\7-18-2010\Users\00000002\UsrClass.dat
+ 2010-07-18 12:25 . 2010-07-18 12:25 9318400 c:\windows\ERDNT\AutoBackup\7-18-2010\Users\00000001\NTUSER.DAT
+ 2006-08-23 12:59 . 2010-07-02 19:39 34045896 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DLPSP"="c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2005-01-13 126976]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-06-24 53096]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2008-09-30 125368]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-09 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-20 1043968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Jonathan\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-29 24576]
JHSecure VPN Client.lnk - c:\program files\JHSecure\VPN Client\vpngui.exe [2006-8-9 1524776]
Kodak EasyShare software.lnk - c:\program files\KODAK\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-12-8 118784]
Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe [2006-7-29 921704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2005-12-23 00:08 450646 ----a-w- c:\windows\system32\PRISMAPI.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Jonathan\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

R0 IABFilt;Iomega Snapshot Volume Filter;c:\windows\system32\drivers\IABFilt.sys [8/29/2006 5:41 PM 25344]
R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [8/4/2006 10:22 PM 19478]
R1 NEOFLTR_600_13487;Juniper Networks TDI Filter Driver (NEOFLTR_600_13487);c:\windows\system32\drivers\NEOFLTR_600_13487.sys [8/13/2008 9:50 PM 64160]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [8/4/2006 10:22 PM 634798]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [8/4/2006 10:22 PM 430670]
R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [8/4/2006 4:26 PM 135168]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [7/29/2006 9:15 AM 61526]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [5/31/2010 5:47 PM 102448]
R4 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys --> c:\windows\system32\drivers\PCTCore.sys [?]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [8/4/2006 10:22 PM 64093]
S2 gupdate1c99473f33209e4;Google Update Service (gupdate1c99473f33209e4);c:\program files\Google\Update\GoogleUpdate.exe [2/21/2009 6:30 PM 133104]
S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\H10USB.sys [6/24/2004 12:52 AM 7552]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/30/2008 6:41 PM 116664]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [10/17/2007 11:11 PM 56448]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 22:30]

2010-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 22:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-21 18:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\drivers\tsk35.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1292)
c:\windows\system32\PRISMAPI.DLL
c:\windows\system32\igfxdev.dll

- - - - - - - > 'lsass.exe'(1348)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(4668)
c:\windows\system32\WININET.dll
c:\program files\Spyware Doctor\pctgmhk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-21 18:37:21
ComboFix-quarantined-files.txt 2010-07-21 22:37
ComboFix2.txt 2010-07-17 21:16

Pre-Run: 76,570,664,960 bytes free
Post-Run: 80,698,310,656 bytes free

- - End Of File - - D9E15256B3C1D27A8116C8444039E85C

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:37 PM, on 7/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\JHSecure\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: JHSecure VPN Client.lnk = C:\Program Files\JHSecure\VPN Client\vpngui.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1278412954625
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader57.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://dcconnect.rand.org/dana-cached/setup/JuniperSetupSP1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\JHSecure\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c99473f33209e4) (gupdate1c99473f33209e4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13896 bytes

Before moving on with the fix I would like you to check something.

Start Notepad and copy/paste in the following code:
Save as filename look.bat to your desktop, choose to save as type "All Files". Click OK.

Double click on " look.bat " and copy/paste the log that pops up into your next reply.

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\Select]
"Current"=dword:00000001
"Default"=dword:00000001
"Failed"=dword:00000000
"LastKnownGood"=dword:00000002

Some more investigating to do before we make any changes. This could be tricky to remove if we need to.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  Code:

  :filefind 
  pci.sys

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

+++++++++++++++++++

Please go to http://www.virustotal.com/en/indexf.html
click on Browse, and upload the following file for analysis:

C:\WINDOWS\SYSTEM32\DRIVERS\tsk35.tmp

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see. Or you can copy the link to the VT results page if that is easier.

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 09:29 on 23/07/2010 by Jonathan (Administrator - Elevation successful)

========== filefind ==========

Searching for "pci.sys"
C:\i386\pci.sys --a--- 68224 bytes [11:45 08/08/2006] [03:07 04/08/2004] 8086D9979234B603AD5BC2F5D890B234
C:\WINDOWS\$NtServicePackUninstall$\pci.sys -----c 68224 bytes [02:20 06/01/2009] [03:07 04/08/2004] 8086D9979234B603AD5BC2F5D890B234
C:\WINDOWS\ServicePackFiles\i386\pci.sys ------ 68224 bytes [01:36 05/09/2008] [18:36 13/04/2008] A219903CCF74233761D92BEF471A07B1
C:\WINDOWS\system32\dllcache\pci.sys --a--- 68224 bytes [03:07 04/08/2004] [17:36 13/04/2008] A219903CCF74233761D92BEF471A07B1
C:\WINDOWS\system32\drivers\pci.sys --a--- 68224 bytes [03:07 04/08/2004] [17:36 13/04/2008] A219903CCF74233761D92BEF471A07B1
C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\pci.sys --a--- 68224 bytes [13:02 29/07/2006] [03:07 04/08/2004] 8086D9979234B603AD5BC2F5D890B234
C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\pci.sys --a--- 68224 bytes [13:02 29/07/2006] [03:07 04/08/2004] 8086D9979234B603AD5BC2F5D890B234
C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\pci.sys --a--- 68224 bytes [13:03 29/07/2006] [03:07 04/08/2004] 8086D9979234B603AD5BC2F5D890B234
C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\pci.sys --a--- 68224 bytes [13:03 29/07/2006] [03:07 04/08/2004] 8086D9979234B603AD5BC2F5D890B234

-=End Of File=-

I hope you can read this. thanks

AhnLab-V3 2010.07.23.01 2010.07.23 -
AntiVir 8.2.4.26 2010.07.23 -
Antiy-AVL 2.0.3.7 2010.07.23 -
Authentium 5.2.0.5 2010.07.21 -
Avast 4.8.1351.0 2010.07.23 -
Avast5 5.0.332.0 2010.07.23 -
AVG 9.0.0.851 2010.07.23 -
BitDefender 7.2 2010.07.23 -
CAT-QuickHeal 11.00 2010.07.23 -
ClamAV 0.96.0.3-git 2010.07.23 -
Comodo 5518 2010.07.23 -
DrWeb 5.0.2.03300 2010.07.23 -
Emsisoft 5.0.0.34 2010.07.23 -
eSafe 7.0.17.0 2010.07.22 -
eTrust-Vet 36.1.7732 2010.07.23 -
F-Prot 4.6.1.107 2010.07.23 -
F-Secure 9.0.15370.0 2010.07.23 -
Fortinet 4.1.143.0 2010.07.23 -
GData 21 2010.07.23 -
Ikarus T3.1.1.84.0 2010.07.23 -
Jiangmin 13.0.900 2010.07.23 -
Kaspersky 7.0.0.125 2010.07.23 -
McAfee 5.400.0.1158 2010.07.23 -
McAfee-GW-Edition 2010.1 2010.07.23 Heuristic.LooksLike.Trojan.Patched.I
Microsoft 1.6004 2010.07.23 -
NOD32 5305 2010.07.23 -
Norman 6.05.11 2010.07.23 -
nProtect 2010-07-23.02 2010.07.23 -
Panda 10.0.2.7 2010.07.23 -
PCTools 7.0.3.5 2010.07.23 -
Prevx 3.0 2010.07.23 -
Rising 22.57.03.08 2010.07.23 -
Sophos 4.55.0 2010.07.23 -
Sunbelt 6624 2010.07.23 -
SUPERAntiSpyware 4.40.0.1006 2010.07.23 -
Symantec 20101.1.1.7 2010.07.23 -
TheHacker 6.5.2.1.324 2010.07.23 -
TrendMicro 9.120.0.1004 2010.07.23 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.23 -
VBA32 3.12.12.6 2010.07.23 -
ViRobot 2010.7.23.3956 2010.07.23 -
VirusBuster 5.0.27.0 2010.07.22 -
Additional information
File size: 68224 bytes
MD5...: a219903ccf74233761d92bef471a07b1
SHA1..: a6fe7ca93616532f0b6305fc6878939830e45fe8
SHA256: d4e6c360a1d2fca4d17c991b834d68bf20f5111dd06b1fab8b22984804cec269
ssdeep: 1536:JsNVZQ0nyDUzrntj2LEGg8gzjQhP/66QqyYF:JsNryDUHtKjgxzjQhX6vqN
F

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xe004
timedatestamp.....: 0x480252bb (Sun Apr 13 18:36:43 2008)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x3e5c 0x3e80 6.55 2ee0bb5703c0492e8a88518fd90e4495
.rdata 0x4180 0x5c4 0x600 5.65 917663f1296bf8e7e5e7c45c7587f383
.data 0x4780 0x650 0x680 3.09 71bff54d87392d25d6c6154ae7db053a
PAGE 0x4e00 0x8532 0x8580 6.54 c04c92f044de5af46c5bb778f700e7c6
INIT 0xd380 0x15e8 0x1600 6.10 bd7074b0f2f6907be00e317f68af2a37
.rsrc 0xe980 0x1788 0x1800 3.47 b18ff957dda881b64c93b1bd70cdfdaa
.reloc 0x10180 0x88c 0x900 6.07 998b4fa0b69100c4007f6ce687f377d8

( 2 imports )
> ntoskrnl.exe: RtlGetNextRange, RtlGetFirstRange, RtlFindRange, ExAllocatePoolWithTag, swprintf, IoGetDmaAdapter, ExFreePoolWithTag, KeBugCheckEx, IofCallDriver, IoBuildSynchronousFsdRequest, KeInitializeEvent, IoGetAttachedDeviceReference, HalDispatchTable, VfFailDeviceNode, PoCallDriver, PoStartNextPowerIrp, IofCompleteRequest, KdEnableDebugger, KdDisableDebugger, ExIsProcessorFeaturePresent, DbgPrint, InitSafeBootMode, IoInvalidateDeviceRelations, IoDeleteDevice, IoDetachDevice, ZwClose, ZwQueryValueKey, IoOpenDeviceRegistryKey, IoAttachDeviceToDeviceStack, IoCreateDevice, HalPrivateDispatchTable, IoAssignResources, RtlxAnsiStringToUnicodeSize, NlsMbCodePageTag, _vsnprintf, RtlAnsiStringToUnicodeString, sprintf, RtlIsRangeAvailable, RtlFindMessage, wcslen, RtlFreeRangeList, ZwEnumerateValueKey, ZwQueryKey, memmove, RtlInitUnicodeString, ZwEnumerateKey, _snwprintf, ZwOpenKey, IoUnregisterPlugPlayNotification, VfFailSystemBIOS, IoRegisterPlugPlayNotification, VfIsVerificationEnabled, PoSetPowerState, PoRequestPowerIrp, IoCancelIrp, IoReleaseCancelSpinLock, KeDelayExecutionThread, KeQueryTimeIncrement, KdPowerTransition, READ_REGISTER_BUFFER_ULONG, READ_REGISTER_BUFFER_UCHAR, _except_handler3, MmUnmapIoSpace, MmMapIoSpace, IoGetDeviceProperty, RtlAddRange, RtlInitializeRangeList, ZwSetValueKey, ZwCreateKey, IoBuildDeviceIoControlRequest, KeTickCount, _aulldiv, KeEnterCriticalRegion, KeWaitForSingleObject, KeSetEvent, KeLeaveCriticalRegion, ObfDereferenceObject, RtlInitAnsiString, ObfReferenceObject, RtlDeleteOwnersRanges, RtlCopyRangeList, _aullrem, RtlDeleteRange, _wcsicmp
> HAL.dll: KeStallExecutionProcessor, KfAcquireSpinLock, KfReleaseSpinLock, KeGetCurrentIrql, HalGetBusDataByOffset, HalTranslateBusAddress, HalAdjustResourceList

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
packers (Kaspersky): PE_Patch
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: NT Plug and Play PCI Enumerator
original name: pci.sys
internal name: pci.sys
file version.: 5.1.2600.5512 (xpsp.080413-2111)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Okay while I'm looking into this and trying to get my head wrapped around it can you run TDSSKiller like you did earlier back here and post the log.

1:23:33:828 2452 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
11:23:33:828 2452 ================================================================================
11:23:33:828 2452 SystemInfo:

11:23:33:828 2452 OS Version: 5.1.2600 ServicePack: 3.0
11:23:33:828 2452 Product type: Workstation
11:23:33:828 2452 ComputerName: OPTIPLEX
11:23:33:828 2452 UserName: Jonathan
11:23:33:828 2452 Windows directory: C:\WINDOWS
11:23:33:828 2452 System windows directory: C:\WINDOWS
11:23:33:828 2452 Processor architecture: Intel x86
11:23:33:828 2452 Number of processors: 2
11:23:33:828 2452 Page size: 0x1000
11:23:33:843 2452 Boot type: Normal boot
11:23:33:843 2452 ================================================================================
11:23:34:031 2452 Initialize success
11:23:34:031 2452
11:23:34:031 2452 Scanning Services ...
11:23:34:515 2452 Raw services enum returned 398 services
11:23:34:531 2452
11:23:34:531 2452 Scanning Drivers ...
11:23:35:343 2452 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:23:35:390 2452 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:23:35:421 2452 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:23:35:468 2452 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:23:35:546 2452 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:23:35:609 2452 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
11:23:35:656 2452 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
11:23:35:718 2452 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
11:23:35:750 2452 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:23:35:765 2452 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:23:35:781 2452 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:23:35:812 2452 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:23:35:828 2452 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:23:35:843 2452 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
11:23:35:859 2452 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:23:35:890 2452 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:23:35:906 2452 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
11:23:35:921 2452 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
11:23:35:937 2452 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:23:35:953 2452 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:23:35:984 2452 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:23:36:000 2452 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:23:36:031 2452 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:23:36:046 2452 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:23:36:093 2452 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:23:36:109 2452 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:23:36:234 2452 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:23:36:250 2452 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:23:36:265 2452 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:23:36:421 2452 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:23:36:453 2452 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:23:36:484 2452 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:23:36:515 2452 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:23:36:515 2452 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:23:36:562 2452 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
11:23:36:609 2452 CVPNDRVA (244b0408e9e20c734c97ce1e783d67ee) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
11:23:36:625 2452 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:23:36:640 2452 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:23:36:687 2452 DELL_A02 (8a87352d9fb9597511c34d0c8c0e7223) C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
11:23:36:703 2452 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:23:36:734 2452 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
11:23:36:750 2452 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
11:23:36:765 2452 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
11:23:36:765 2452 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
11:23:36:781 2452 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
11:23:36:796 2452 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
11:23:36:812 2452 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
11:23:36:828 2452 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
11:23:36:843 2452 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
11:23:36:906 2452 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:23:36:984 2452 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:23:37:000 2452 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:23:37:031 2452 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:23:37:062 2452 DNE (2eddbb3ef1dd5a28cb07c149d36e7286) C:\WINDOWS\system32\DRIVERS\dne2000.sys
11:23:37:093 2452 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:23:37:109 2452 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:23:37:125 2452 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
11:23:37:125 2452 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
11:23:37:156 2452 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:23:37:281 2452 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
11:23:37:296 2452 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:23:37:312 2452 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:23:37:328 2452 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:23:37:375 2452 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:23:37:390 2452 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:23:37:406 2452 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:23:37:437 2452 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:23:37:437 2452 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:23:37:484 2452 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
11:23:37:515 2452 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:23:37:515 2452 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:23:37:531 2452 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
11:23:37:546 2452 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
11:23:37:593 2452 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
11:23:37:640 2452 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:23:37:656 2452 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
11:23:37:671 2452 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:23:37:687 2452 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:23:37:703 2452 IABFilt (cbf75f6257751d1089e7e1dd468168df) C:\WINDOWS\system32\DRIVERS\IABFilt.sys
11:23:37:734 2452 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
11:23:37:765 2452 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:23:37:796 2452 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:23:37:812 2452 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:23:37:843 2452 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:23:37:859 2452 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:23:37:875 2452 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:23:37:890 2452 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:23:37:906 2452 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:23:37:921 2452 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:23:37:937 2452 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:23:37:953 2452 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:23:37:968 2452 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:23:37:968 2452 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:23:38:000 2452 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
11:23:38:046 2452 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:23:38:078 2452 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:23:38:140 2452 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
11:23:38:156 2452 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:23:38:187 2452 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:23:38:203 2452 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:23:38:218 2452 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
11:23:38:234 2452 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:23:38:265 2452 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:23:38:265 2452 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:23:38:296 2452 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:23:38:296 2452 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:23:38:328 2452 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:23:38:343 2452 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:23:38:406 2452 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:23:38:421 2452 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:23:38:453 2452 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:23:38:468 2452 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:23:38:468 2452 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
11:23:38:640 2452 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100720.002\naveng.sys
11:23:38:687 2452 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100720.002\navex15.sys
11:23:38:734 2452 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:23:38:750 2452 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:23:38:765 2452 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:23:38:781 2452 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:23:38:796 2452 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
11:23:38:828 2452 NEOFLTR_600_13487 (e42ebf219cc8781d439690bdf430182a) C:\WINDOWS\system32\Drivers\NEOFLTR_600_13487.SYS
11:23:38:843 2452 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:23:38:859 2452 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:23:38:937 2452 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:23:39:109 2452 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:23:39:203 2452 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:23:39:281 2452 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:23:39:312 2452 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:23:39:343 2452 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:23:39:375 2452 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
11:23:39:406 2452 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:23:39:421 2452 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:23:39:453 2452 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:23:39:453 2452 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\drivers\tsk35.tmp
11:23:39:468 2452 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:23:39:515 2452 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:23:39:562 2452 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
11:23:39:562 2452 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:23:39:578 2452 PortlUSB (895dbe112ef6435dda75c8c9698e400b) C:\WINDOWS\system32\DRIVERS\H10USB.sys
11:23:39:625 2452 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:23:39:625 2452 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:23:39:640 2452 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:23:39:656 2452 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:23:39:656 2452 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:23:39:671 2452 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:23:39:687 2452 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:23:39:703 2452 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:23:39:734 2452 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:23:39:750 2452 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:23:39:765 2452 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:23:39:781 2452 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:23:39:781 2452 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:23:39:812 2452 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:23:39:828 2452 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:23:39:859 2452 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:23:39:875 2452 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
11:23:39:890 2452 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:23:40:015 2452 SAVRT (2861c841b03def48402e63277d9cac22) C:\Program Files\Symantec AntiVirus\savrt.sys
11:23:40:015 2452 SAVRTPEL (54484c13e4d9b268c66d59e9ccb570e6) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
11:23:40:046 2452 SCR3XX2K (b442a2470197b3feb38beddae9de9268) C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys
11:23:40:093 2452 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:23:40:125 2452 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
11:23:40:156 2452 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:23:40:156 2452 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:23:40:187 2452 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:23:40:218 2452 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:23:40:250 2452 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
11:23:40:281 2452 sonypvd2 (4101a5a53d93a7c6d059e630992b9149) C:\WINDOWS\system32\DRIVERS\sonypvd2.sys
11:23:40:343 2452 sonypvf2 (8984edfa4e4aae45892a2ba7929b360d) C:\WINDOWS\system32\drivers\sonypvf2.sys
11:23:40:343 2452 sonypvl2 (ec7de9b70ca3218803b4b38d62e7dc39) C:\WINDOWS\system32\drivers\sonypvl2.sys
11:23:40:359 2452 sonypvt2 (bf00283a4c71aae7b46c32a264cea22b) C:\WINDOWS\system32\drivers\sonypvt2.sys
11:23:40:390 2452 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:23:40:453 2452 SPBBCDrv (60053e9c1fc4f6887c296c19cb825244) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
11:23:40:500 2452 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:23:40:515 2452 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:23:40:562 2452 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
11:23:40:609 2452 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:23:40:640 2452 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:23:40:671 2452 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
11:23:40:687 2452 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:23:40:718 2452 SymEvent (c5eafb6a8c73fb26b73ee613c1a5aef6) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
11:23:40:812 2452 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
11:23:40:859 2452 SYMREDRV (5f9055055dc4900f74fb690b61448be4) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
11:23:40:890 2452 SYMTDI (5561a9d2d1b6529a95cbbffaed7791c1) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
11:23:40:921 2452 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:23:40:921 2452 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:23:40:953 2452 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:23:40:984 2452 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:23:41:031 2452 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:23:41:062 2452 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:23:41:078 2452 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:23:41:093 2452 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
11:23:41:140 2452 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:23:41:187 2452 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
11:23:41:218 2452 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:23:41:281 2452 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
11:23:41:328 2452 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:23:41:343 2452 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:23:41:359 2452 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:23:41:406 2452 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:23:41:437 2452 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:23:41:453 2452 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:23:41:484 2452 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:23:41:500 2452 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:23:41:546 2452 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:23:41:578 2452 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:23:41:609 2452 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:23:41:656 2452 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
11:23:41:703 2452 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:23:41:734 2452 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:23:41:765 2452 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
11:23:41:781 2452 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:23:41:843 2452 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:23:41:859 2452 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:23:41:875 2452
11:23:41:875 2452 Completed
11:23:41:875 2452
11:23:41:875 2452 Results:
11:23:41:875 2452 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
11:23:41:875 2452 File objects infected / cured / cured on reboot: 0 / 0 / 0
11:23:41:875 2452
11:23:41:875 2452 KLMD(ARK) unloaded successfully