jross99

Sorry for wasting your time.

Thank you again for your help. I ran the remover tool which initially I don't think worked. The icon was still present. And ComboFix still alerted me with the warning of RT Scanners. However, I ran combo fix and immediately after ran the removal tool. It seem to have worked and after running combofix again. I noticed some positive changes. Let me know what you think of the log. Also, sorry for posting multiple times. You know how people get when they're freaked out. You're the best. ComboFix83011.txt

Thank you greatly for your time and support. This issue has been severely frustrating. I was not able to get MBAM to update or run. I keep getting the "cannot access specific device, file, or path." I have re-downloaded and tried to change the name of the file to execute with no luck. ComboFix did run but it did not seem to remove all aspects of the virus. I can't remove AVG 2011 either or disable RT Protection. I tried to from Add/remove programs and used perfect uninstaller. Neither worked. Again, thank you so much. CF82911.txt dds82911.txt

Here is my last HijackThis log (sorry for not .zip) 2011/08/23 11:15:33.0546 2436 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57 2011/08/23 11:15:33.0890 2436 ================================================================================ 2011/08/23 11:15:33.0890 2436 SystemInfo: 2011/08/23 11:15:33.0890 2436 2011/08/23 11:15:33.0890 2436 OS Version: 5.1.2600 ServicePack: 2.0 2011/08/23 11:15:33.0890 2436 Product type: Workstation 2011/08/23 11:15:33.0890 2436 ComputerName: HAL9000 2011/08/23 11:15:33.0890 2436 UserName: Jonathan Ross 2011/08/23 11:15:33.0890 2436 Windows directory: C:\WINDOWS 2011/08/23 11:15:33.0890 2436 System windows directory: C:\WINDOWS 2011/08/23 11:15:33.0890 2436 Processor architecture: Intel x86 2011/08/23 11:15:33.0890 2436 Number of processors: 1 2011/08/23 11:15:33.0890 2436 Page size: 0x1000 2011/08/23 11:15:33.0890 2436 Boot type: Normal boot 2011/08/23 11:15:33.0890 2436 ================================================================================ 2011/08/23 11:15:36.0328 2436 Initialize success 2011/08/23 11:20:54.0390 0808 ================================================================================ 2011/08/23 11:20:54.0390 0808 Scan started 2011/08/23 11:20:54.0390 0808 Mode: Manual; 2011/08/23 11:20:54.0390 0808 ================================================================================ 2011/08/23 11:20:56.0187 0808 3f54274e (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\1311200319:3232487601.exe 2011/08/23 11:20:58.0296 0808 Suspicious file (Hidden): C:\WINDOWS\1311200319:3232487601.exe. md5: 8f2bb1827cac01aee6a16e30a1260199 2011/08/23 11:20:58.0312 0808 3f54274e - detected HiddenFile.Multi.Generic (1) 2011/08/23 11:20:58.0500 0808 61883 (86d7b1e70661d754685b9ac6d749aae5) C:\WINDOWS\system32\DRIVERS\61883.sys 2011/08/23 11:20:58.0781 0808 A3AB (21af8e9c727c6d7643ad497268f55bf1) C:\WINDOWS\system32\DRIVERS\A3AB.sys 2011/08/23 11:20:59.0156 0808 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS 2011/08/23 11:20:59.0500 0808 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/08/23 11:20:59.0656 0808 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/08/23 11:20:59.0796 0808 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys 2011/08/23 11:21:00.0000 0808 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys 2011/08/23 11:21:00.0218 0808 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys 2011/08/23 11:21:00.0453 0808 AFS2K (c685cc27a2e637f0dcb5a45e67cc6f74) C:\WINDOWS\system32\drivers\AFS2K.sys 2011/08/23 11:21:00.0578 0808 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/08/23 11:21:00.0718 0808 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys 2011/08/23 11:21:00.0953 0808 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys 2011/08/23 11:21:01.0140 0808 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys 2011/08/23 11:21:01.0375 0808 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys 2011/08/23 11:21:01.0562 0808 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys 2011/08/23 11:21:01.0781 0808 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\System32\DRIVERS\alim1541.sys 2011/08/23 11:21:02.0015 0808 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\System32\DRIVERS\amdagp.sys 2011/08/23 11:21:02.0296 0808 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys 2011/08/23 11:21:02.0484 0808 ANIO (920298c7aef97d8168d219d35975d295) C:\WINDOWS\system32\ANIO.SYS 2011/08/23 11:21:02.0718 0808 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/08/23 11:21:02.0921 0808 ASAPIW2k (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\WINDOWS\system32\Drivers\ASAPIW2K.sys 2011/08/23 11:21:03.0109 0808 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys 2011/08/23 11:21:03.0359 0808 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys 2011/08/23 11:21:03.0578 0808 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys 2011/08/23 11:21:03.0734 0808 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys 2011/08/23 11:21:03.0953 0808 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/08/23 11:21:04.0156 0808 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/08/23 11:21:04.0531 0808 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/08/23 11:21:04.0718 0808 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/08/23 11:21:04.0890 0808 Avc (87c223adb8f7596b31caae3c67b16ddd) C:\WINDOWS\system32\DRIVERS\avc.sys 2011/08/23 11:21:05.0046 0808 AVG Anti-Spyware Driver (d6f4c1450699901048818b0c3aaf7a17) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys 2011/08/23 11:21:05.0218 0808 AvgAsCln (856b0cee009946bf2d327e6b24fe7e3f) C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys 2011/08/23 11:21:05.0500 0808 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 2011/08/23 11:21:05.0937 0808 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys 2011/08/23 11:21:06.0390 0808 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 2011/08/23 11:21:06.0796 0808 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 2011/08/23 11:21:07.0156 0808 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys 2011/08/23 11:21:07.0515 0808 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 2011/08/23 11:21:07.0812 0808 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 2011/08/23 11:21:08.0140 0808 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys 2011/08/23 11:21:08.0468 0808 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS 2011/08/23 11:21:08.0859 0808 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/08/23 11:21:10.0500 0808 Bridge (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys 2011/08/23 11:21:10.0703 0808 BridgeMP (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys 2011/08/23 11:21:11.0640 0808 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys 2011/08/23 11:21:12.0359 0808 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/08/23 11:21:12.0734 0808 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/08/23 11:21:13.0109 0808 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys 2011/08/23 11:21:13.0562 0808 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/08/23 11:21:13.0921 0808 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/08/23 11:21:14.0375 0808 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/08/23 11:21:15.0218 0808 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys 2011/08/23 11:21:16.0093 0808 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys 2011/08/23 11:21:16.0953 0808 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys 2011/08/23 11:21:17.0953 0808 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys 2011/08/23 11:21:18.0921 0808 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\system32\Drivers\d347prt.sys 2011/08/23 11:21:19.0625 0808 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys 2011/08/23 11:21:20.0234 0808 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys 2011/08/23 11:21:20.0937 0808 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/08/23 11:21:21.0937 0808 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys 2011/08/23 11:21:23.0296 0808 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys 2011/08/23 11:21:24.0031 0808 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/08/23 11:21:24.0781 0808 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 2011/08/23 11:21:25.0406 0808 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys 2011/08/23 11:21:25.0796 0808 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/08/23 11:21:26.0281 0808 drvmcdb (7df2e645fbda7cde94fcabba7f0de4c2) C:\WINDOWS\system32\drivers\drvmcdb.sys 2011/08/23 11:21:28.0093 0808 E100B (98ed0bea10477b0f252cca35eb50f838) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/08/23 11:21:29.0390 0808 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys 2011/08/23 11:21:30.0140 0808 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/08/23 11:21:31.0609 0808 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/08/23 11:21:32.0156 0808 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys 2011/08/23 11:21:32.0671 0808 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/08/23 11:21:33.0640 0808 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/08/23 11:21:34.0718 0808 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/08/23 11:21:35.0812 0808 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/08/23 11:21:37.0281 0808 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys 2011/08/23 11:21:38.0750 0808 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/08/23 11:21:39.0531 0808 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys 2011/08/23 11:21:40.0328 0808 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/08/23 11:21:40.0875 0808 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/08/23 11:21:41.0375 0808 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/08/23 11:21:41.0750 0808 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 2011/08/23 11:21:42.0531 0808 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 2011/08/23 11:21:43.0328 0808 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/08/23 11:21:43.0671 0808 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/08/23 11:21:44.0031 0808 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\System32\DRIVERS\i2omp.sys 2011/08/23 11:21:44.0234 0808 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/08/23 11:21:44.0531 0808 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys 2011/08/23 11:21:44.0875 0808 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys 2011/08/23 11:21:45.0296 0808 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys 2011/08/23 11:21:45.0562 0808 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys 2011/08/23 11:21:45.0828 0808 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys 2011/08/23 11:21:46.0156 0808 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys 2011/08/23 11:21:46.0546 0808 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys 2011/08/23 11:21:46.0828 0808 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys 2011/08/23 11:21:47.0171 0808 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys 2011/08/23 11:21:47.0515 0808 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys 2011/08/23 11:21:47.0781 0808 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/08/23 11:21:48.0078 0808 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys 2011/08/23 11:21:48.0437 0808 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\System32\DRIVERS\intelide.sys 2011/08/23 11:21:48.0656 0808 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/08/23 11:21:49.0078 0808 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/08/23 11:21:49.0656 0808 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/08/23 11:21:50.0437 0808 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/08/23 11:21:51.0078 0808 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/08/23 11:21:51.0859 0808 IPSec (518d980950174fead090b4d1a62f2e17) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/08/23 11:21:52.0203 0808 IPSec - detected Rootkit.Win32.ZAccess.c (0) 2011/08/23 11:21:52.0828 0808 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/08/23 11:21:53.0328 0808 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/08/23 11:21:53.0937 0808 JSWSCIMD (0c79476ceb3d497a7d0d6d828e9de4c6) C:\WINDOWS\system32\DRIVERS\jswscimd.sys 2011/08/23 11:21:55.0015 0808 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/08/23 11:21:55.0750 0808 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys 2011/08/23 11:21:56.0031 0808 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys 2011/08/23 11:21:56.0453 0808 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/08/23 11:21:57.0187 0808 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2011/08/23 11:21:57.0437 0808 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/08/23 11:21:57.0625 0808 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys 2011/08/23 11:21:58.0046 0808 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 2011/08/23 11:21:58.0203 0808 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/08/23 11:21:58.0390 0808 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/08/23 11:21:58.0609 0808 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys 2011/08/23 11:21:58.0781 0808 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/08/23 11:21:59.0078 0808 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/08/23 11:21:59.0546 0808 MSDV (6dd721dfd2648f3f6d5808b5ba6cb095) C:\WINDOWS\system32\DRIVERS\msdv.sys 2011/08/23 11:21:59.0921 0808 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 2011/08/23 11:22:00.0156 0808 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/08/23 11:22:00.0390 0808 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/08/23 11:22:00.0625 0808 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/08/23 11:22:00.0843 0808 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/08/23 11:22:01.0109 0808 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/08/23 11:22:01.0343 0808 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 2011/08/23 11:22:01.0625 0808 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/08/23 11:22:01.0859 0808 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 2011/08/23 11:22:02.0093 0808 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/08/23 11:22:02.0281 0808 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/08/23 11:22:02.0453 0808 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/08/23 11:22:02.0625 0808 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/08/23 11:22:02.0796 0808 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/08/23 11:22:02.0984 0808 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/08/23 11:22:03.0171 0808 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/08/23 11:22:03.0390 0808 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/08/23 11:22:03.0609 0808 NMSCFG (1d3bb79a0035077297779c8c52ca3c01) C:\WINDOWS\system32\drivers\NMSCFG.SYS 2011/08/23 11:22:03.0796 0808 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 2011/08/23 11:22:04.0156 0808 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/08/23 11:22:04.0562 0808 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/08/23 11:22:05.0062 0808 nv (5950e6cc9fb3fabb61604d395dbc8550) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/08/23 11:22:05.0468 0808 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/08/23 11:22:05.0687 0808 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/08/23 11:22:05.0937 0808 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/08/23 11:22:06.0125 0808 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys 2011/08/23 11:22:06.0328 0808 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys 2011/08/23 11:22:06.0515 0808 P16X (f051107ff80f132882e71e3a5d302ec1) C:\WINDOWS\system32\drivers\P16X.sys 2011/08/23 11:22:06.0765 0808 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys 2011/08/23 11:22:06.0937 0808 PalmUSBD (803cf09c795290825607505d37819135) C:\WINDOWS\system32\drivers\PalmUSBD.sys 2011/08/23 11:22:07.0140 0808 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/08/23 11:22:07.0343 0808 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/08/23 11:22:07.0500 0808 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/08/23 11:22:07.0656 0808 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/08/23 11:22:07.0906 0808 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/08/23 11:22:08.0031 0808 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/08/23 11:22:08.0484 0808 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys 2011/08/23 11:22:08.0671 0808 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys 2011/08/23 11:22:08.0859 0808 pfc (f2b3785d7282bac66d4b644fc88749f0) C:\WINDOWS\system32\drivers\pfc.sys 2011/08/23 11:22:09.0062 0808 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys 2011/08/23 11:22:09.0296 0808 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/08/23 11:22:09.0421 0808 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/08/23 11:22:09.0640 0808 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/08/23 11:22:09.0828 0808 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/08/23 11:22:09.0937 0808 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/08/23 11:22:10.0125 0808 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys 2011/08/23 11:22:10.0312 0808 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys 2011/08/23 11:22:10.0531 0808 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys 2011/08/23 11:22:10.0671 0808 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys 2011/08/23 11:22:10.0781 0808 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys 2011/08/23 11:22:10.0968 0808 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/08/23 11:22:11.0156 0808 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/08/23 11:22:11.0625 0808 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/08/23 11:22:11.0921 0808 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/08/23 11:22:12.0109 0808 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/08/23 11:22:12.0375 0808 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/08/23 11:22:12.0609 0808 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/08/23 11:22:12.0812 0808 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/08/23 11:22:12.0937 0808 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/08/23 11:22:13.0156 0808 RT73 (7436bfd3a542cf6ff55097200031b293) C:\WINDOWS\system32\DRIVERS\rt73.sys 2011/08/23 11:22:13.0390 0808 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/08/23 11:22:13.0656 0808 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/08/23 11:22:13.0875 0808 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/08/23 11:22:14.0250 0808 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/08/23 11:22:14.0531 0808 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\System32\DRIVERS\sisagp.sys 2011/08/23 11:22:14.0703 0808 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/08/23 11:22:14.0859 0808 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys 2011/08/23 11:22:14.0968 0808 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys 2011/08/23 11:22:15.0093 0808 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\System32\DRIVERS\sr.sys 2011/08/23 11:22:15.0328 0808 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/08/23 11:22:15.0578 0808 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/08/23 11:22:15.0703 0808 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/08/23 11:22:15.0843 0808 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 2011/08/23 11:22:16.0000 0808 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys 2011/08/23 11:22:16.0156 0808 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys 2011/08/23 11:22:16.0265 0808 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys 2011/08/23 11:22:16.0406 0808 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys 2011/08/23 11:22:16.0500 0808 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys 2011/08/23 11:22:16.0656 0808 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/08/23 11:22:16.0812 0808 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/08/23 11:22:17.0015 0808 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/08/23 11:22:17.0140 0808 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/08/23 11:22:17.0359 0808 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/08/23 11:22:17.0562 0808 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys 2011/08/23 11:22:17.0796 0808 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 2011/08/23 11:22:17.0984 0808 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys 2011/08/23 11:22:18.0203 0808 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys 2011/08/23 11:22:18.0484 0808 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/08/23 11:22:18.0687 0808 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys 2011/08/23 11:22:18.0875 0808 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/08/23 11:22:19.0062 0808 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys 2011/08/23 11:22:19.0281 0808 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/08/23 11:22:19.0468 0808 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/08/23 11:22:19.0671 0808 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys 2011/08/23 11:22:19.0796 0808 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/08/23 11:22:20.0000 0808 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/08/23 11:22:20.0187 0808 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/08/23 11:22:20.0625 0808 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/08/23 11:22:20.0953 0808 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys 2011/08/23 11:22:21.0156 0808 vcdrom (bfa4ae30b3ac10e9223830bf103f5a3f) C:\WINDOWS\SYSTEM32\VCdRom.sys 2011/08/23 11:22:21.0453 0808 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 2011/08/23 11:22:21.0640 0808 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\System32\DRIVERS\viaagp.sys 2011/08/23 11:22:21.0812 0808 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys 2011/08/23 11:22:21.0968 0808 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/08/23 11:22:22.0203 0808 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/08/23 11:22:22.0484 0808 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/08/23 11:22:22.0687 0808 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2011/08/23 11:22:23.0000 0808 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2011/08/23 11:22:23.0203 0808 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/08/23 11:22:23.0453 0808 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/08/23 11:22:23.0671 0808 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys 2011/08/23 11:22:23.0812 0808 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 2011/08/23 11:22:24.0000 0808 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 2011/08/23 11:22:24.0031 0808 Boot (0x1200) (c031c7b8284f1438ac09411f1026e3a3) \Device\Harddisk0\DR0\Partition0 2011/08/23 11:22:24.0062 0808 Boot (0x1200) (9795f53f0f4970233708ae6c5c847c0a) \Device\Harddisk1\DR1\Partition0 2011/08/23 11:22:24.0078 0808 ================================================================================ 2011/08/23 11:22:24.0078 0808 Scan finished 2011/08/23 11:22:24.0078 0808 ================================================================================ 2011/08/23 11:22:24.0109 2340 Detected object count: 2 2011/08/23 11:22:24.0109 2340 Actual detected object count: 2 2011/08/23 11:36:02.0640 2340 HiddenFile.Multi.Generic(3f54274e) - User select action: Skip 2011/08/23 11:36:02.0781 2340 IPSec (518d980950174fead090b4d1a62f2e17) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/08/23 11:36:02.0828 2340 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\ipsec.sys) error 1813 2011/08/23 11:36:07.0937 2340 Backup copy found, using it.. 2011/08/23 11:36:07.0968 2340 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured after reboot 2011/08/23 11:36:07.0968 2340 Rootkit.Win32.ZAccess.c(IPSec) - User select action: Cure MISC. info: These items popped up from AVG: "c:\WINDOWS\SYSTEM32\wuauclt.exe";"Virus identified Win32/Katusha.A";"Infected" "c:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Trojan horse Agent_r.AKS";"Infected" "c:\Program Files\AVG\AVG10\avgwdsvc.exe";"Virus identified Win32/Katusha.A";"Infected" "c:\WINDOWS\SYSTEM32\CTsvcCDA.EXE";"Virus identified Win32/Katusha.A";"Infected" "c:\Program Files\Java\jre6\bin\jqs.exe";"Virus identified Win32/Katusha.A";"Infected" "c:\WINDOWS\SYSTEM32\nvsvc32.exe";"Virus identified Win32/Katusha.A";"Infected" "c:\WINDOWS\SYSTEM32\wuauclt.exe";"Virus identified Win32/Katusha.A";"Infected" "c:\Program Files\AVG\AVG10\avgnsx.exe";"Virus identified Win32/Katusha.A";"Infected" "c:\Program Files\AVG\AVG10\avgchsvx.exe";"Virus identified Win32/Katusha.A";"Infected" "c:\Program Files\AVG\AVG10\avgrsx.exe";"Virus identified Win32/Katusha.A";"Infected" "c:\Program Files\AVG\AVG10\avgcsrvx.exe";"Virus identified Win32/Katusha.A";"Infected" "c:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Trojan horse Agent_r.AKS";"Infected" THESE were found by TDSSkiller, but don't seem to be resolved after reboot: Malicious Objects Rootkit.Win32.ZAccess.c Service name: IPSec Service Type: Kernal driver (0x1) Service Start: System (0x1) File: C:\WINDOWS\system32\DRIVERS\ipsec.sys MD5: 518d980950174fead090b4d1a62f2e17 Hidden File Service Name: 3f54274e Service Type: Kernal driver (0x1) Service Start: Demand (0x3) File: C:\WINDOWS\1311200310:3232487601.exe I couldn't get my DDS.txt to zip, but here are the results. . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11 Run by Jonathan Ross at 11:55:04 on 2011-08-23 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.357 [GMT -4:00] . AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\1311200319:3232487601.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\AVG\AVG10\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe -k DComLaunch C:\WINDOWS\system32\rundll32.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgchsvx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\SYSTEM32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\explorer.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com mSearch Page = hxxp://www.google.com mSearch Bar = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = 127.0.0.1 uSearchAssistant = hxxp://www.google.com/ie uCustomizeSearch = about:blank uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com mSearchAssistant = hxxp://www.google.com/ie BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mRun: [!AVG Anti-Spyware] "c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot StartupFolder: c:\documents and settings\jonathan ross\start menu\programs\startup\V CAST Music Monitor.lnk.disabled StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Adobe Reader Speed Launch.lnk.disabled StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Digital Line Detect.lnk.disabled StartupFolder: c:\documents and settings\all users\start menu\programs\startup\HP Digital Imaging Monitor.lnk.disabled StartupFolder: c:\documents and settings\all users\start menu\programs\startup\HP Image Zone Fast Start.lnk.disabled StartupFolder: c:\documents and settings\all users\start menu\programs\startup\hp psc 1000 series.lnk.disabled StartupFolder: c:\documents and settings\all users\start menu\programs\startup\hpoddt01.exe.lnk.disabled StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Microsoft Office.lnk.disabled StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Microsoft Works Calendar Reminders.lnk.disabled mPolicies-explorer: <NO NAME> = IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000 IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll LSP: mswsock.dll DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} - hxxps://vmodlms.widerthanam.com/component/VZWDLManager.cab DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143679815796 DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\jonathan ross\application data\mozilla\firefox\profiles\tsj4tx7v.default\ FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - plugin: c:\documents and settings\jonathan ross\application data\move networks\plugins\npqmp071701000002.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592] R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2006-11-20 155136] R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2006-11-20 5248] R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2007-5-30 11000] R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2011-8-22 10872] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 297168] R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\VCdRom.sys [2006-11-20 8576] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2009-11-25 57376] R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-6-8 41272] S2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2007-5-30 312880] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664] S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2009-11-25 547744] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\d-link\wireless g wda-1320\jswutil\jswpsapi.exe [2009-11-25 352338] S3 klmd23;klmd23;c:\windows\system32\drivers\klmd.sys [2011-8-21 52432] . =============== Created Last 30 ================ . 2011-08-23 15:43:42 -------- d-----w- c:\program files\Trojan Remover 2011-08-23 15:43:42 -------- d-----w- c:\documents and settings\jonathan ross\application data\Simply Super Software 2011-08-23 15:43:42 -------- d-----w- c:\documents and settings\all users\application data\Simply Super Software 2011-08-23 15:36:08 94768 ----a-w- c:\windows\system32\drivers\46029272.sys 2011-08-23 05:39:49 43408 --sha-w- c:\windows\system32\c_66981.nl_ 2011-08-22 14:45:05 -------- d-----w- c:\documents and settings\jonathan ross\DoctorWeb 2011-08-22 14:39:37 43408 --sha-w- c:\windows\system32\c_66981.nl_.mwt 2011-08-22 14:26:35 632064 ----a-w- c:\windows\system32\msvcr80.dll 2011-08-22 14:26:34 554240 ----a-w- c:\windows\system32\msvcp80.dll 2011-08-22 14:26:32 34048 ----a-w- c:\windows\system32\eEmpty.exe 2011-08-22 14:26:14 146432 ----a-w- c:\windows\REGEDIT.COM 2011-08-22 14:26:14 146432 ----a-w- c:\windows\R.COM 2011-08-22 14:26:14 135680 ----a-w- c:\windows\system32\TASKMGR.COM 2011-08-22 14:26:14 135680 ----a-w- c:\windows\system32\T.COM 2011-08-22 14:26:12 -------- d-----w- c:\program files\common files\MicroWorld 2011-08-22 14:26:00 -------- d-----w- c:\documents and settings\all users\application data\MicroWorld 2011-08-22 14:25:23 -------- d-----w- c:\program files\CleanUp! 2011-08-22 14:22:18 10872 ----a-w- c:\windows\system32\drivers\AvgAsCln.sys 2011-08-22 14:22:13 -------- d-----w- c:\documents and settings\all users\application data\Grisoft 2011-08-21 10:54:04 52432 ----a-w- c:\windows\system32\drivers\klmd.sys . ==================== Find3M ==================== . 2011-08-23 15:13:18 64896 ----a-w- c:\windows\system32\drivers\serial.sys 2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 11:56:50.25 ===============

I was able to retrieve a HijackThis Log. Sorry for constantly posting. 2011/08/23 11:15:33.0546 2436 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57 2011/08/23 11:15:33.0890 2436 ================================================================================ 2011/08/23 11:15:33.0890 2436 SystemInfo: 2011/08/23 11:15:33.0890 2436 2011/08/23 11:15:33.0890 2436 OS Version: 5.1.2600 ServicePack: 2.0 2011/08/23 11:15:33.0890 2436 Product type: Workstation 2011/08/23 11:15:33.0890 2436 ComputerName: HAL9000 2011/08/23 11:15:33.0890 2436 UserName: Jonathan Ross 2011/08/23 11:15:33.0890 2436 Windows directory: C:\WINDOWS 2011/08/23 11:15:33.0890 2436 System windows directory: C:\WINDOWS 2011/08/23 11:15:33.0890 2436 Processor architecture: Intel x86 2011/08/23 11:15:33.0890 2436 Number of processors: 1 2011/08/23 11:15:33.0890 2436 Page size: 0x1000 2011/08/23 11:15:33.0890 2436 Boot type: Normal boot 2011/08/23 11:15:33.0890 2436 ================================================================================ 2011/08/23 11:15:36.0328 2436 Initialize success 2011/08/23 11:20:54.0390 0808 ================================================================================ 2011/08/23 11:20:54.0390 0808 Scan started 2011/08/23 11:20:54.0390 0808 Mode: Manual; 2011/08/23 11:20:54.0390 0808 ================================================================================ 2011/08/23 11:20:56.0187 0808 3f54274e (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\1311200319:3232487601.exe 2011/08/23 11:20:58.0296 0808 Suspicious file (Hidden): C:\WINDOWS\1311200319:3232487601.exe. md5: 8f2bb1827cac01aee6a16e30a1260199 2011/08/23 11:20:58.0312 0808 3f54274e - detected HiddenFile.Multi.Generic (1) 2011/08/23 11:20:58.0500 0808 61883 (86d7b1e70661d754685b9ac6d749aae5) C:\WINDOWS\system32\DRIVERS\61883.sys 2011/08/23 11:20:58.0781 0808 A3AB (21af8e9c727c6d7643ad497268f55bf1) C:\WINDOWS\system32\DRIVERS\A3AB.sys 2011/08/23 11:20:59.0156 0808 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS 2011/08/23 11:20:59.0500 0808 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/08/23 11:20:59.0656 0808 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/08/23 11:20:59.0796 0808 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys 2011/08/23 11:21:00.0000 0808 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys 2011/08/23 11:21:00.0218 0808 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys 2011/08/23 11:21:00.0453 0808 AFS2K (c685cc27a2e637f0dcb5a45e67cc6f74) C:\WINDOWS\system32\drivers\AFS2K.sys 2011/08/23 11:21:00.0578 0808 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/08/23 11:21:00.0718 0808 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys 2011/08/23 11:21:00.0953 0808 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys 2011/08/23 11:21:01.0140 0808 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys 2011/08/23 11:21:01.0375 0808 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys 2011/08/23 11:21:01.0562 0808 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys 2011/08/23 11:21:01.0781 0808 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\System32\DRIVERS\alim1541.sys 2011/08/23 11:21:02.0015 0808 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\System32\DRIVERS\amdagp.sys 2011/08/23 11:21:02.0296 0808 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys 2011/08/23 11:21:02.0484 0808 ANIO (920298c7aef97d8168d219d35975d295) C:\WINDOWS\system32\ANIO.SYS 2011/08/23 11:21:02.0718 0808 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/08/23 11:21:02.0921 0808 ASAPIW2k (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\WINDOWS\system32\Drivers\ASAPIW2K.sys 2011/08/23 11:21:03.0109 0808 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys 2011/08/23 11:21:03.0359 0808 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys 2011/08/23 11:21:03.0578 0808 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys 2011/08/23 11:21:03.0734 0808 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys 2011/08/23 11:21:03.0953 0808 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/08/23 11:21:04.0156 0808 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/08/23 11:21:04.0531 0808 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/08/23 11:21:04.0718 0808 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/08/23 11:21:04.0890 0808 Avc (87c223adb8f7596b31caae3c67b16ddd) C:\WINDOWS\system32\DRIVERS\avc.sys 2011/08/23 11:21:05.0046 0808 AVG Anti-Spyware Driver (d6f4c1450699901048818b0c3aaf7a17) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys 2011/08/23 11:21:05.0218 0808 AvgAsCln (856b0cee009946bf2d327e6b24fe7e3f) C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys 2011/08/23 11:21:05.0500 0808 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 2011/08/23 11:21:05.0937 0808 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys 2011/08/23 11:21:06.0390 0808 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 2011/08/23 11:21:06.0796 0808 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 2011/08/23 11:21:07.0156 0808 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys 2011/08/23 11:21:07.0515 0808 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 2011/08/23 11:21:07.0812 0808 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 2011/08/23 11:21:08.0140 0808 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys 2011/08/23 11:21:08.0468 0808 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS 2011/08/23 11:21:08.0859 0808 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/08/23 11:21:10.0500 0808 Bridge (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys 2011/08/23 11:21:10.0703 0808 BridgeMP (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys 2011/08/23 11:21:11.0640 0808 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys 2011/08/23 11:21:12.0359 0808 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/08/23 11:21:12.0734 0808 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/08/23 11:21:13.0109 0808 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys 2011/08/23 11:21:13.0562 0808 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/08/23 11:21:13.0921 0808 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/08/23 11:21:14.0375 0808 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/08/23 11:21:15.0218 0808 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys 2011/08/23 11:21:16.0093 0808 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys 2011/08/23 11:21:16.0953 0808 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys 2011/08/23 11:21:17.0953 0808 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys 2011/08/23 11:21:18.0921 0808 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\system32\Drivers\d347prt.sys 2011/08/23 11:21:19.0625 0808 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys 2011/08/23 11:21:20.0234 0808 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys 2011/08/23 11:21:20.0937 0808 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/08/23 11:21:21.0937 0808 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys 2011/08/23 11:21:23.0296 0808 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys 2011/08/23 11:21:24.0031 0808 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/08/23 11:21:24.0781 0808 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 2011/08/23 11:21:25.0406 0808 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys 2011/08/23 11:21:25.0796 0808 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/08/23 11:21:26.0281 0808 drvmcdb (7df2e645fbda7cde94fcabba7f0de4c2) C:\WINDOWS\system32\drivers\drvmcdb.sys 2011/08/23 11:21:28.0093 0808 E100B (98ed0bea10477b0f252cca35eb50f838) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/08/23 11:21:29.0390 0808 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys 2011/08/23 11:21:30.0140 0808 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/08/23 11:21:31.0609 0808 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/08/23 11:21:32.0156 0808 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys 2011/08/23 11:21:32.0671 0808 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/08/23 11:21:33.0640 0808 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/08/23 11:21:34.0718 0808 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/08/23 11:21:35.0812 0808 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/08/23 11:21:37.0281 0808 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys 2011/08/23 11:21:38.0750 0808 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/08/23 11:21:39.0531 0808 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys 2011/08/23 11:21:40.0328 0808 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/08/23 11:21:40.0875 0808 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/08/23 11:21:41.0375 0808 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/08/23 11:21:41.0750 0808 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 2011/08/23 11:21:42.0531 0808 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 2011/08/23 11:21:43.0328 0808 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/08/23 11:21:43.0671 0808 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/08/23 11:21:44.0031 0808 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\System32\DRIVERS\i2omp.sys 2011/08/23 11:21:44.0234 0808 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/08/23 11:21:44.0531 0808 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys 2011/08/23 11:21:44.0875 0808 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys 2011/08/23 11:21:45.0296 0808 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys 2011/08/23 11:21:45.0562 0808 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys 2011/08/23 11:21:45.0828 0808 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys 2011/08/23 11:21:46.0156 0808 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys 2011/08/23 11:21:46.0546 0808 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys 2011/08/23 11:21:46.0828 0808 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys 2011/08/23 11:21:47.0171 0808 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys 2011/08/23 11:21:47.0515 0808 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys 2011/08/23 11:21:47.0781 0808 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/08/23 11:21:48.0078 0808 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys 2011/08/23 11:21:48.0437 0808 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\System32\DRIVERS\intelide.sys 2011/08/23 11:21:48.0656 0808 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/08/23 11:21:49.0078 0808 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/08/23 11:21:49.0656 0808 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/08/23 11:21:50.0437 0808 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/08/23 11:21:51.0078 0808 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/08/23 11:21:51.0859 0808 IPSec (518d980950174fead090b4d1a62f2e17) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/08/23 11:21:52.0203 0808 IPSec - detected Rootkit.Win32.ZAccess.c (0) 2011/08/23 11:21:52.0828 0808 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/08/23 11:21:53.0328 0808 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/08/23 11:21:53.0937 0808 JSWSCIMD (0c79476ceb3d497a7d0d6d828e9de4c6) C:\WINDOWS\system32\DRIVERS\jswscimd.sys 2011/08/23 11:21:55.0015 0808 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/08/23 11:21:55.0750 0808 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys 2011/08/23 11:21:56.0031 0808 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys 2011/08/23 11:21:56.0453 0808 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/08/23 11:21:57.0187 0808 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2011/08/23 11:21:57.0437 0808 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/08/23 11:21:57.0625 0808 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys 2011/08/23 11:21:58.0046 0808 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 2011/08/23 11:21:58.0203 0808 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/08/23 11:21:58.0390 0808 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/08/23 11:21:58.0609 0808 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys 2011/08/23 11:21:58.0781 0808 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/08/23 11:21:59.0078 0808 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/08/23 11:21:59.0546 0808 MSDV (6dd721dfd2648f3f6d5808b5ba6cb095) C:\WINDOWS\system32\DRIVERS\msdv.sys 2011/08/23 11:21:59.0921 0808 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 2011/08/23 11:22:00.0156 0808 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/08/23 11:22:00.0390 0808 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/08/23 11:22:00.0625 0808 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/08/23 11:22:00.0843 0808 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/08/23 11:22:01.0109 0808 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/08/23 11:22:01.0343 0808 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 2011/08/23 11:22:01.0625 0808 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/08/23 11:22:01.0859 0808 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 2011/08/23 11:22:02.0093 0808 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/08/23 11:22:02.0281 0808 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/08/23 11:22:02.0453 0808 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/08/23 11:22:02.0625 0808 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/08/23 11:22:02.0796 0808 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/08/23 11:22:02.0984 0808 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/08/23 11:22:03.0171 0808 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/08/23 11:22:03.0390 0808 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/08/23 11:22:03.0609 0808 NMSCFG (1d3bb79a0035077297779c8c52ca3c01) C:\WINDOWS\system32\drivers\NMSCFG.SYS 2011/08/23 11:22:03.0796 0808 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 2011/08/23 11:22:04.0156 0808 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/08/23 11:22:04.0562 0808 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/08/23 11:22:05.0062 0808 nv (5950e6cc9fb3fabb61604d395dbc8550) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/08/23 11:22:05.0468 0808 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/08/23 11:22:05.0687 0808 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/08/23 11:22:05.0937 0808 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/08/23 11:22:06.0125 0808 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys 2011/08/23 11:22:06.0328 0808 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys 2011/08/23 11:22:06.0515 0808 P16X (f051107ff80f132882e71e3a5d302ec1) C:\WINDOWS\system32\drivers\P16X.sys 2011/08/23 11:22:06.0765 0808 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys 2011/08/23 11:22:06.0937 0808 PalmUSBD (803cf09c795290825607505d37819135) C:\WINDOWS\system32\drivers\PalmUSBD.sys 2011/08/23 11:22:07.0140 0808 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/08/23 11:22:07.0343 0808 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/08/23 11:22:07.0500 0808 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/08/23 11:22:07.0656 0808 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/08/23 11:22:07.0906 0808 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/08/23 11:22:08.0031 0808 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/08/23 11:22:08.0484 0808 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys 2011/08/23 11:22:08.0671 0808 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys 2011/08/23 11:22:08.0859 0808 pfc (f2b3785d7282bac66d4b644fc88749f0) C:\WINDOWS\system32\drivers\pfc.sys 2011/08/23 11:22:09.0062 0808 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys 2011/08/23 11:22:09.0296 0808 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/08/23 11:22:09.0421 0808 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/08/23 11:22:09.0640 0808 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/08/23 11:22:09.0828 0808 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/08/23 11:22:09.0937 0808 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/08/23 11:22:10.0125 0808 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys 2011/08/23 11:22:10.0312 0808 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys 2011/08/23 11:22:10.0531 0808 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys 2011/08/23 11:22:10.0671 0808 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys 2011/08/23 11:22:10.0781 0808 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys 2011/08/23 11:22:10.0968 0808 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/08/23 11:22:11.0156 0808 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/08/23 11:22:11.0625 0808 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/08/23 11:22:11.0921 0808 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/08/23 11:22:12.0109 0808 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/08/23 11:22:12.0375 0808 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/08/23 11:22:12.0609 0808 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/08/23 11:22:12.0812 0808 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/08/23 11:22:12.0937 0808 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/08/23 11:22:13.0156 0808 RT73 (7436bfd3a542cf6ff55097200031b293) C:\WINDOWS\system32\DRIVERS\rt73.sys 2011/08/23 11:22:13.0390 0808 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/08/23 11:22:13.0656 0808 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/08/23 11:22:13.0875 0808 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/08/23 11:22:14.0250 0808 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/08/23 11:22:14.0531 0808 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\System32\DRIVERS\sisagp.sys 2011/08/23 11:22:14.0703 0808 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/08/23 11:22:14.0859 0808 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys 2011/08/23 11:22:14.0968 0808 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys 2011/08/23 11:22:15.0093 0808 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\System32\DRIVERS\sr.sys 2011/08/23 11:22:15.0328 0808 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/08/23 11:22:15.0578 0808 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/08/23 11:22:15.0703 0808 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/08/23 11:22:15.0843 0808 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 2011/08/23 11:22:16.0000 0808 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys 2011/08/23 11:22:16.0156 0808 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys 2011/08/23 11:22:16.0265 0808 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys 2011/08/23 11:22:16.0406 0808 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys 2011/08/23 11:22:16.0500 0808 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys 2011/08/23 11:22:16.0656 0808 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/08/23 11:22:16.0812 0808 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/08/23 11:22:17.0015 0808 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/08/23 11:22:17.0140 0808 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/08/23 11:22:17.0359 0808 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/08/23 11:22:17.0562 0808 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys 2011/08/23 11:22:17.0796 0808 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 2011/08/23 11:22:17.0984 0808 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys 2011/08/23 11:22:18.0203 0808 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys 2011/08/23 11:22:18.0484 0808 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/08/23 11:22:18.0687 0808 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys 2011/08/23 11:22:18.0875 0808 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/08/23 11:22:19.0062 0808 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys 2011/08/23 11:22:19.0281 0808 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/08/23 11:22:19.0468 0808 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/08/23 11:22:19.0671 0808 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys 2011/08/23 11:22:19.0796 0808 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/08/23 11:22:20.0000 0808 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/08/23 11:22:20.0187 0808 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/08/23 11:22:20.0625 0808 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/08/23 11:22:20.0953 0808 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys 2011/08/23 11:22:21.0156 0808 vcdrom (bfa4ae30b3ac10e9223830bf103f5a3f) C:\WINDOWS\SYSTEM32\VCdRom.sys 2011/08/23 11:22:21.0453 0808 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 2011/08/23 11:22:21.0640 0808 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\System32\DRIVERS\viaagp.sys 2011/08/23 11:22:21.0812 0808 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys 2011/08/23 11:22:21.0968 0808 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/08/23 11:22:22.0203 0808 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/08/23 11:22:22.0484 0808 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/08/23 11:22:22.0687 0808 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2011/08/23 11:22:23.0000 0808 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2011/08/23 11:22:23.0203 0808 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/08/23 11:22:23.0453 0808 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/08/23 11:22:23.0671 0808 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys 2011/08/23 11:22:23.0812 0808 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 2011/08/23 11:22:24.0000 0808 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 2011/08/23 11:22:24.0031 0808 Boot (0x1200) (c031c7b8284f1438ac09411f1026e3a3) \Device\Harddisk0\DR0\Partition0 2011/08/23 11:22:24.0062 0808 Boot (0x1200) (9795f53f0f4970233708ae6c5c847c0a) \Device\Harddisk1\DR1\Partition0 2011/08/23 11:22:24.0078 0808 ================================================================================ 2011/08/23 11:22:24.0078 0808 Scan finished 2011/08/23 11:22:24.0078 0808 ================================================================================ 2011/08/23 11:22:24.0109 2340 Detected object count: 2 2011/08/23 11:22:24.0109 2340 Actual detected object count: 2 2011/08/23 11:36:02.0640 2340 HiddenFile.Multi.Generic(3f54274e) - User select action: Skip 2011/08/23 11:36:02.0781 2340 IPSec (518d980950174fead090b4d1a62f2e17) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/08/23 11:36:02.0828 2340 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\ipsec.sys) error 1813 2011/08/23 11:36:07.0937 2340 Backup copy found, using it.. 2011/08/23 11:36:07.0968 2340 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured after reboot 2011/08/23 11:36:07.0968 2340 Rootkit.Win32.ZAccess.c(IPSec) - User select action: Cure

I was eventually able to gather more information. These items popped up from AVG: "c:\WINDOWS\SYSTEM32\wuauclt.exe";"Virus identified Win32/Katusha.A";"Infected" "c:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Trojan horse Agent_r.AKS";"Infected" "c:\Program Files\AVG\AVG10\avgwdsvc.exe";"Virus identified Win32/Katusha.A";"Infected" "c:\WINDOWS\SYSTEM32\CTsvcCDA.EXE";"Virus identified Win32/Katusha.A";"Infected" "c:\Program Files\Java\jre6\bin\jqs.exe";"Virus identified Win32/Katusha.A";"Infected" "c:\WINDOWS\SYSTEM32\nvsvc32.exe";"Virus identified Win32/Katusha.A";"Infected" "c:\WINDOWS\SYSTEM32\wuauclt.exe";"Virus identified Win32/Katusha.A";"Infected" "c:\Program Files\AVG\AVG10\avgnsx.exe";"Virus identified Win32/Katusha.A";"Infected" "c:\Program Files\AVG\AVG10\avgchsvx.exe";"Virus identified Win32/Katusha.A";"Infected" "c:\Program Files\AVG\AVG10\avgrsx.exe";"Virus identified Win32/Katusha.A";"Infected" "c:\Program Files\AVG\AVG10\avgcsrvx.exe";"Virus identified Win32/Katusha.A";"Infected" "c:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Trojan horse Agent_r.AKS";"Infected" THESE were found by TDSSkiller, but don't seem to be resolved after reboot: Malicious Objects Rootkit.Win32.ZAccess.c Service name: IPSec Service Type: Kernal driver (0x1) Service Start: System (0x1) File: C:\WINDOWS\system32\DRIVERS\ipsec.sys MD5: 518d980950174fead090b4d1a62f2e17 Hidden File Service Name: 3f54274e Service Type: Kernal driver (0x1) Service Start: Demand (0x3) File: C:\WINDOWS\1311200310:3232487601.exe I couldn't get my DDS.txt to zip, but here are the results. . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11 Run by Jonathan Ross at 11:55:04 on 2011-08-23 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.357 [GMT -4:00] . AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\1311200319:3232487601.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\AVG\AVG10\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe -k DComLaunch C:\WINDOWS\system32\rundll32.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgchsvx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\SYSTEM32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\explorer.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com mSearch Page = hxxp://www.google.com mSearch Bar = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = 127.0.0.1 uSearchAssistant = hxxp://www.google.com/ie uCustomizeSearch = about:blank uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com mSearchAssistant = hxxp://www.google.com/ie BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mRun: [!AVG Anti-Spyware] "c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot StartupFolder: c:\documents and settings\jonathan ross\start menu\programs\startup\V CAST Music Monitor.lnk.disabled StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Adobe Reader Speed Launch.lnk.disabled StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Digital Line Detect.lnk.disabled StartupFolder: c:\documents and settings\all users\start menu\programs\startup\HP Digital Imaging Monitor.lnk.disabled StartupFolder: c:\documents and settings\all users\start menu\programs\startup\HP Image Zone Fast Start.lnk.disabled StartupFolder: c:\documents and settings\all users\start menu\programs\startup\hp psc 1000 series.lnk.disabled StartupFolder: c:\documents and settings\all users\start menu\programs\startup\hpoddt01.exe.lnk.disabled StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Microsoft Office.lnk.disabled StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Microsoft Works Calendar Reminders.lnk.disabled mPolicies-explorer: <NO NAME> = IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000 IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll LSP: mswsock.dll DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} - hxxps://vmodlms.widerthanam.com/component/VZWDLManager.cab DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143679815796 DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\jonathan ross\application data\mozilla\firefox\profiles\tsj4tx7v.default\ FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - plugin: c:\documents and settings\jonathan ross\application data\move networks\plugins\npqmp071701000002.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592] R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2006-11-20 155136] R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2006-11-20 5248] R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2007-5-30 11000] R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2011-8-22 10872] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 297168] R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\VCdRom.sys [2006-11-20 8576] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2009-11-25 57376] R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-6-8 41272] S2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2007-5-30 312880] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664] S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2009-11-25 547744] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\d-link\wireless g wda-1320\jswutil\jswpsapi.exe [2009-11-25 352338] S3 klmd23;klmd23;c:\windows\system32\drivers\klmd.sys [2011-8-21 52432] . =============== Created Last 30 ================ . 2011-08-23 15:43:42 -------- d-----w- c:\program files\Trojan Remover 2011-08-23 15:43:42 -------- d-----w- c:\documents and settings\jonathan ross\application data\Simply Super Software 2011-08-23 15:43:42 -------- d-----w- c:\documents and settings\all users\application data\Simply Super Software 2011-08-23 15:36:08 94768 ----a-w- c:\windows\system32\drivers\46029272.sys 2011-08-23 05:39:49 43408 --sha-w- c:\windows\system32\c_66981.nl_ 2011-08-22 14:45:05 -------- d-----w- c:\documents and settings\jonathan ross\DoctorWeb 2011-08-22 14:39:37 43408 --sha-w- c:\windows\system32\c_66981.nl_.mwt 2011-08-22 14:26:35 632064 ----a-w- c:\windows\system32\msvcr80.dll 2011-08-22 14:26:34 554240 ----a-w- c:\windows\system32\msvcp80.dll 2011-08-22 14:26:32 34048 ----a-w- c:\windows\system32\eEmpty.exe 2011-08-22 14:26:14 146432 ----a-w- c:\windows\REGEDIT.COM 2011-08-22 14:26:14 146432 ----a-w- c:\windows\R.COM 2011-08-22 14:26:14 135680 ----a-w- c:\windows\system32\TASKMGR.COM 2011-08-22 14:26:14 135680 ----a-w- c:\windows\system32\T.COM 2011-08-22 14:26:12 -------- d-----w- c:\program files\common files\MicroWorld 2011-08-22 14:26:00 -------- d-----w- c:\documents and settings\all users\application data\MicroWorld 2011-08-22 14:25:23 -------- d-----w- c:\program files\CleanUp! 2011-08-22 14:22:18 10872 ----a-w- c:\windows\system32\drivers\AvgAsCln.sys 2011-08-22 14:22:13 -------- d-----w- c:\documents and settings\all users\application data\Grisoft 2011-08-21 10:54:04 52432 ----a-w- c:\windows\system32\drivers\klmd.sys . ==================== Find3M ==================== . 2011-08-23 15:13:18 64896 ----a-w- c:\windows\system32\drivers\serial.sys 2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 11:56:50.25 =============== Thanks for any help (once again).

I apologize immediately for not posting a log with this initial message. However, the infection I've gotten has prevented me from opening TDSSKiller, HijackThis, MBAM, and a sorted list of other programs I have on my computer. I have followed many of the self-help guides as I've seen where they've applied to me, but I'm having no luck whatsoever. Combofix began to run then quit on me as well. Rkill isn't saying it's detecting anything. le sigh. All looks bleak. The information I do have is that there is a terrible process running under the name 1311200319:3232487601.exe which may be the culprit as well as a rootkit issue. Is there anything I could do to gather more information for you all? I've tried renaming files, opening with several of the other methods from this site; no positive results. I appreciate the time and effort you guys all put forth for my questions and the many others who find there way here.