rigsby1208

Hi I had a very quick test of the computer, in normal mode (not safe mode) and there still seemed to be issues opening software, task manager etc. I can have a more detailed look tonight, and will report back

Hi I ran TDSSkiller, it came up with the issue, but I only had a choice of skip, quarantine or delete, so I went for delete. I reran TDSSkiller and it didnt find the issue again, log below... 2010/11/03 18:59:19.0937 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43 2010/11/03 18:59:19.0937 ================================================================================ 2010/11/03 18:59:19.0937 SystemInfo: 2010/11/03 18:59:19.0937 2010/11/03 18:59:19.0937 OS Version: 5.1.2600 ServicePack: 3.0 2010/11/03 18:59:19.0937 Product type: Workstation 2010/11/03 18:59:19.0937 ComputerName: DARREN-DESKTOP 2010/11/03 18:59:19.0937 UserName: Administrator 2010/11/03 18:59:19.0937 Windows directory: E:\WINDOWS 2010/11/03 18:59:19.0937 System windows directory: E:\WINDOWS 2010/11/03 18:59:19.0937 Processor architecture: Intel x86 2010/11/03 18:59:19.0937 Number of processors: 4 2010/11/03 18:59:19.0937 Page size: 0x1000 2010/11/03 18:59:19.0937 Boot type: Safe boot with network 2010/11/03 18:59:19.0937 ================================================================================ 2010/11/03 18:59:23.0890 Initialize success 2010/11/03 18:59:25.0437 ================================================================================ 2010/11/03 18:59:25.0437 Scan started 2010/11/03 18:59:25.0437 Mode: Manual; 2010/11/03 18:59:25.0437 ================================================================================ 2010/11/03 18:59:27.0062 ACPI (8fd99680a539792a30e97944fdaecf17) E:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/11/03 18:59:27.0093 ACPIEC (9859c0f6936e723e4892d7141b1327d5) E:\WINDOWS\system32\drivers\ACPIEC.sys 2010/11/03 18:59:27.0156 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys 2010/11/03 18:59:27.0187 AFD (7e775010ef291da96ad17ca4b17137d7) E:\WINDOWS\System32\drivers\afd.sys 2010/11/03 18:59:27.0312 Arp1394 (b5b8a80875c1dededa8b02765642c32f) E:\WINDOWS\system32\DRIVERS\arp1394.sys 2010/11/03 18:59:27.0375 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) E:\WINDOWS\system32\drivers\AsIO.sys 2010/11/03 18:59:27.0437 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/11/03 18:59:27.0453 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys 2010/11/03 18:59:27.0546 ati2mtag (c06659ff381423d6cb19a91c2a2f80ad) E:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2010/11/03 18:59:27.0593 AtiHdmiService (591a9eabb5ef5168e435c2f18b05dd76) E:\WINDOWS\system32\drivers\AtiHdmi.sys 2010/11/03 18:59:27.0609 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/11/03 18:59:27.0640 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys 2010/11/03 18:59:27.0671 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys 2010/11/03 18:59:27.0734 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys 2010/11/03 18:59:27.0765 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys 2010/11/03 18:59:27.0781 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys 2010/11/03 18:59:27.0796 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/11/03 18:59:27.0937 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys 2010/11/03 18:59:27.0984 dmboot (d992fe1274bde0f84ad826acae022a41) E:\WINDOWS\system32\drivers\dmboot.sys 2010/11/03 18:59:28.0000 dmio (7c824cf7bbde77d95c08005717a95f6f) E:\WINDOWS\system32\drivers\dmio.sys 2010/11/03 18:59:28.0031 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys 2010/11/03 18:59:28.0046 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys 2010/11/03 18:59:28.0093 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys 2010/11/03 18:59:28.0125 dsNcAdpt (4823163c246868863d41a2f5ee06a21e) E:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys 2010/11/03 18:59:28.0187 epmntdrv (57cc1bf06c159dfbb989f5783c0e6a50) E:\WINDOWS\system32\epmntdrv.sys 2010/11/03 18:59:28.0218 EuGdiDrv (5f779f5edab787f2d090c71a9051f365) E:\WINDOWS\system32\EuGdiDrv.sys 2010/11/03 18:59:28.0250 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys 2010/11/03 18:59:28.0281 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\DRIVERS\fdc.sys 2010/11/03 18:59:28.0296 Fips (d45926117eb9fa946a6af572fbe1caa3) E:\WINDOWS\system32\drivers\Fips.sys 2010/11/03 18:59:28.0312 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\DRIVERS\flpydisk.sys 2010/11/03 18:59:28.0343 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys 2010/11/03 18:59:28.0375 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) E:\WINDOWS\system32\FsUsbExDisk.SYS 2010/11/03 18:59:28.0406 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/11/03 18:59:28.0421 Ftdisk (6ac26732762483366c3969c9e4d2259d) E:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/11/03 18:59:28.0453 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) E:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2010/11/03 18:59:28.0484 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/11/03 18:59:28.0515 HDAudBus (573c7d0a32852b48f3058cfd8026f511) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2010/11/03 18:59:28.0578 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) E:\WINDOWS\system32\DRIVERS\HPZid412.sys 2010/11/03 18:59:28.0593 HPZipr12 (89f41658929393487b6b7d13c8528ce3) E:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2010/11/03 18:59:28.0625 HPZius12 (abcb05ccdbf03000354b9553820e39f8) E:\WINDOWS\system32\DRIVERS\HPZius12.sys 2010/11/03 18:59:28.0656 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys 2010/11/03 18:59:28.0703 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) E:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/11/03 18:59:28.0734 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys 2010/11/03 18:59:28.0859 IntcAzAudAddService (41bb402c2ade27b32439bb765864ab3b) E:\WINDOWS\system32\drivers\RtkHDAud.sys 2010/11/03 18:59:28.0921 intelppm (8c953733d8f36eb2133f5bb58808b66b) E:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/11/03 18:59:28.0953 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys 2010/11/03 18:59:28.0984 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/11/03 18:59:29.0015 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/11/03 18:59:29.0015 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/11/03 18:59:29.0062 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/11/03 18:59:29.0078 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys 2010/11/03 18:59:29.0109 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) E:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/11/03 18:59:29.0125 Kbdclass (463c1ec80cd17420a542b7f36a36f128) E:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/11/03 18:59:29.0140 kl1 (47f4320cff5bd3de472bb300a32a879e) E:\WINDOWS\system32\drivers\kl1.sys 2010/11/03 18:59:29.0203 kl2 (0e29fe31bd4c72412ad99253e71b25c1) E:\WINDOWS\system32\drivers\kl2.sys 2010/11/03 18:59:29.0218 KLIF (acfa523e62dbd4be52c8b665dd49acf3) E:\WINDOWS\system32\DRIVERS\klif.sys 2010/11/03 18:59:29.0265 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) E:\WINDOWS\system32\DRIVERS\klim5.sys 2010/11/03 18:59:29.0296 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) E:\WINDOWS\system32\DRIVERS\klmouflt.sys 2010/11/03 18:59:29.0312 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys 2010/11/03 18:59:29.0328 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys 2010/11/03 18:59:29.0343 L1e (93e64bab9dee162ca0ca5258d132a047) E:\WINDOWS\system32\DRIVERS\l1e51x86.sys 2010/11/03 18:59:29.0375 L8042Kbd (dc61f15187372d164769c841655e58f3) E:\WINDOWS\system32\DRIVERS\L8042Kbd.sys 2010/11/03 18:59:29.0390 L8042mou (cb6e007d3a67cb80ee9df2afd4b0fc9d) E:\WINDOWS\system32\DRIVERS\L8042mou.Sys 2010/11/03 18:59:29.0484 LMouKE (58597a99792461e89bb5c44e17508d70) E:\WINDOWS\system32\DRIVERS\LMouKE.Sys 2010/11/03 18:59:29.0500 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys 2010/11/03 18:59:29.0531 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) E:\WINDOWS\system32\drivers\Modem.sys 2010/11/03 18:59:29.0546 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) E:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/11/03 18:59:29.0562 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys 2010/11/03 18:59:29.0593 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/11/03 18:59:29.0609 MRxSmb (f3aefb11abc521122b67095044169e98) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/11/03 18:59:29.0640 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys 2010/11/03 18:59:29.0687 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/11/03 18:59:29.0703 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/11/03 18:59:29.0718 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys 2010/11/03 18:59:29.0734 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/11/03 18:59:29.0765 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) E:\WINDOWS\system32\DRIVERS\ASACPI.sys 2010/11/03 18:59:29.0781 mv61xx (a95fed4c2fb11c79e7ddbe2eff1919b5) E:\WINDOWS\system32\DRIVERS\mv61xx.sys 2010/11/03 18:59:29.0812 mv91xx (647ee4dc4ca56f4e3f3deec7ecfcbb7a) E:\WINDOWS\system32\DRIVERS\mv91xx.sys 2010/11/03 18:59:29.0843 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys 2010/11/03 18:59:29.0859 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) E:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/11/03 18:59:29.0890 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/11/03 18:59:29.0890 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/11/03 18:59:29.0906 NDProxy (6215023940cfd3702b46abc304e1d45a) E:\WINDOWS\system32\drivers\NDProxy.sys 2010/11/03 18:59:29.0937 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys 2010/11/03 18:59:29.0968 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys 2010/11/03 18:59:30.0015 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) E:\WINDOWS\system32\DRIVERS\nic1394.sys 2010/11/03 18:59:30.0046 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys 2010/11/03 18:59:30.0062 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys 2010/11/03 18:59:30.0093 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys 2010/11/03 18:59:30.0125 nusb3xhc (456f7262604f85746919823f592b303c) E:\WINDOWS\system32\DRIVERS\nusb3xhc.sys 2010/11/03 18:59:30.0156 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/11/03 18:59:30.0171 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/11/03 18:59:30.0203 ohci1394 (ca33832df41afb202ee7aeb05145922f) E:\WINDOWS\system32\DRIVERS\ohci1394.sys 2010/11/03 18:59:30.0234 Parport (5575faf8f97ce5e713d108c2a58d7c7c) E:\WINDOWS\system32\drivers\Parport.sys 2010/11/03 18:59:30.0250 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys 2010/11/03 18:59:30.0281 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) E:\WINDOWS\system32\drivers\ParVdm.sys 2010/11/03 18:59:30.0312 pccsmcfd (fd2041e9ba03db7764b2248f02475079) E:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 2010/11/03 18:59:30.0328 PCI (a219903ccf74233761d92bef471a07b1) E:\WINDOWS\system32\DRIVERS\pci.sys 2010/11/03 18:59:30.0359 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) E:\WINDOWS\system32\DRIVERS\pciide.sys 2010/11/03 18:59:30.0390 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) E:\WINDOWS\system32\drivers\Pcmcia.sys 2010/11/03 18:59:30.0406 pcouffin (5b6c11de7e839c05248ced8825470fef) E:\WINDOWS\system32\Drivers\pcouffin.sys 2010/11/03 18:59:30.0593 PLCNDIS5 (2aba2f545b35f9c6cc2cfc4e1d539a80) E:\PROGRA~1\PLE200\PLCNDIS5.SYS 2010/11/03 18:59:30.0625 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/11/03 18:59:30.0656 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys 2010/11/03 18:59:30.0671 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/11/03 18:59:30.0687 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) E:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/11/03 18:59:30.0781 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/11/03 18:59:30.0812 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/11/03 18:59:30.0828 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/11/03 18:59:30.0843 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys 2010/11/03 18:59:30.0859 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/11/03 18:59:30.0875 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/11/03 18:59:30.0906 rdpdr (15cabd0f7c00c47c70124907916af3f1) E:\WINDOWS\system32\DRIVERS\rdpdr.sys 2010/11/03 18:59:30.0937 RDPWD (6728e45b66f93c08f11de2e316fc70dd) E:\WINDOWS\system32\drivers\RDPWD.sys 2010/11/03 18:59:30.0968 redbook (f828dd7e1419b6653894a8f97a0094c5) E:\WINDOWS\system32\DRIVERS\redbook.sys 2010/11/03 18:59:31.0046 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/11/03 18:59:31.0062 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys 2010/11/03 18:59:31.0093 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) E:\WINDOWS\system32\DRIVERS\serial.sys 2010/11/03 18:59:31.0125 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys 2010/11/03 18:59:31.0203 snapman (e78c98378a071ce4d48a7c514fa98fa1) E:\WINDOWS\system32\DRIVERS\snapman.sys 2010/11/03 18:59:31.0218 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys 2010/11/03 18:59:31.0265 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) E:\WINDOWS\system32\DRIVERS\sr.sys 2010/11/03 18:59:31.0296 Srv (da852e3e0bf1cea75d756f9866241e57) E:\WINDOWS\system32\DRIVERS\srv.sys 2010/11/03 18:59:31.0328 sscdbus (92b69020fc480219683d429dca068d71) E:\WINDOWS\system32\DRIVERS\sscdbus.sys 2010/11/03 18:59:31.0359 sscdmdfl (77a2869d40cc84af711c321f9b0c7a78) E:\WINDOWS\system32\DRIVERS\sscdmdfl.sys 2010/11/03 18:59:31.0390 sscdmdm (b4255635195a8413fcde7af5b7c4e382) E:\WINDOWS\system32\DRIVERS\sscdmdm.sys 2010/11/03 18:59:31.0406 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys 2010/11/03 18:59:31.0437 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys 2010/11/03 18:59:31.0531 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys 2010/11/03 18:59:31.0562 tbhsd (c26c6dff638d9e51dc5cc60a7785d057) E:\WINDOWS\system32\drivers\tbhsd.sys 2010/11/03 18:59:31.0578 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/11/03 18:59:31.0609 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys 2010/11/03 18:59:31.0625 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys 2010/11/03 18:59:31.0640 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys 2010/11/03 18:59:31.0703 truecrypt (db0815523ac07445a2f09dcd2acea8c3) E:\WINDOWS\system32\drivers\truecrypt.sys 2010/11/03 18:59:31.0734 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys 2010/11/03 18:59:31.0765 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys 2010/11/03 18:59:31.0843 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) E:\WINDOWS\system32\Drivers\usbaapl.sys 2010/11/03 18:59:31.0859 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/11/03 18:59:31.0875 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/11/03 18:59:31.0906 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/11/03 18:59:31.0921 usbprint (a717c8721046828520c9edf31288fc00) E:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/11/03 18:59:31.0953 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) E:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/11/03 18:59:31.0968 usbstor (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/11/03 18:59:31.0984 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) E:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/11/03 18:59:32.0015 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys 2010/11/03 18:59:32.0046 VolSnap (4c8fcb5cc53aab716d810740fe59d025) E:\WINDOWS\system32\drivers\VolSnap.sys 2010/11/03 18:59:32.0093 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/11/03 18:59:32.0125 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) E:\WINDOWS\system32\Drivers\wdf01000.sys 2010/11/03 18:59:32.0171 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys 2010/11/03 18:59:32.0265 WpdUsb (cf4def1bf66f06964dc0d91844239104) E:\WINDOWS\system32\DRIVERS\wpdusb.sys 2010/11/03 18:59:32.0296 WudfPf (6ff66513d372d479ef1810223c8d20ce) E:\WINDOWS\system32\DRIVERS\WudfPf.sys 2010/11/03 18:59:32.0328 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) E:\WINDOWS\system32\DRIVERS\wudfrd.sys 2010/11/03 18:59:32.0531 ================================================================================ 2010/11/03 18:59:32.0531 Scan finished 2010/11/03 18:59:32.0531 ================================================================================

I've downloaded and rerun TDSS... 2010/11/03 15:40:12.0906 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43 2010/11/03 15:40:12.0906 ================================================================================ 2010/11/03 15:40:12.0906 SystemInfo: 2010/11/03 15:40:12.0906 2010/11/03 15:40:12.0906 OS Version: 5.1.2600 ServicePack: 3.0 2010/11/03 15:40:12.0906 Product type: Workstation 2010/11/03 15:40:12.0906 ComputerName: DARREN-DESKTOP 2010/11/03 15:40:12.0906 UserName: Administrator 2010/11/03 15:40:12.0906 Windows directory: E:\WINDOWS 2010/11/03 15:40:12.0906 System windows directory: E:\WINDOWS 2010/11/03 15:40:12.0906 Processor architecture: Intel x86 2010/11/03 15:40:12.0906 Number of processors: 4 2010/11/03 15:40:12.0906 Page size: 0x1000 2010/11/03 15:40:12.0906 Boot type: Safe boot with network 2010/11/03 15:40:12.0906 ================================================================================ 2010/11/03 15:40:14.0515 Initialize success 2010/11/03 15:40:16.0937 ================================================================================ 2010/11/03 15:40:16.0937 Scan started 2010/11/03 15:40:16.0937 Mode: Manual; 2010/11/03 15:40:16.0937 ================================================================================ 2010/11/03 15:40:19.0000 ACPI (8fd99680a539792a30e97944fdaecf17) E:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/11/03 15:40:19.0031 ACPIEC (9859c0f6936e723e4892d7141b1327d5) E:\WINDOWS\system32\drivers\ACPIEC.sys 2010/11/03 15:40:19.0078 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys 2010/11/03 15:40:19.0109 AFD (7e775010ef291da96ad17ca4b17137d7) E:\WINDOWS\System32\drivers\afd.sys 2010/11/03 15:40:19.0234 Arp1394 (b5b8a80875c1dededa8b02765642c32f) E:\WINDOWS\system32\DRIVERS\arp1394.sys 2010/11/03 15:40:19.0296 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) E:\WINDOWS\system32\drivers\AsIO.sys 2010/11/03 15:40:19.0359 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/11/03 15:40:19.0375 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys 2010/11/03 15:40:19.0468 ati2mtag (c06659ff381423d6cb19a91c2a2f80ad) E:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2010/11/03 15:40:19.0515 AtiHdmiService (591a9eabb5ef5168e435c2f18b05dd76) E:\WINDOWS\system32\drivers\AtiHdmi.sys 2010/11/03 15:40:19.0546 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/11/03 15:40:19.0562 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys 2010/11/03 15:40:19.0593 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys 2010/11/03 15:40:19.0640 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys 2010/11/03 15:40:19.0687 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys 2010/11/03 15:40:19.0703 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys 2010/11/03 15:40:19.0718 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/11/03 15:40:19.0859 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys 2010/11/03 15:40:19.0906 dmboot (d992fe1274bde0f84ad826acae022a41) E:\WINDOWS\system32\drivers\dmboot.sys 2010/11/03 15:40:19.0921 dmio (7c824cf7bbde77d95c08005717a95f6f) E:\WINDOWS\system32\drivers\dmio.sys 2010/11/03 15:40:19.0953 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys 2010/11/03 15:40:19.0984 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys 2010/11/03 15:40:20.0031 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys 2010/11/03 15:40:20.0046 dsNcAdpt (4823163c246868863d41a2f5ee06a21e) E:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys 2010/11/03 15:40:20.0093 epmntdrv (57cc1bf06c159dfbb989f5783c0e6a50) E:\WINDOWS\system32\epmntdrv.sys 2010/11/03 15:40:20.0109 EuGdiDrv (5f779f5edab787f2d090c71a9051f365) E:\WINDOWS\system32\EuGdiDrv.sys 2010/11/03 15:40:20.0140 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys 2010/11/03 15:40:20.0156 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\DRIVERS\fdc.sys 2010/11/03 15:40:20.0171 Fips (d45926117eb9fa946a6af572fbe1caa3) E:\WINDOWS\system32\drivers\Fips.sys 2010/11/03 15:40:20.0187 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\DRIVERS\flpydisk.sys 2010/11/03 15:40:20.0218 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys 2010/11/03 15:40:20.0250 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) E:\WINDOWS\system32\FsUsbExDisk.SYS 2010/11/03 15:40:20.0281 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/11/03 15:40:20.0296 Ftdisk (6ac26732762483366c3969c9e4d2259d) E:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/11/03 15:40:20.0328 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) E:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2010/11/03 15:40:20.0359 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/11/03 15:40:20.0390 HDAudBus (573c7d0a32852b48f3058cfd8026f511) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2010/11/03 15:40:20.0453 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) E:\WINDOWS\system32\DRIVERS\HPZid412.sys 2010/11/03 15:40:20.0484 HPZipr12 (89f41658929393487b6b7d13c8528ce3) E:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2010/11/03 15:40:20.0500 HPZius12 (abcb05ccdbf03000354b9553820e39f8) E:\WINDOWS\system32\DRIVERS\HPZius12.sys 2010/11/03 15:40:20.0531 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys 2010/11/03 15:40:20.0593 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) E:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/11/03 15:40:20.0625 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys 2010/11/03 15:40:20.0734 IntcAzAudAddService (41bb402c2ade27b32439bb765864ab3b) E:\WINDOWS\system32\drivers\RtkHDAud.sys 2010/11/03 15:40:20.0812 intelppm (8c953733d8f36eb2133f5bb58808b66b) E:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/11/03 15:40:20.0843 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys 2010/11/03 15:40:20.0859 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/11/03 15:40:20.0875 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/11/03 15:40:20.0890 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/11/03 15:40:20.0921 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/11/03 15:40:20.0953 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys 2010/11/03 15:40:20.0984 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) E:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/11/03 15:40:21.0000 Kbdclass (463c1ec80cd17420a542b7f36a36f128) E:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/11/03 15:40:21.0015 kl1 (47f4320cff5bd3de472bb300a32a879e) E:\WINDOWS\system32\drivers\kl1.sys 2010/11/03 15:40:21.0062 kl2 (0e29fe31bd4c72412ad99253e71b25c1) E:\WINDOWS\system32\drivers\kl2.sys 2010/11/03 15:40:21.0093 KLIF (acfa523e62dbd4be52c8b665dd49acf3) E:\WINDOWS\system32\DRIVERS\klif.sys 2010/11/03 15:40:21.0125 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) E:\WINDOWS\system32\DRIVERS\klim5.sys 2010/11/03 15:40:21.0156 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) E:\WINDOWS\system32\DRIVERS\klmouflt.sys 2010/11/03 15:40:21.0171 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys 2010/11/03 15:40:21.0203 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys 2010/11/03 15:40:21.0234 L1e (93e64bab9dee162ca0ca5258d132a047) E:\WINDOWS\system32\DRIVERS\l1e51x86.sys 2010/11/03 15:40:21.0250 L8042Kbd (dc61f15187372d164769c841655e58f3) E:\WINDOWS\system32\DRIVERS\L8042Kbd.sys 2010/11/03 15:40:21.0265 L8042mou (cb6e007d3a67cb80ee9df2afd4b0fc9d) E:\WINDOWS\system32\DRIVERS\L8042mou.Sys 2010/11/03 15:40:21.0359 LMouKE (58597a99792461e89bb5c44e17508d70) E:\WINDOWS\system32\DRIVERS\LMouKE.Sys 2010/11/03 15:40:21.0375 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys 2010/11/03 15:40:21.0406 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) E:\WINDOWS\system32\drivers\Modem.sys 2010/11/03 15:40:21.0421 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) E:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/11/03 15:40:21.0437 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys 2010/11/03 15:40:21.0484 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/11/03 15:40:21.0500 MRxSmb (f3aefb11abc521122b67095044169e98) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/11/03 15:40:21.0531 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys 2010/11/03 15:40:21.0546 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/11/03 15:40:21.0578 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/11/03 15:40:21.0593 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys 2010/11/03 15:40:21.0609 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/11/03 15:40:21.0640 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) E:\WINDOWS\system32\DRIVERS\ASACPI.sys 2010/11/03 15:40:21.0656 Mup (fb12d27644f5b9fc2e92d2d551929588) E:\WINDOWS\system32\drivers\Mup.sys 2010/11/03 15:40:21.0656 Suspicious file (Forged): E:\WINDOWS\system32\drivers\Mup.sys. Real md5: fb12d27644f5b9fc2e92d2d551929588, Fake md5: b66619e78caad6e374ed628c2fb74f1e 2010/11/03 15:40:21.0656 Mup - detected Forged file (1) 2010/11/03 15:40:21.0671 mv61xx (a95fed4c2fb11c79e7ddbe2eff1919b5) E:\WINDOWS\system32\DRIVERS\mv61xx.sys 2010/11/03 15:40:21.0703 mv91xx (647ee4dc4ca56f4e3f3deec7ecfcbb7a) E:\WINDOWS\system32\DRIVERS\mv91xx.sys 2010/11/03 15:40:21.0734 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys 2010/11/03 15:40:21.0750 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) E:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/11/03 15:40:21.0765 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/11/03 15:40:21.0781 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/11/03 15:40:21.0796 NDProxy (6215023940cfd3702b46abc304e1d45a) E:\WINDOWS\system32\drivers\NDProxy.sys 2010/11/03 15:40:21.0828 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys 2010/11/03 15:40:21.0843 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys 2010/11/03 15:40:21.0890 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) E:\WINDOWS\system32\DRIVERS\nic1394.sys 2010/11/03 15:40:21.0921 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys 2010/11/03 15:40:21.0937 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys 2010/11/03 15:40:21.0968 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys 2010/11/03 15:40:22.0015 nusb3xhc (456f7262604f85746919823f592b303c) E:\WINDOWS\system32\DRIVERS\nusb3xhc.sys 2010/11/03 15:40:22.0031 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/11/03 15:40:22.0046 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/11/03 15:40:22.0062 ohci1394 (ca33832df41afb202ee7aeb05145922f) E:\WINDOWS\system32\DRIVERS\ohci1394.sys 2010/11/03 15:40:22.0109 Parport (5575faf8f97ce5e713d108c2a58d7c7c) E:\WINDOWS\system32\drivers\Parport.sys 2010/11/03 15:40:22.0125 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys 2010/11/03 15:40:22.0140 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) E:\WINDOWS\system32\drivers\ParVdm.sys 2010/11/03 15:40:22.0187 pccsmcfd (fd2041e9ba03db7764b2248f02475079) E:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 2010/11/03 15:40:22.0203 PCI (a219903ccf74233761d92bef471a07b1) E:\WINDOWS\system32\DRIVERS\pci.sys 2010/11/03 15:40:22.0250 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) E:\WINDOWS\system32\DRIVERS\pciide.sys 2010/11/03 15:40:22.0265 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) E:\WINDOWS\system32\drivers\Pcmcia.sys 2010/11/03 15:40:22.0296 pcouffin (5b6c11de7e839c05248ced8825470fef) E:\WINDOWS\system32\Drivers\pcouffin.sys 2010/11/03 15:40:22.0468 PLCNDIS5 (2aba2f545b35f9c6cc2cfc4e1d539a80) E:\PROGRA~1\PLE200\PLCNDIS5.SYS 2010/11/03 15:40:22.0500 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/11/03 15:40:22.0531 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys 2010/11/03 15:40:22.0546 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/11/03 15:40:22.0562 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) E:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/11/03 15:40:22.0671 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/11/03 15:40:22.0687 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/11/03 15:40:22.0718 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/11/03 15:40:22.0734 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys 2010/11/03 15:40:22.0750 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/11/03 15:40:22.0765 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/11/03 15:40:22.0781 rdpdr (15cabd0f7c00c47c70124907916af3f1) E:\WINDOWS\system32\DRIVERS\rdpdr.sys 2010/11/03 15:40:22.0812 RDPWD (6728e45b66f93c08f11de2e316fc70dd) E:\WINDOWS\system32\drivers\RDPWD.sys 2010/11/03 15:40:22.0843 redbook (f828dd7e1419b6653894a8f97a0094c5) E:\WINDOWS\system32\DRIVERS\redbook.sys 2010/11/03 15:40:22.0921 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/11/03 15:40:22.0953 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys 2010/11/03 15:40:22.0968 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) E:\WINDOWS\system32\DRIVERS\serial.sys 2010/11/03 15:40:23.0015 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys 2010/11/03 15:40:23.0078 snapman (e78c98378a071ce4d48a7c514fa98fa1) E:\WINDOWS\system32\DRIVERS\snapman.sys 2010/11/03 15:40:23.0109 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys 2010/11/03 15:40:23.0140 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) E:\WINDOWS\system32\DRIVERS\sr.sys 2010/11/03 15:40:23.0187 Srv (da852e3e0bf1cea75d756f9866241e57) E:\WINDOWS\system32\DRIVERS\srv.sys 2010/11/03 15:40:23.0218 sscdbus (92b69020fc480219683d429dca068d71) E:\WINDOWS\system32\DRIVERS\sscdbus.sys 2010/11/03 15:40:23.0250 sscdmdfl (77a2869d40cc84af711c321f9b0c7a78) E:\WINDOWS\system32\DRIVERS\sscdmdfl.sys 2010/11/03 15:40:23.0265 sscdmdm (b4255635195a8413fcde7af5b7c4e382) E:\WINDOWS\system32\DRIVERS\sscdmdm.sys 2010/11/03 15:40:23.0296 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys 2010/11/03 15:40:23.0312 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys 2010/11/03 15:40:23.0406 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys 2010/11/03 15:40:23.0453 tbhsd (c26c6dff638d9e51dc5cc60a7785d057) E:\WINDOWS\system32\drivers\tbhsd.sys 2010/11/03 15:40:23.0468 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/11/03 15:40:23.0500 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys 2010/11/03 15:40:23.0515 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys 2010/11/03 15:40:23.0531 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys 2010/11/03 15:40:23.0593 truecrypt (db0815523ac07445a2f09dcd2acea8c3) E:\WINDOWS\system32\drivers\truecrypt.sys 2010/11/03 15:40:23.0609 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys 2010/11/03 15:40:23.0656 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys 2010/11/03 15:40:23.0703 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) E:\WINDOWS\system32\Drivers\usbaapl.sys 2010/11/03 15:40:23.0750 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/11/03 15:40:23.0765 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/11/03 15:40:23.0781 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/11/03 15:40:23.0796 usbprint (a717c8721046828520c9edf31288fc00) E:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/11/03 15:40:23.0828 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) E:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/11/03 15:40:23.0843 usbstor (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/11/03 15:40:23.0859 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) E:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/11/03 15:40:23.0875 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys 2010/11/03 15:40:23.0921 VolSnap (4c8fcb5cc53aab716d810740fe59d025) E:\WINDOWS\system32\drivers\VolSnap.sys 2010/11/03 15:40:23.0968 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/11/03 15:40:24.0000 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) E:\WINDOWS\system32\Drivers\wdf01000.sys 2010/11/03 15:40:24.0046 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys 2010/11/03 15:40:24.0140 WpdUsb (cf4def1bf66f06964dc0d91844239104) E:\WINDOWS\system32\DRIVERS\wpdusb.sys 2010/11/03 15:40:24.0171 WudfPf (6ff66513d372d479ef1810223c8d20ce) E:\WINDOWS\system32\DRIVERS\WudfPf.sys 2010/11/03 15:40:24.0203 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) E:\WINDOWS\system32\DRIVERS\wudfrd.sys 2010/11/03 15:40:24.0406 ================================================================================ 2010/11/03 15:40:24.0406 Scan finished 2010/11/03 15:40:24.0406 ================================================================================ 2010/11/03 15:40:24.0421 Detected object count: 1 2010/11/03 15:40:54.0125 Forged file(Mup) - User select action: Skip

Thanks for taking it on. I've just re run combo fix.... ComboFix 10-11-02.05 - Administrator 03/11/2010 14:04:52.3.4 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2952 [GMT 0:00] Running from: e:\documents and settings\Administrator\Desktop\ComboFix.exe AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . e:\windows\system32\Drivers\jgksnmoa.sys e:\windows\system32\drivers\nusb3hub.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_nusb3hub ((((((((((((((((((((((((( Files Created from 2010-10-03 to 2010-11-03 ))))))))))))))))))))))))))))))) . 2010-11-03 11:29 . 2010-11-03 12:04 -------- d-----w- E:\TDSSKiller_Quarantine 2010-10-26 20:53 . 2010-04-29 15:39 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys 2010-10-26 20:53 . 2010-04-29 15:39 20952 ----a-w- e:\windows\system32\drivers\mbam.sys 2010-10-22 11:50 . 2010-11-03 12:09 -------- d-----w- e:\documents and settings\Administrator 2010-10-21 14:44 . 2010-10-21 14:44 -------- d-----w- e:\windows\system32\wbem\Repository 2010-10-21 12:43 . 2010-10-21 14:43 -------- d-----w- E:\32788R22FWJFW(2) 2010-10-21 10:30 . 2010-10-21 14:43 -------- d-s---w- e:\documents and settings\test 2010-10-21 10:26 . 2010-10-21 10:26 -------- d-----w- e:\documents and settings\Henry Bishop\Local Settings\Application Data\Mozilla 2010-10-21 09:58 . 2010-10-21 09:58 -------- d-----w- e:\documents and settings\Darren Bishop\Application Data\Malwarebytes 2010-10-21 09:57 . 2010-10-21 09:57 -------- d-----w- e:\documents and settings\All Users\Application Data\Malwarebytes 2010-10-21 09:57 . 2010-11-03 12:24 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware 2010-10-20 23:29 . 2010-10-21 14:43 -------- d-----w- e:\program files\Spyware Doctor 2010-10-20 23:29 . 2010-10-21 14:43 -------- d-----w- e:\program files\Common Files\PC Tools 2010-10-20 23:04 . 2010-10-21 14:43 -------- dc----w- e:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70} 2010-10-20 23:04 . 2010-10-20 23:08 -------- d-----w- e:\documents and settings\All Users\Application Data\Lavasoft 2010-10-20 23:04 . 2010-10-20 23:04 -------- d-----w- e:\program files\Lavasoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-31 15:50 . 2004-08-04 12:00 210688 ----a-w- e:\windows\system32\drivers\mup.sys 2010-09-10 05:58 . 2004-08-04 12:00 916480 ----a-w- e:\windows\system32\wininet.dll 2010-09-10 05:58 . 2004-08-04 12:00 43520 ----a-w- e:\windows\system32\licmgr10.dll 2010-09-10 05:58 . 2004-08-04 12:00 1469440 ------w- e:\windows\system32\inetcpl.cpl 2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- e:\windows\system32\QuickTimeVR.qtx 2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- e:\windows\system32\QuickTime.qts 2010-08-31 13:42 . 2004-08-04 12:00 1852800 ----a-w- e:\windows\system32\win32k.sys 2010-08-27 08:02 . 2004-08-04 12:00 119808 ----a-w- e:\windows\system32\t2embed.dll 2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- e:\windows\system32\spoolsv.exe 2010-08-16 08:45 . 2004-08-04 12:00 590848 ----a-w- e:\windows\system32\rpcrt4.dll 2010-08-14 17:17 . 2009-03-03 22:26 47360 -c--a-w- e:\documents and settings\Darren Bishop\Application Data\pcouffin.sys 2010-08-13 12:53 . 2009-04-16 17:59 5120 ----a-w- e:\windows\system32\xpsp4res.dll 2010-08-12 04:07 . 2009-02-01 19:53 45648 ----a-w- e:\windows\system32\drivers\PxHelp20.sys 2010-08-12 04:07 . 2009-02-01 19:53 133616 -c----w- e:\windows\system32\pxafs.dll 2010-08-12 04:07 . 2009-02-01 19:53 126448 -c----w- e:\windows\system32\pxinsi64.exe 2010-08-12 04:07 . 2009-02-01 19:53 123888 -c----w- e:\windows\system32\pxcpyi64.exe . ((((((((((((((((((((((((((((( SnapShot@2010-10-31_15.53.05 ))))))))))))))))))))))))))))))))))))))))) . + 2004-08-04 12:00 . 2010-11-03 11:46 652836 e:\windows\system32\perfh009.dat + 2004-08-04 12:00 . 2010-11-03 11:46 153896 e:\windows\system32\perfc009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2009-04-02 12:47 333192 ----a-w- e:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "e:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Six Engine"="e:\program files\ASUS\Six Engine\SixEngine.exe" [2008-06-03 5964800] "StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632] "Name of App"="e:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2009-07-15 692340] "RTHDCPL"="RTHDCPL.EXE" [2009-01-31 16876032] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632] "Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "CanonSolutionMenu"="e:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696] "CanonMyPrinter"="e:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152] "OSSelectorReinstall"="e:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-26 2209224] "HP Software Update"="e:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "NPSStartup"="" [bU] "NeroFilterCheck"="e:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664] "SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-06-28 148888] "TkBellExe"="e:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-01 185896] "Broadbandadvisor.exe"="e:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2009-01-29 2303216] "DivXUpdate"="e:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584] "NUSB3MON"="e:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496] "QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="e:\windows\system32\ctfmon.exe" [2008-04-14 15360] e:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - e:\program files\Logitech\SetPoint\SetPoint.exe [2009-1-31 809488] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-11-07 16:41 72208 ----a-w- e:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "e:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "e:\\Program Files\\uTorrent\\uTorrent.exe"= "e:\\Program Files\\Free Download Manager\\fdmwi.exe"= "e:\\Program Files\\SAMSUNG\\Samsung New PC Studio\\npsasvr.exe"= "e:\\Program Files\\SAMSUNG\\Samsung New PC Studio\\npsvsvr.exe"= "e:\\Program Files\\Spotify\\spotify.exe"= "e:\\Program Files\\Vuze\\Azureus.exe"= "e:\\Program Files\\Bonjour\\mDNSResponder.exe"= "e:\\Program Files\\iTunes\\iTunes.exe"= R0 mv61xx;mv61xx;e:\windows\system32\drivers\mv61xx.sys [23/06/2008 22:21 150568] R0 mv91xx;mv91xx;e:\windows\system32\drivers\mv91xx.sys [09/10/2009 10:04 253480] R1 kl2;Kl2;e:\windows\system32\drivers\kl2.sys [06/05/2010 23:19 132184] R3 klim5;Kaspersky Anti-Virus NDIS Filter;e:\windows\system32\drivers\klim5.sys [14/09/2009 13:42 32272] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;e:\windows\system32\drivers\nusb3xhc.sys [26/10/2009 22:19 136704] S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;e:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16/09/2008 12:03 169312] S2 ASKService;ASKService;e:\program files\AskBarDis\bar\bin\AskService.exe [21/01/2010 07:45 464264] S2 ASKUpgrade;ASKUpgrade;e:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [21/01/2010 07:45 234888] S2 FsUsbExService;FsUsbExService;e:\windows\system32\FsUsbExService.Exe [14/04/2009 17:15 233472] S2 gupdate;Google Update Service (gupdate);e:\program files\Google\Update\GoogleUpdate.exe [11/02/2010 10:00 135664] S2 XobniService;XobniService;e:\program files\Xobni\XobniService.exe [12/10/2009 16:33 46824] S3 epmntdrv;epmntdrv;e:\windows\system32\epmntdrv.sys [22/07/2009 20:06 8704] S3 EuGdiDrv;EuGdiDrv;e:\windows\system32\EuGdiDrv.sys [22/07/2009 20:06 3072] S3 FsUsbExDisk;FsUsbExDisk;e:\windows\system32\FsUsbExDisk.Sys [14/04/2009 17:15 36608] S3 klmouflt;Kaspersky Lab KLMOUFLT;e:\windows\system32\drivers\klmouflt.sys [02/11/2009 19:27 19472] S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\e:\progra~1\PLE200\PLCMPR5.SYS --> e:\progra~1\PLE200\PLCMPR5.SYS [?] S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;e:\progra~1\PLE200\PLCNDIS5.SYS [16/02/2009 22:09 17280] S3 PS3 Media Server;PS3 Media Server;e:\program files\PS3 Media Server\win32\service\wrapper.exe [17/08/2008 08:40 217088] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-01-24 12:30 451872 ----a-w- e:\program files\Common Files\LightScribe\LSRunOnce.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}] 2008-06-18 15:04 8192 ----a-w- e:\program files\PixiePack Codec Pack\InstallerHelper.exe . Contents of the 'Scheduled Tasks' folder 2010-10-16 e:\windows\Tasks\AppleSoftwareUpdate.job - e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2010-11-03 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job - e:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 10:00] 2010-11-03 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job - e:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 10:00] . . ------- Supplementary Scan ------- . LSP: mswsock.dll DPF: {2665693B-C4F3-434B-83DB-7574CF50C8B7} - hxxp://www.kaspersky.co.uk/downloads/misc/kasperskylicensefinder.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://connect2.buckscc.gov.uk/dana-cached/sc/JuniperSetupClient.cab FF - ProfilePath - e:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fch2670r.default\ FF - component: e:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll FF - component: e:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll FF - plugin: e:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: e:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: e:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: e:\program files\Virgin Broadband\advisor\nprpspa.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-03 14:09 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1935655697-1960408961-839522115-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,3e,f1,a9,bd,28,40,47,b1,f1,67,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,3e,f1,a9,bd,28,40,47,b1,f1,67,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1108) e:\windows\system32\Ati2evxx.dll e:\program files\common files\logitech\bluetooth\LBTWlgn.dll e:\program files\common files\logitech\bluetooth\LBTServ.dll - - - - - - - > 'explorer.exe'(1528) e:\windows\system32\WININET.dll . Completion time: 2010-11-03 14:11:36 - machine was rebooted ComboFix-quarantined-files.txt 2010-11-03 14:11 Pre-Run: 31,252,848,640 bytes free Post-Run: 31,244,447,744 bytes free - - End Of File - - 4C436722B29484057E447BBE3F44424D

Gmer log... GMER 1.0.15.15477 - http://www.gmer.net Rootkit scan 2010-11-03 12:20:52 Windows 5.1.2600 Service Pack 3 Running: 1crc1hov.exe; Driver: E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fxlyqfoc.sys ---- Kernel code sections - GMER 1.0.15 ---- ? E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text E:\Program Files\Mozilla Firefox\firefox.exe[1672] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 E:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume7 snapman.sys (Acronis Snapshot API/Acronis) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1 ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; ---- EOF - GMER 1.0.15 ----

mbam log... Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5030 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 03/11/2010 12:27:30 mbam-log-2010-11-03 (12-27-30).txt Scan type: Quick scan Objects scanned: 177645 Time elapsed: 2 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Hi I had/have the antivirus 2010 malware, and I have ran combo fix, on a helpdesks advice, which seems to have stopped the antivirus 2010 screen popping up, but I still have issues in running most programs, system utilities, starting firefox, redirections etc. Please help as I have been suffering with this for weeks now. I have attached the logs as requested. Everything was run in safe mode under the administrator account. Thanks in advance. DDS Log... DDS (Ver_10-11-03.01) - NTFSx86 NETWORK Run by Administrator at 12:10:11.40 on 03/11/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2989 [GMT 0:00] AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} ============== Running Processes =============== E:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe E:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe E:\WINDOWS\Explorer.EXE E:\Program Files\Mozilla Firefox\firefox.exe E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe E:\WINDOWS\system32\NOTEPAD.EXE E:\Documents and Settings\Administrator\Desktop\dds.scr ============== Pseudo HJT Report =============== BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - e:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - e:\program files\askbardis\bar\bin\askBar.dll BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - e:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll BHO: Tunebite_WebRipPlugin Class: {aa102584-3b97-47e7-b9bc-75d54c110a7d} - e:\program files\rapidsolution\tunebite\plugins\ie\TB_WebRipIePlugin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - e:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - e:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll {cc59e0f9-7e43-44fa-9faa-8377850bf205} BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - e:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - e:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - e:\program files\askbardis\bar\bin\askBar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - e:\program files\google\google toolbar\GoogleToolbar_32.dll uRunOnce: [NeroHomeFirstStart] "e:\program files\common files\ahead\lib\NMFirstStart.exe" mRun: [six Engine] "e:\program files\asus\six engine\SixEngine.exe" -r mRun: [startCCC] "e:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE mRun: [Name of App] e:\program files\samsung\fw liveupdate\FWManager.exe r mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [Adobe Reader Speed Launcher] "e:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [CanonSolutionMenu] e:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [CanonMyPrinter] e:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [OSSelectorReinstall] e:\program files\common files\acronis\acronis disk director\oss_reinstall.exe mRun: [HP Software Update] e:\program files\hp\hp software update\HPWuSchd2.exe mRun: [NPSStartup] mRun: [NeroFilterCheck] e:\program files\common files\ahead\lib\NeroCheck.exe mRun: [sunJavaUpdateSched] "e:\program files\java\jre6\bin\jusched.exe" mRun: [TkBellExe] "e:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [broadbandadvisor.exe] "e:\program files\virgin broadband\advisor\Broadbandadvisor.exe" /AUTORUN mRun: [DivXUpdate] "e:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [NUSB3MON] "e:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe" mRun: [QuickTime Task] "e:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe" mRun: [avp] "e:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe" dRun: [CTFMON.EXE] e:\windows\system32\ctfmon.exe StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - e:\program files\logitech\setpoint\SetPoint.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - e:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - e:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - e:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll LSP: mswsock.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/gb/Core/Player/2020PlayerAX_Win32.cab DPF: {2665693B-C4F3-434B-83DB-7574CF50C8B7} - hxxp://www.kaspersky.co.uk/downloads/misc/kasperskylicensefinder.cab DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} - hxxp://www.nero.com/doc/NeroVersionCheckerControl.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://connect2.buckscc.gov.uk/dana-cached/sc/JuniperSetupClient.cab Notify: AtiExtEvent - Ati2evxx.dll Notify: klogon - e:\windows\system32\klogon.dll Notify: LBTWlgn - e:\program files\common files\logitech\bluetooth\LBTWlgn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "e:\program files\common files\lightscribe\LSRunOnce.exe" mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - e:\program files\pixiepack codec pack\InstallerHelper.exe ================= FIREFOX =================== FF - ProfilePath - e:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\fch2670r.default\ FF - component: e:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll FF - component: e:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll FF - plugin: e:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: e:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: e:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: e:\program files\virgin broadband\advisor\nprpspa.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified ============= SERVICES / DRIVERS =============== R0 kl1;Kl1;e:\windows\system32\drivers\kl1.sys [2010-5-6 132184] R0 mv61xx;mv61xx;e:\windows\system32\drivers\mv61xx.sys [2008-6-23 150568] R0 mv91xx;mv91xx;e:\windows\system32\drivers\mv91xx.sys [2009-10-9 253480] R1 kl2;Kl2;e:\windows\system32\drivers\kl2.sys [2010-5-6 132184] R3 klim5;Kaspersky Anti-Virus NDIS Filter;e:\windows\system32\drivers\klim5.sys [2009-9-14 32272] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;e:\windows\system32\drivers\nusb3xhc.sys [2009-10-26 136704] S1 KLIF;Kaspersky Lab Driver;e:\windows\system32\drivers\klif.sys [2009-1-31 477784] S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;e:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312] S2 ASKService;ASKService;e:\program files\askbardis\bar\bin\AskService.exe [2010-1-21 464264] S2 ASKUpgrade;ASKUpgrade;e:\program files\askbardis\bar\bin\ASKUpgrade.exe [2010-1-21 234888] S2 AVP;Kaspersky Anti-Virus Service;e:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe -r --> e:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe -r [?] S2 FsUsbExService;FsUsbExService;e:\windows\system32\FsUsbExService.Exe [2009-4-14 233472] S2 gupdate;Google Update Service (gupdate);e:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664] S2 XobniService;XobniService;e:\program files\xobni\XobniService.exe [2009-10-12 46824] S3 epmntdrv;epmntdrv;e:\windows\system32\epmntdrv.sys [2009-7-22 8704] S3 EuGdiDrv;EuGdiDrv;e:\windows\system32\EuGdiDrv.sys [2009-7-22 3072] S3 FsUsbExDisk;FsUsbExDisk;e:\windows\system32\FsUsbExDisk.Sys [2009-4-14 36608] S3 klmouflt;Kaspersky Lab KLMOUFLT;e:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472] S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\e:\progra~1\ple200\plcmpr5.sys --> e:\progra~1\ple200\PLCMPR5.SYS [?] S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;e:\progra~1\ple200\PLCNDIS5.SYS [2009-2-16 17280] S3 PS3 Media Server;PS3 Media Server;e:\program files\ps3 media server\win32\service\wrapper.exe [2008-8-17 217088] =============== Created Last 30 ================ 2010-11-03 11:44:46 -------- d-----w- e:\docume~1\admini~1\applic~1\ZipGenius 2010-11-03 11:29:15 -------- d-----w- E:\TDSSKiller_Quarantine 2010-10-31 15:31:36 -------- d-----w- E:\ComboFix 2010-10-27 22:11:12 -------- d-----w- e:\docume~1\admini~1\locals~1\applic~1\Mozilla 2010-10-27 22:10:31 -------- d-sh--w- e:\documents and settings\administrator\PrivacIE 2010-10-26 21:07:58 -------- d-----w- e:\docume~1\admini~1\applic~1\Malwarebytes 2010-10-26 20:53:52 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys 2010-10-26 20:53:51 20952 ----a-w- e:\windows\system32\drivers\mbam.sys 2010-10-22 11:59:41 -------- d-sha-r- E:\cmdcons 2010-10-22 11:56:05 98816 ----a-w- e:\windows\sed.exe 2010-10-22 11:56:05 85504 ----a-w- e:\windows\MBR.exe 2010-10-22 11:56:05 256512 ----a-w- e:\windows\PEV.exe 2010-10-22 11:56:05 161792 ----a-w- e:\windows\SWREG.exe 2010-10-22 11:53:43 -------- d-----w- e:\docume~1\admini~1\locals~1\applic~1\Google 2010-10-22 11:51:05 -------- d-sh--w- e:\documents and settings\administrator\IETldCache 2010-10-21 14:44:45 -------- d-----w- e:\windows\system32\wbem\repository\FS 2010-10-21 14:44:45 -------- d-----w- e:\windows\system32\wbem\Repository 2010-10-21 12:43:43 -------- d-----w- E:\32788R22FWJFW(2) 2010-10-21 09:57:57 -------- d-----w- e:\docume~1\alluse~1\applic~1\Malwarebytes 2010-10-21 09:57:56 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware 2010-10-20 23:29:10 -------- d-----w- e:\program files\Spyware Doctor 2010-10-20 23:29:10 -------- d-----w- e:\program files\common files\PC Tools 2010-10-20 23:04:33 -------- dc----w- e:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70} 2010-10-20 23:04:22 -------- d-----w- e:\program files\Lavasoft ==================== Find3M ==================== 2010-09-10 05:58:08 916480 ----a-w- e:\windows\system32\wininet.dll 2010-09-10 05:58:06 43520 ----a-w- e:\windows\system32\licmgr10.dll 2010-09-10 05:58:06 1469440 ------w- e:\windows\system32\inetcpl.cpl 2010-09-08 10:17:46 94208 ----a-w- e:\windows\system32\QuickTimeVR.qtx 2010-09-08 10:17:46 69632 ----a-w- e:\windows\system32\QuickTime.qts 2010-08-31 13:42:52 1852800 ----a-w- e:\windows\system32\win32k.sys 2010-08-27 08:02:29 119808 ----a-w- e:\windows\system32\t2embed.dll 2010-08-17 13:17:06 58880 ----a-w- e:\windows\system32\spoolsv.exe 2010-08-16 08:45:00 590848 ----a-w- e:\windows\system32\rpcrt4.dll 2010-08-13 12:53:02 5120 ----a-w- e:\windows\system32\xpsp4res.dll 2010-08-12 04:07:46 133616 -c----w- e:\windows\system32\pxafs.dll 2010-08-12 04:07:46 126448 -c----w- e:\windows\system32\pxinsi64.exe 2010-08-12 04:07:46 123888 -c----w- e:\windows\system32\pxcpyi64.exe ============= FINISH: 12:10:37.59 ===============

Hi I switched on my PC last week to find a black box on my windows background saying 'Your PC is infected' in big red writing. I then got a window popping up claiming to be Anti Virus 2010. The antivirus window would not close down very easily. I also had problems in internet explorer, with links being redirected to weird websites. Other problems included certain programs not starting eg Firefox, My Kaspesky internet security suite, task manager etc. After some advice I managed to run Combofix and also Malwarebytes, however they never seem to run very successfully, eg they hang, etc. My PC does seem a bit better after running them, Internet does not seem to be redirecting, but I still have problems opening or running programs. Its like elements of the malware have been removed but some parts remain. Can someone help me completely clear the infection, I have spent many hours battling with this? Thanks in advance.