Spyware, virus, trojan or something?

**nfoster** · 31-12-2010

Hello, my pc seems to be infected again. When starting up i get a lot of blank pages flashing up, pages are redirecting to anywhere when connected to the internet and malawarebytes has dissapeared off desktop. Also when i tried to run Hijackthis it wont. Just trying to get to post logs. Help please!
Thanks in anticipation, neil.

**nfoster** · 31-12-2010

GMER got to the log and then got dreaded blue screen. Icons keep changing for shortcuts and also comodo has disapeared.
Here is MBR log:MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: INSYDE
System Manufacturer: TOSHIBA
System Product Name: Satellite L350
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 156):
0x82E47000 \SystemRoot\system32\ntkrnlpa.exe
0x82E14000 \SystemRoot\system32\hal.dll
0x8758A000 \SystemRoot\system32\kdcom.dll
0x80411000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80481000 \SystemRoot\system32\PSHED.dll
0x80492000 \SystemRoot\system32\BOOTVID.dll
0x8049A000 \SystemRoot\system32\CLFS.SYS
0x804DB000 \SystemRoot\system32\CI.dll
0x80608000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80684000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80691000 \SystemRoot\system32\drivers\acpi.sys
0x806D7000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E0000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E8000 \SystemRoot\system32\drivers\pci.sys
0x8070F000 \SystemRoot\System32\drivers\partmgr.sys
0x8071E000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80721000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8072B000 \SystemRoot\system32\drivers\volmgr.sys
0x8073A000 \SystemRoot\System32\drivers\volmgrx.sys
0x80784000 \SystemRoot\System32\drivers\mountmgr.sys
0x80794000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8079B000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x83400000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x834CE000 \SystemRoot\system32\drivers\atapi.sys
0x834D6000 \SystemRoot\system32\drivers\ataport.SYS
0x834F4000 \SystemRoot\system32\drivers\msahci.sys
0x834FE000 \SystemRoot\system32\drivers\fltmgr.sys
0x83530000 \SystemRoot\system32\drivers\fileinfo.sys
0x83540000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x83549000 \SystemRoot\System32\Drivers\ksecdd.sys
0x835BA000 \SystemRoot\System32\Drivers\DefragFS.sys
0x83601000 \SystemRoot\system32\drivers\ndis.sys
0x8370C000 \SystemRoot\system32\drivers\msrpc.sys
0x83737000 \SystemRoot\system32\drivers\NETIO.SYS
0x88805000 \SystemRoot\System32\drivers\tcpip.sys
0x888EF000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88A0B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88B1B000 \SystemRoot\system32\drivers\volsnap.sys
0x88B54000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x88B59000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
0x88B9C000 \SystemRoot\System32\Drivers\spldr.sys
0x88BA4000 \SystemRoot\System32\Drivers\RapportKELL.sys
0x88BB2000 \SystemRoot\System32\Drivers\USBD.SYS
0x88BB4000 \SystemRoot\System32\Drivers\mup.sys
0x88BC3000 \SystemRoot\System32\drivers\ecache.sys
0x88BEA000 \SystemRoot\system32\drivers\disk.sys
0x8890A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x88A00000 \SystemRoot\system32\drivers\crcdisk.sys
0x8C4D7000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8C4E2000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8C4EB000 \SystemRoot\system32\DRIVERS\FwLnk.sys
0x8C4F3000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8C502000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8C80A000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8CEEE000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8CF8F000 \SystemRoot\System32\drivers\watchdog.sys
0x8CF9B000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8CFA6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8CFE4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C506000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C593000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8D209000 \SystemRoot\system32\DRIVERS\athr.sys
0x8D2ED000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8D300000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8D30B000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8D33A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8D345000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x8D349000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8D361000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8D367000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8D396000 \SystemRoot\system32\DRIVERS\storport.sys
0x8D3D7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8D3E2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8CFF3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C5B4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C5D7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C5E6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x88938000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8894D000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8895D000 \SystemRoot\system32\DRIVERS\rp_pkt32.sys
0x8896B000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x88988000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8D3F9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x889AE000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C800000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x889D8000 \SystemRoot\system32\DRIVERS\umbus.sys
0x83772000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x889E5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D600000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x837A7000 \SystemRoot\system32\drivers\portcls.sys
0x837D4000 \SystemRoot\system32\drivers\drmk.sys
0x8D809000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8D925000 \SystemRoot\system32\drivers\modem.sys
0x8D932000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0x8D955000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D95E000 \SystemRoot\System32\Drivers\Null.SYS
0x8D965000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D96C000 \SystemRoot\System32\drivers\vga.sys
0x8D978000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D999000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D9A1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D9A9000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D9B4000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D9C2000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D9CB000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D9E1000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0x8D9EB000 \SystemRoot\system32\DRIVERS\smb.sys
0x807A9000 \SystemRoot\system32\drivers\afd.sys
0x835CE000 \SystemRoot\System32\DRIVERS\netbt.sys
0x805BB000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D800000 \SystemRoot\system32\DRIVERS\jswpslwf.sys
0x805D1000 \SystemRoot\system32\DRIVERS\inspect.sys
0x807F1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D200000 \SystemRoot\System32\Drivers\StarOpen.SYS
0x805E6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x80400000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x8E208000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E244000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
0x8E26D000 \??\C:\ProgramData\Trusteer\Rapport\store\exts\Rap portCerberus\19917\RapportCerberus_19917.sys
0x8E275000 \??\C:\Windows\system32\drivers\RapportBuka.sys
0x8E2D5000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E2DF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8E2F6000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E30D000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS
0x8E315000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8E336000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8C400000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x992E0000 \SystemRoot\System32\win32k.sys
0x8E343000 \SystemRoot\System32\drivers\Dxapi.sys
0x8E34D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x99500000 \SystemRoot\System32\TSDDD.dll
0x99520000 \SystemRoot\System32\cdd.dll
0x8E35C000 \SystemRoot\system32\drivers\luafv.sys
0xAEA0B000 \SystemRoot\system32\drivers\spsys.sys
0xAEABB000 \SystemRoot\system32\DRIVERS\RMCAST.sys
0xAEAEB000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAEAFB000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xAEB25000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAEB2F000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAEB42000 \SystemRoot\system32\drivers\HTTP.sys
0xAEBAF000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAEBCC000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAEBE5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8E377000 \SystemRoot\system32\drivers\mrxdav.sys
0x8E398000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8E3B7000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAFC02000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAFC1A000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAFC42000 \SystemRoot\System32\DRIVERS\srv.sys
0xAFC90000 \SystemRoot\system32\DRIVERS\css-dvp.sys
0xAFD5B000 \SystemRoot\System32\Drivers\fastfat.SYS
0xB0807000 \SystemRoot\system32\drivers\peauth.sys
0xB08E5000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB08EF000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB08FB000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77C00000 \Windows\System32\ntdll.dll

Processes (total 87):
0 System Idle Process
4 System
608 C:\Windows\System32\smss.exe
748 csrss.exe
792 C:\Windows\System32\wininit.exe
800 csrss.exe
852 C:\Windows\System32\services.exe
880 C:\Windows\System32\winlogon.exe
892 C:\Windows\System32\lsass.exe
900 C:\Windows\System32\lsm.exe
1092 C:\Windows\System32\svchost.exe
1148 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe
1204 C:\Windows\System32\svchost.exe
1268 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1352 C:\Windows\System32\svchost.exe
1428 C:\Windows\System32\svchost.exe
1472 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
1624 C:\Windows\System32\svchost.exe
1660 C:\Windows\System32\svchost.exe
1688 C:\Windows\System32\svchost.exe
1772 C:\Windows\System32\audiodg.exe
1828 C:\Windows\System32\svchost.exe
1860 C:\Windows\System32\SLsvc.exe
1944 C:\Windows\System32\svchost.exe
12 C:\Windows\System32\wlanext.exe
844 C:\Windows\System32\spoolsv.exe
1416 C:\Windows\System32\svchost.exe
280 C:\Windows\System32\agrsmsvc.exe
1328 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1412 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
2060 C:\Program Files\Bonjour\mDNSResponder.exe
2080 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
2112 C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
2212 C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
2272 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2340 C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
2400 C:\Windows\System32\IoctlSvc.exe
2432 C:\Windows\System32\svchost.exe
2456 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2492 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2536 C:\Windows\System32\svchost.exe
2588 C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
2708 C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
2740 C:\Windows\System32\TODDSrv.exe
2772 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
2792 C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
2868 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
2928 C:\Windows\System32\svchost.exe
2964 C:\Windows\System32\SearchIndexer.exe
3092 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3980 C:\Windows\System32\taskeng.exe
2544 C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
2972 C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
3284 C:\Windows\System32\dwm.exe
3552 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
3752 C:\Windows\System32\taskeng.exe
1436 C:\Windows\explorer.exe
2704 C:\Program Files\Windows Defender\MSASCui.exe
3060 C:\Windows\System32\hkcmd.exe
3816 C:\Windows\RtHDVCpl.exe
4168 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
4252 C:\Program Files\Windows Sidebar\sidebar.exe
4260 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
4272 C:\Windows\ehome\ehtray.exe
4316 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
4468 C:\Program Files\uTorrent\uTorrent.exe
5208 C:\Windows\ehome\ehmsas.exe
5400 C:\Program Files\Mozilla Firefox\firefox.exe
5604 C:\Windows\System32\igfxsrvc.exe
4052 C:\Program Files\PowerISO\PWRISOVM .exe
4404 C:\Program Files\iTunes\iTunesHelper .exe
3916 C:\Program Files\TOSHIBA\Power Saver\TPwrMain .exe
1872 C:\Program Files\Common Files\Java\Java Update\jusched .exe
4540 C:\Program Files\TOSHIBA\FlashCards\TCrdMain .exe
4424 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
4364 C:\Program Files\TOSHIBA\SmoothView\SmoothView .exe
3008 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5772 C:\Windows\System32\igfxext.exe
5852 C:\Windows\System32\wuauclt.exe
6012 C:\Program Files\iPod\bin\iPodService.exe
4800 C:\Program Files\Windows Media Player\wmpnetwk.exe
4416 C:\Program Files\Mozilla Firefox\plugin-container.exe
3712 C:\Windows\System32\svchost.exe
4680 C:\Users\Neil\AppData\Local\temp\hki322.exe
2376 dllhost.exe
4384 dllhost.exe
4988 C:\Users\Neil\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000012`f5700000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543216L9SA00, Rev: FB2OC43C

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

**nfoster** · 31-12-2010

Got Blue screen again and crashed.
Removed and reinstalled Malwarebytes, nothing found.
Malwarebytes log:
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 5426

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18999

31/12/2010 10:54:30
mbam-log-2010-12-31 (10-54-30).txt

Scan type: Quick scan
Objects scanned: 150360
Time elapsed: 2 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**nfoster** · 31-12-2010

Had to run GMER in safe mode to stop blue screen.

GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-12-31 11:25:19
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\iaStor0 Hitachi_ rev.FB2O
Running: 3n6flnvy.exe; Driver: C:\Users\Neil\AppData\Local\Temp\kwldqpod.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x88D57480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x88D98900, 0x3CA, 0x48000040]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[996] ntdll.dll!NtProtectVirtualMemory 77604D34 5 Bytes JMP 006A000A
.text C:\Windows\system32\svchost.exe[996] ntdll.dll!NtWriteVirtualMemory 77605674 5 Bytes JMP 006B000A
.text C:\Windows\system32\svchost.exe[996] ntdll.dll!KiUserExceptionDispatcher 77605DC8 5 Bytes JMP 0069000A
.text C:\Windows\system32\svchost.exe[996] ole32.dll!CoCreateInstance 76B69F3E 5 Bytes JMP 00A8000A
.text C:\Windows\system32\svchost.exe[996] USER32.dll!GetCursorPos 76C80B88 5 Bytes JMP 00F0000A
.text C:\Windows\Explorer.EXE[1656] ntdll.dll!NtProtectVirtualMemory 77604D34 5 Bytes JMP 0095000A
.text C:\Windows\Explorer.EXE[1656] ntdll.dll!NtWriteVirtualMemory 77605674 5 Bytes JMP 0096000A
.text C:\Windows\Explorer.EXE[1656] ntdll.dll!KiUserExceptionDispatcher 77605DC8 5 Bytes JMP 0093000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskHitachi_HTS543216L9SA00_______________ __FB2OC43C#4&939d6c5&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 60: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 312581552 (+255): rootkit-like behavior;

---- EOF - GMER 1.0.15 ----

**nfoster** · 31-12-2010

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 13/05/2009 13:40:39
System Uptime: 31/12/2010 10:46:38 (1 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | CPU | 2161/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 19.513 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 73 GiB total, 67.684 GiB free.
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

17th Edition Wiring Regulations Practice Series - Trial
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X
Adobe Shockwave Player 11.5
AnyBizSoft PDF Password Remover (Build 1.0.4)
Apple Application Support
Apple Mobile Device Support
µTorrent
Authentium AntiVirus SDK - 2
Bonjour
CDMenuPro V6
Clik NICEIC Font Installer
COMODO Internet Security
ConstructionSkills
DVD Flick 1.3.0.7
E.ON Energy Fit Software
ESET Online Scanner v3
exPressit S.E. 3.0
FileHippo.com Update Checker
Free DVD ISO Burner version 2.5
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
IZArc 4.0 beta 1
Java Auto Updater
Java(TM) 6 Update 23
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2000 Professional
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2007 Trial
Microsoft Office Word Viewer 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB973688)
Nero 7 Ultra Edition
neroxml
NICEIC Certification Software
OGA Notifier 2.0.0048.0
OpenOffice.org 3.1
PL-2303 USB-to-Serial
PowerISO
QuickTime
Rapport
Realtek High Definition Audio Driver
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Spelling Dictionaries Support For Adobe Reader 9
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin

==== End Of File ===========================

**nfoster** · 31-12-2010

DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by Neil at 11:31:55.71 on 31/12/2010
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1915.865 [GMT 0:00]

AV: COMODO Antivirus *Enabled/Updated* {A7500527-8708-6548-7035-7F679C5FCEA5}
SP: COMODO Defense+ *Enabled/Updated* {1C31E4C3-A132-6AC6-4A85-4415E7D88418}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall *Enabled* {9F6B8402-CD67-6410-5B6A-D652628C89DE}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Neil\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.babylon.com/home?AF=16355
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\s wg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe"
uRun: [uTorrent] "c:\program files\utorrent\uTorrent .exe"
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
uRun: [Google Update] "c:\users\neil\appdata\local\google\update\GoogleU pdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask .exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E117 12C84EA7E12B.dll/cmsidewiki.html
IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\googledesktopnetwork3. dll c:\progra~1\google\google~2\googledesktopnetwork3. dll c:\windows\system32\guard32.dll c:\progra~1\google\google~2\GOEC62~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 Spywareinfo.com Find and Destroy Spyware

================= FIREFOX ===================

FF - ProfilePath - c:\users\neil\appdata\roaming\mozilla\firefox\prof iles\cvxnuul3.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB

fficial
FF - prefs.js: keyword.URL - hxxp://utils.babylon.com/abt/index.php?url=
FF - component: c:\users\neil\appdata\roaming\mozilla\firefox\prof iles\cvxnuul3.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\users\neil\appdata\roaming\mozilla\firefox\prof iles\cvxnuul3.default\extensions\ffxtlbr@babylon.c om\components\FFHst.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.d ll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\users\neil\appdata\local\google\update\1.2.183. 39\npGoogleOneClick8.dll
FF - plugin: c:\users\neil\appdata\roaming\mozilla\firefox\prof iles\cvxnuul3.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 RapportKELL;RapportKELL;c:\windows\system32\driver s\RapportKELL.sys [2010-10-3 59240]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-10-13 29520]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-5-13 20384]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-7 7168]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-10-13 130960]
S1 RapportBuka;RapportBuka;c:\windows\system32\driver s\RapportBuka.sys [2010-2-24 390528]
S1 RapportCerberus_19917;RapportCerberus_19917;c:\pro gramdata\trusteer\rapport\store\exts\rapportcerber us\19917\RapportCerberus_19917.sys [2010-10-3 34792]
S1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
S2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-16 40960]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-12 135664]
S2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-5-18 1153368]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\toshiba tempro\TempoSVC.exe [2008-4-24 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2008-2-6 126976]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-7 37384]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-7 37384]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-5-13 954368]
S3 Radialpoint Security Services;Virgin Broadband PCguard;c:\windows\system32\dllhost.exe [2006-11-2 7168]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-8-25 77824]

=============== Created Last 30 ================

2010-12-31 10:51:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-31 10:51:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-31 04:24:44 81410 ----a-w- c:\progra~2\m1P86x3F.exe
2010-12-30 17:02:25 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{d3a235a6-4848-4df2-ae75-707fc0669e93}\mpengine.dll
2010-12-30 12:07:32 -------- d-----w- c:\users\neil\appdata\roaming\mkvtoolnix
2010-12-30 11:23:23 87608 ----a-w- c:\users\neil\appdata\roaming\ezpinst.exe
2010-12-30 11:23:23 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-12-30 11:23:23 47360 ----a-w- c:\users\neil\appdata\roaming\pcouffin.sys
2010-12-15 20:55:09 515584 ----a-w- c:\program files\windows mail\wab.exe
2010-12-15 20:55:08 66048 ----a-w- c:\program files\windows mail\wabmig.exe
2010-12-15 20:55:08 33280 ----a-w- c:\program files\windows mail\wabfind.dll
2010-12-15 20:55:04 81920 ----a-w- c:\windows\system32\consent.exe
2010-12-15 20:54:56 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-15 20:54:56 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-12-15 20:54:54 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-15 20:54:53 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-15 20:54:53 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-12-15 20:54:39 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-12-15 20:54:30 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-15 20:54:30 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-15 20:54:29 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-12-15 20:52:17 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

==================== Find3M ====================

2010-12-31 04:22:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-29 17:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-28 13:20:12 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-19 10:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 6.0.6002 Disk: Hitachi_ rev.FB2O -> Harddisk0\DR0 -> \Device\Ide\iaStor0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8685B555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x868617b0]; MOV EAX, [0x8686182c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82E5B962] -> \Device\Harddisk0\DR0[0x8683B030]
3 CLASSPNP[0x88B188B3] -> ntkrnlpa!IofCallDriver[0x82E5B962] -> [0x867B6DA0]
\Driver\iaStor[0x8683FDD0] -> IRP_MJ_CREATE -> 0x8685B555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskHitachi_HTS543216L9SA00_______________ __FB2OC43C#4&939d6c5&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 11:33:04.86 ===============

**nfoster** · 31-12-2010

Also noticed on restart that i get a box saying Traybar not working and error comodo aborting.

**broni** · 31-12-2010

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================== =========================

You're infected with a rootkit...

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.
Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

**nfoster** · 31-12-2010

Two logs posted. Thanks for your help. What a thing to be doing new years eve!!

2010/12/31 18:38:08.0975 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/31 18:38:08.0975 ================================================== ==============================
2010/12/31 18:38:08.0975 SystemInfo:
2010/12/31 18:38:08.0975
2010/12/31 18:38:08.0975 OS Version: 6.0.6002 ServicePack: 2.0
2010/12/31 18:38:08.0975 Product type: Workstation
2010/12/31 18:38:08.0975 ComputerName: NEIL-PC
2010/12/31 18:38:08.0975 UserName: Neil
2010/12/31 18:38:08.0975 Windows directory: C:\Windows
2010/12/31 18:38:08.0975 System windows directory: C:\Windows
2010/12/31 18:38:08.0975 Processor architecture: Intel x86
2010/12/31 18:38:08.0975 Number of processors: 2
2010/12/31 18:38:08.0975 Page size: 0x1000
2010/12/31 18:38:08.0975 Boot type: Safe boot with network
2010/12/31 18:38:08.0975 ================================================== ==============================
2010/12/31 18:38:10.0557 Initialize success
2010/12/31 18:38:15.0966 Deinitialize success
2010/12/31 18:38:43.0107 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/31 18:38:43.0107 ================================================== ==============================
2010/12/31 18:38:43.0107 SystemInfo:
2010/12/31 18:38:43.0107
2010/12/31 18:38:43.0107 OS Version: 6.0.6002 ServicePack: 2.0
2010/12/31 18:38:43.0108 Product type: Workstation
2010/12/31 18:38:43.0108 ComputerName: NEIL-PC
2010/12/31 18:38:43.0108 UserName: Neil
2010/12/31 18:38:43.0108 Windows directory: C:\Windows
2010/12/31 18:38:43.0108 System windows directory: C:\Windows
2010/12/31 18:38:43.0108 Processor architecture: Intel x86
2010/12/31 18:38:43.0108 Number of processors: 2
2010/12/31 18:38:43.0108 Page size: 0x1000
2010/12/31 18:38:43.0108 Boot type: Safe boot with network
2010/12/31 18:38:43.0108 ================================================== ==============================
2010/12/31 18:38:43.0389 Initialize success
2010/12/31 18:39:06.0334 ================================================== ==============================
2010/12/31 18:39:06.0334 Scan started
2010/12/31 18:39:06.0334 Mode: Manual;
2010/12/31 18:39:06.0334 ================================================== ==============================
2010/12/31 18:39:07.0557 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/12/31 18:39:07.0737 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/12/31 18:39:07.0928 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/12/31 18:39:08.0088 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/12/31 18:39:08.0239 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/12/31 18:39:08.0440 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/12/31 18:39:08.0637 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/12/31 18:39:08.0816 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/12/31 18:39:08.0968 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/12/31 18:39:09.0157 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/12/31 18:39:09.0328 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/12/31 18:39:09.0473 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/12/31 18:39:09.0642 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/12/31 18:39:09.0788 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/12/31 18:39:09.0991 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/12/31 18:39:10.0174 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/12/31 18:39:10.0341 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/31 18:39:10.0487 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/12/31 18:39:10.0674 athr (997e25f5b7d53c94c0ad2dc080f6868e) C:\Windows\system32\DRIVERS\athr.sys
2010/12/31 18:39:10.0917 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/12/31 18:39:11.0132 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/12/31 18:39:11.0333 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/31 18:39:11.0500 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/31 18:39:11.0645 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/12/31 18:39:11.0917 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/12/31 18:39:12.0186 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/12/31 18:39:12.0364 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/31 18:39:12.0655 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/12/31 18:39:12.0824 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/12/31 18:39:13.0158 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/31 18:39:13.0354 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/31 18:39:13.0507 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/12/31 18:39:13.0659 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/12/31 18:39:13.0887 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/31 18:39:14.0065 cmdGuard (95b4dee20d89403d636dca2be73742cb) C:\Windows\system32\DRIVERS\cmdguard.sys
2010/12/31 18:39:14.0244 cmdHlp (12186867f48b4817c58d45f268fda3d5) C:\Windows\system32\DRIVERS\cmdhlp.sys
2010/12/31 18:39:14.0401 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/12/31 18:39:14.0569 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/31 18:39:14.0737 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/12/31 18:39:14.0894 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/12/31 18:39:15.0108 CSS DVP (76ef6884bc4c43972701deeb9eb5628d) C:\Windows\system32\DRIVERS\css-dvp.sys
2010/12/31 18:39:15.0304 DefragFS (17a46b27607c133ddec3217831059d27) C:\Windows\system32\drivers\DefragFS.sys
2010/12/31 18:39:15.0471 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/12/31 18:39:15.0686 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/12/31 18:39:15.0897 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/12/31 18:39:16.0084 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/31 18:39:16.0268 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/31 18:39:16.0451 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/12/31 18:39:16.0653 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/12/31 18:39:16.0840 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/12/31 18:39:17.0061 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/12/31 18:39:17.0243 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/12/31 18:39:17.0427 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/31 18:39:17.0850 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/12/31 18:39:17.0995 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/12/31 18:39:18.0140 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/31 18:39:18.0314 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/12/31 18:39:18.0514 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/31 18:39:18.0674 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
2010/12/31 18:39:18.0819 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/31 18:39:19.0005 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2010/12/31 18:39:19.0271 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/12/31 18:39:19.0441 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/31 18:39:19.0593 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/12/31 18:39:19.0739 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/12/31 18:39:19.0907 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
2010/12/31 18:39:20.0075 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/12/31 18:39:20.0251 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/12/31 18:39:20.0406 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/12/31 18:39:20.0577 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/31 18:39:20.0758 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
2010/12/31 18:39:20.0917 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/12/31 18:39:21.0169 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/12/31 18:39:21.0417 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/12/31 18:39:21.0583 inspect (1d79596c08a0153335021ade850a0710) C:\Windows\system32\DRIVERS\inspect.sys
2010/12/31 18:39:21.0816 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
2010/12/31 18:39:22.0018 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/12/31 18:39:22.0164 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/31 18:39:22.0354 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/31 18:39:22.0513 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/31 18:39:22.0670 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/31 18:39:22.0816 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/12/31 18:39:22.0963 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/12/31 18:39:23.0129 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/31 18:39:23.0308 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/12/31 18:39:23.0453 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/12/31 18:39:23.0627 jswpslwf (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
2010/12/31 18:39:23.0777 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/31 18:39:23.0944 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2010/12/31 18:39:24.0126 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/31 18:39:24.0374 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/31 18:39:24.0533 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/31 18:39:24.0692 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/31 18:39:24.0842 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/31 18:39:24.0999 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/12/31 18:39:25.0194 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2010/12/31 18:39:25.0390 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/12/31 18:39:25.0552 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/12/31 18:39:25.0707 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/12/31 18:39:25.0877 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/31 18:39:26.0045 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/31 18:39:26.0190 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
2010/12/31 18:39:26.0358 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/12/31 18:39:26.0530 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/12/31 18:39:26.0675 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/31 18:39:26.0854 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/31 18:39:27.0015 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/31 18:39:27.0167 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/31 18:39:27.0330 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/31 18:39:27.0501 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/31 18:39:27.0676 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2010/12/31 18:39:27.0837 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/12/31 18:39:28.0004 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/12/31 18:39:28.0154 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/12/31 18:39:28.0334 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/31 18:39:28.0512 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/31 18:39:28.0656 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/12/31 18:39:28.0818 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/12/31 18:39:28.0976 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/31 18:39:29.0141 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/12/31 18:39:29.0312 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/12/31 18:39:29.0494 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/31 18:39:29.0681 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/12/31 18:39:29.0858 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/31 18:39:30.0014 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/31 18:39:30.0180 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/31 18:39:30.0342 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/12/31 18:39:30.0521 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/31 18:39:30.0680 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/31 18:39:30.0868 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/12/31 18:39:31.0020 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/12/31 18:39:31.0180 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/31 18:39:31.0366 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/12/31 18:39:31.0544 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/12/31 18:39:31.0689 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/12/31 18:39:31.0839 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/12/31 18:39:31.0996 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/12/31 18:39:32.0156 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/12/31 18:39:32.0326 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/12/31 18:39:32.0532 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/12/31 18:39:32.0686 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/12/31 18:39:32.0845 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/12/31 18:39:33.0019 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/12/31 18:39:33.0175 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/31 18:39:33.0327 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/12/31 18:39:33.0522 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2010/12/31 18:39:33.0721 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/12/31 18:39:33.0938 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/31 18:39:34.0093 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/12/31 18:39:34.0298 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/31 18:39:34.0460 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2010/12/31 18:39:34.0670 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/12/31 18:39:34.0834 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/12/31 18:39:35.0001 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/31 18:39:35.0197 RapportBuka (e2aa111b00f5205ffd52a57f48b4f642) C:\Windows\system32\drivers\RapportBuka.sys
2010/12/31 18:39:35.0317 RapportCerberus_19917 (539fbdcff37a24102c507092b333ec2b) C:\ProgramData\Trusteer\Rapport\store\exts\Rapport Cerberus\19917\RapportCerberus_19917.sys
2010/12/31 18:39:35.0579 RapportKELL (b64262f33c53d690ed662fde57102b10) C:\Windows\system32\Drivers\RapportKELL.sys
2010/12/31 18:39:35.0713 RapportPG (c9b8a131aaf77d969cbc3987537b319d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2010/12/31 18:39:35.0867 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/31 18:39:36.0024 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/31 18:39:36.0192 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/31 18:39:36.0354 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/31 18:39:36.0522 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/31 18:39:36.0692 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/31 18:39:36.0860 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/12/31 18:39:37.0015 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/31 18:39:37.0174 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/12/31 18:39:37.0379 RMCAST (eec7ee5675294b03e88aa868540007c1) C:\Windows\system32\DRIVERS\RMCAST.sys
2010/12/31 18:39:37.0568 RPPKT (b7e136986bb3dac249a00e760281f0a9) C:\Windows\system32\DRIVERS\rp_pkt32.sys
2010/12/31 18:39:37.0832 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/31 18:39:37.0941 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/12/31 18:39:38.0090 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
2010/12/31 18:39:38.0249 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/12/31 18:39:38.0465 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\Windows\system32\drivers\SCDEmu.sys
2010/12/31 18:39:38.0675 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/31 18:39:38.0853 Ser2pl (c3179f6f180a435dfc485fdeaef12af6) C:\Windows\system32\DRIVERS\ser2pl.sys
2010/12/31 18:39:39.0008 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/12/31 18:39:39.0156 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/12/31 18:39:39.0312 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/12/31 18:39:39.0480 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/12/31 18:39:39.0647 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/31 18:39:39.0803 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/12/31 18:39:39.0961 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/12/31 18:39:40.0119 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/12/31 18:39:40.0265 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/12/31 18:39:40.0412 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/12/31 18:39:40.0610 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/12/31 18:39:40.0781 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/12/31 18:39:40.0970 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/12/31 18:39:41.0134 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/31 18:39:41.0295 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/31 18:39:41.0454 StarOpen (9fcb11f8ef67be00bdcad6152905db4d) C:\Windows\system32\drivers\StarOpen.sys
2010/12/31 18:39:41.0633 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/31 18:39:41.0747 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/12/31 18:39:41.0835 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/12/31 18:39:42.0004 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/12/31 18:39:42.0187 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
2010/12/31 18:39:42.0401 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/12/31 18:39:42.0590 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/31 18:39:42.0768 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/31 18:39:42.0930 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2010/12/31 18:39:43.0083 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/12/31 18:39:43.0272 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/12/31 18:39:43.0439 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/31 18:39:43.0606 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/31 18:39:43.0839 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
2010/12/31 18:39:44.0009 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/31 18:39:44.0187 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/12/31 18:39:44.0334 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/31 18:39:44.0492 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2010/12/31 18:39:44.0646 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/12/31 18:39:44.0822 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/31 18:39:44.0989 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/31 18:39:45.0156 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/12/31 18:39:45.0325 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/12/31 18:39:45.0486 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/12/31 18:39:45.0634 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/31 18:39:45.0834 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2010/12/31 18:39:45.0982 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/31 18:39:46.0128 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/12/31 18:39:46.0311 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/31 18:39:46.0476 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/31 18:39:46.0622 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/12/31 18:39:46.0806 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/31 18:39:46.0981 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/12/31 18:39:47.0145 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/31 18:39:47.0302 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/31 18:39:47.0465 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/12/31 18:39:47.0619 UVCFTR (237c444fbd1c697a2e3fa60f02c61f22) C:\Windows\system32\Drivers\UVCFTR_S.SYS
2010/12/31 18:39:47.0811 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/31 18:39:47.0954 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/12/31 18:39:48.0091 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/12/31 18:39:48.0237 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/12/31 18:39:48.0382 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/12/31 18:39:48.0531 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/12/31 18:39:48.0702 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/12/31 18:39:48.0896 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/12/31 18:39:49.0058 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/12/31 18:39:49.0225 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/12/31 18:39:49.0371 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/31 18:39:49.0390 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/31 18:39:49.0551 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/12/31 18:39:49.0705 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/31 18:39:49.0926 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2010/12/31 18:39:50.0135 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/12/31 18:39:50.0283 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/31 18:39:50.0451 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/31 18:39:50.0496 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/31 18:39:50.0500 ================================================== ==============================
2010/12/31 18:39:50.0500 Scan finished
2010/12/31 18:39:50.0500 ================================================== ==============================
2010/12/31 18:39:50.0511 Detected object count: 1
2010/12/31 18:40:26.0945 \HardDisk0 - will be cured after reboot
2010/12/31 18:40:26.0946 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/31 18:40:33.0245 Deinitialize success

**nfoster** · 31-12-2010

Sorry forgot to say that it needed a reboot and had found something.

Spyware, virus, trojan or something?

Spyware, virus, trojan or something?

Similar Threads

Possible Spyware or Trojan

[Active] Adware, Trojan, Spyware Invasion

Trojan/spyware - desperate for some help

help, spyware or trojan Win XP SP2

I picked some spyware/virus/trojan and need help removing it!