1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Infected with the Alureon.A Trojan

Discussion in 'Virus & Other Malware Removal' started by chrisd84, Jan 22, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. chrisd84

    chrisd84 Thread Starter

    Joined:
    Jan 22, 2011
    Messages:
    33
    Hi there.

    Hopefully someone here can help me with this problem i've been having.

    I turned my pc on the other day and it would repeatedly fail to reach the xp loading screen while booting up. I put in a new hdd that i had spare and set the current one as slave so that i could run a disk check on it to check for any errors (i was assuming there may have been a bad sector on the disk, which has happened before).

    As the other hdd was new, i ran all the windows updates on it, which then installed Microsoft Security Essentials. MSE then detected the Alureon.A trojan in the Master Boot Record and attempted to remove it, but failed.

    I ran the Kaspersky virus removal tool which did remove the trojan, and after re-scanning with this and with MSE (after a reboot), nothing was found.

    I then tried to boot my old hdd on it's own which worked, but after a reboot the original problem returned. After booting up on the new hdd, MSE detected the trojan again.

    Any idea's what i should do next?

    Here is my log file from HijackThis:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 16:00:00, on 22/01/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    G:\WINDOWS\System32\smss.exe
    G:\WINDOWS\system32\winlogon.exe
    G:\WINDOWS\system32\services.exe
    G:\WINDOWS\system32\lsass.exe
    G:\WINDOWS\system32\svchost.exe
    G:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    G:\WINDOWS\System32\svchost.exe
    G:\WINDOWS\system32\spoolsv.exe
    G:\WINDOWS\Explorer.EXE
    G:\WINDOWS\system32\RUNDLL32.EXE
    G:\WINDOWS\system32\CTHELPER.EXE
    G:\Program Files\Microsoft Security Essentials\msseces.exe
    G:\Program Files\Common Files\Java\Java Update\jusched.exe
    G:\WINDOWS\system32\ctfmon.exe
    G:\Program Files\Windows Live\Messenger\msnmsgr.exe
    G:\Program Files\Windows Desktop Search\WindowsSearch.exe
    G:\Program Files\bin\jqs.exe
    G:\WINDOWS\System32\nvsvc32.exe
    G:\WINDOWS\system32\SearchIndexer.exe
    G:\Program Files\Windows Live\Contacts\wlcomm.exe
    G:\Program Files\Internet Explorer\IEXPLORE.EXE
    G:\Program Files\Internet Explorer\IEXPLORE.EXE
    G:\Program Files\Internet Explorer\IEXPLORE.EXE
    G:\WINDOWS\system32\SearchProtocolHost.exe
    G:\WINDOWS\system32\msiexec.exe
    G:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    G:\WINDOWS\system32\SearchProtocolHost.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Program Files\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [MSSE] "G:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "G:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: setup_9.0.0.722_21.01.2011_20-44[1].lnk = G:\Documents and Settings\Chris D\Desktop\Virus Removal Tool\setup_9.0.0.722_21.01.2011_20-44[1]\startup.exe
    O4 - Global Startup: Windows Search.lnk = G:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1295555508390
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1295555499296
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINDOWS\System32\browseui.dll
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - G:\Program Files\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe
    --
    End of file - 5102 bytes



    Here is my log file from DDS:


    DDS (Ver_10-12-12.01) - NTFSx86
    Run by Chris D at 16:16:41.48 on 22/01/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.104 [GMT 0:00]
    AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    ============== Running Processes ===============
    G:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    G:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    G:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    G:\WINDOWS\system32\spoolsv.exe
    G:\WINDOWS\Explorer.EXE
    G:\WINDOWS\system32\RUNDLL32.EXE
    G:\WINDOWS\system32\CTHELPER.EXE
    G:\Program Files\Microsoft Security Essentials\msseces.exe
    G:\Program Files\Common Files\Java\Java Update\jusched.exe
    G:\WINDOWS\system32\ctfmon.exe
    G:\Program Files\Windows Live\Messenger\msnmsgr.exe
    G:\Program Files\Windows Desktop Search\WindowsSearch.exe
    svchost.exe
    G:\Program Files\bin\jqs.exe
    G:\WINDOWS\System32\nvsvc32.exe
    G:\WINDOWS\system32\SearchIndexer.exe
    G:\Program Files\Windows Live\Contacts\wlcomm.exe
    G:\Program Files\Internet Explorer\IEXPLORE.EXE
    G:\Program Files\Internet Explorer\IEXPLORE.EXE
    G:\Program Files\Internet Explorer\IEXPLORE.EXE
    G:\Documents and Settings\Chris D\Local Settings\Temporary Internet Files\Content.IE5\4IR25CV0\dds[1].pif
    ============== Pseudo HJT Report ===============
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - g:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - g:\program files\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - g:\program files\lib\deploy\jqs\ie\jqs_plugin.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [CTFMON.EXE] g:\windows\system32\ctfmon.exe
    uRun: [msnmsgr] "g:\program files\windows live\messenger\msnmsgr.exe" /background
    mRun: [NvCplDaemon] RUNDLL32.EXE g:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE g:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [MSSE] "g:\program files\microsoft security essentials\msseces.exe" -hide -runkey
    mRun: [SunJavaUpdateSched] "g:\program files\common files\java\java update\jusched.exe"
    dRun: [CTFMON.EXE] g:\windows\system32\CTFMON.EXE
    StartupFolder: g:\docume~1\chrisd~1\startm~1\programs\startup\setup_~1.lnk - g:\documents and settings\chris d\desktop\virus removal tool\setup_9.0.0.722_21.01.2011_20-44[1]\startup.exe
    StartupFolder: g:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - g:\program files\windows desktop search\WindowsSearch.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - g:\program files\messenger\msmsgs.exe
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1295555508390
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1295555499296
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - g:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - g:\program files\windows desktop search\MSNLNamespaceMgr.dll
    ============= SERVICES / DRIVERS ===============
    R0 04325162;04325162 Boot Guard Driver;g:\windows\system32\drivers\04325162.sys [2011-1-21 37392]
    R1 04325161;04325161;g:\windows\system32\drivers\04325161.sys [2011-1-21 128016]
    R1 MpFilter;Microsoft Malware Protection Driver;g:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
    R1 MpKsl807f6e17;MpKsl807f6e17;g:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{60841396-7d7f-43ad-b094-c2c8dd055588}\MpKsl807f6e17.sys [2011-1-22 28752]
    R1 setup_9.0.0.722_21.01.2011_20-44[1]drv;setup_9.0.0.722_21.01.2011_20-44[1]drv;g:\windows\system32\drivers\0432516.sys [2011-1-21 315408]
    R3 DLKRTS;D-Link DFE-538TX 10/100 Adapter;g:\windows\system32\drivers\DLKRTS.SYS [2001-10-17 25434]
    =============== Created Last 30 ================
    2011-01-22 15:57:04 388096 ----a-r- g:\docume~1\chrisd~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-01-22 15:57:03 -------- d-----w- g:\program files\Trend Micro
    2011-01-22 14:55:30 28752 ----a-w- g:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{60841396-7d7f-43ad-b094-c2c8dd055588}\MpKsl807f6e17.sys
    2011-01-22 13:43:23 5890896 ----a-w- g:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{60841396-7d7f-43ad-b094-c2c8dd055588}\mpengine.dll
    2011-01-22 01:03:31 -------- d-----w- g:\docume~1\chrisd~1\locals~1\applic~1\ApplicationHistory
    2011-01-22 00:57:41 -------- d-----w- g:\docume~1\chrisd~1\applic~1\Malwarebytes
    2011-01-22 00:57:12 38224 ----a-w- g:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-22 00:57:10 -------- d-----w- g:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-01-22 00:57:05 20952 ----a-w- g:\windows\system32\drivers\mbam.sys
    2011-01-22 00:57:04 -------- d-----w- g:\program files\Malwarebytes' Anti-Malware
    2011-01-22 00:32:30 5890896 ----a-w- g:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2011-01-21 19:53:49 37392 ----a-w- g:\windows\system32\drivers\04325162.sys
    2011-01-21 19:53:49 128016 ----a-w- g:\windows\system32\drivers\04325161.sys
    2011-01-21 19:53:48 315408 ----a-w- g:\windows\system32\drivers\0432516.sys
    2011-01-21 18:54:14 73728 ----a-w- g:\windows\system32\javacpl.cpl
    2011-01-21 18:54:14 472808 ----a-w- g:\windows\system32\deployJava1.dll
    2011-01-21 18:54:01 -------- d-----w- g:\program files\lib
    2011-01-21 18:53:55 -------- d-----w- g:\program files\bin
    2011-01-21 00:41:41 222080 ------w- g:\windows\system32\MpSigStub.exe
    2011-01-21 00:41:15 -------- d-----w- g:\documents and settings\chris d\Tracing
    2011-01-21 00:40:15 3426072 ----a-w- g:\windows\system32\d3dx9_32.dll
    2011-01-21 00:40:11 -------- d-----w- g:\program files\Microsoft SQL Server Compact Edition
    2011-01-21 00:39:34 -------- d-----w- g:\program files\Microsoft
    2011-01-21 00:39:17 -------- d-----w- g:\program files\Windows Live SkyDrive
    2011-01-21 00:38:22 74520 ----a-w- g:\program files\common files\windows live\.cache\8195d7b41cbb903\DSETUP.dll
    2011-01-21 00:38:22 484632 ----a-w- g:\program files\common files\windows live\.cache\8195d7b41cbb903\DXSETUP.exe
    2011-01-21 00:38:22 1670936 ----a-w- g:\program files\common files\windows live\.cache\8195d7b41cbb903\dsetup32.dll
    2011-01-21 00:38:17 1013800 ----a-w- g:\program files\common files\windows live\.cache\7f2791f21cbb903\WindowsXP-KB954708-x86-ENU.exe
    2011-01-21 00:36:30 -------- d-----w- g:\program files\common files\Windows Live
    2011-01-21 00:34:19 -------- d-----w- g:\program files\Microsoft Security Essentials
    2011-01-21 00:27:51 -------- d-----w- g:\windows\system32\XPSViewer
    2011-01-21 00:27:23 89088 ----a-w- g:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2011-01-21 00:27:15 89088 -c----w- g:\windows\system32\dllcache\filterpipelineprintproc.dll
    2011-01-21 00:27:15 597504 -c----w- g:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2011-01-21 00:27:15 597504 ------w- g:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2011-01-21 00:27:15 575488 -c----w- g:\windows\system32\dllcache\xpsshhdr.dll
    2011-01-21 00:27:15 575488 ------w- g:\windows\system32\xpsshhdr.dll
    2011-01-21 00:27:15 1676288 -c----w- g:\windows\system32\dllcache\xpssvcs.dll
    2011-01-21 00:27:15 1676288 ------w- g:\windows\system32\xpssvcs.dll
    2011-01-21 00:27:15 117760 ------w- g:\windows\system32\prntvpt.dll
    2011-01-21 00:24:18 -------- d-----w- g:\docume~1\chrisd~1\locals~1\applic~1\Identities
    2011-01-21 00:24:15 -------- d-----w- g:\docume~1\chrisd~1\applic~1\Windows Desktop Search
    2011-01-21 00:23:51 -------- d-----w- g:\windows\system32\GroupPolicy
    2011-01-21 00:23:51 -------- d-----w- g:\program files\Windows Desktop Search
    2011-01-21 00:23:12 98304 -c----w- g:\windows\system32\dllcache\nlhtml.dll
    2011-01-21 00:23:12 29696 -c----w- g:\windows\system32\dllcache\mimefilt.dll
    2011-01-21 00:23:12 192000 -c----w- g:\windows\system32\dllcache\offfilt.dll
    2011-01-21 00:22:50 -------- d-----w- g:\program files\Windows Media Connect 2
    2011-01-21 00:21:35 -------- d-----w- g:\windows\system32\LogFiles
    2011-01-21 00:21:03 6272 -c--a-w- g:\windows\system32\dllcache\splitter.sys
    2011-01-21 00:21:03 6272 ----a-w- g:\windows\system32\drivers\splitter.sys
    2011-01-21 00:21:00 83072 -c--a-w- g:\windows\system32\dllcache\wdmaud.sys
    2011-01-21 00:21:00 83072 ----a-w- g:\windows\system32\drivers\wdmaud.sys
    2011-01-21 00:19:53 -------- d-----w- g:\windows\system32\data
    2011-01-21 00:19:51 4096 -c--a-w- g:\windows\system32\dllcache\ksuser.dll
    2011-01-21 00:19:51 4096 ----a-w- g:\windows\system32\ksuser.dll
    2011-01-21 00:19:51 146048 -c--a-w- g:\windows\system32\dllcache\portcls.sys
    2011-01-21 00:19:51 146048 ----a-w- g:\windows\system32\drivers\portcls.sys
    2011-01-21 00:19:51 129536 ----a-w- g:\windows\system32\ksproxy.ax
    2011-01-21 00:19:50 60160 -c--a-w- g:\windows\system32\dllcache\drmk.sys
    2011-01-21 00:19:50 60160 ----a-w- g:\windows\system32\drivers\drmk.sys
    2011-01-21 00:18:29 -------- d-----w- g:\windows\system32\URTTemp
    2011-01-21 00:18:11 7680 -c----w- g:\windows\system32\dllcache\iecompat.dll
    2011-01-21 00:02:23 40960 -c----w- g:\windows\system32\dllcache\ndproxy.sys
    2011-01-21 00:02:03 45568 -c----w- g:\windows\system32\dllcache\wab.exe
    2011-01-21 00:01:43 953856 -c----w- g:\windows\system32\dllcache\mfc40u.dll
    2011-01-21 00:01:42 974848 -c----w- g:\windows\system32\dllcache\mfc42.dll
    2011-01-21 00:01:19 617472 -c----w- g:\windows\system32\dllcache\comctl32.dll
    2011-01-20 23:44:44 -------- d-----w- g:\windows\system32\scripting
    2011-01-20 23:44:41 -------- d-----w- g:\windows\system32\en
    2011-01-20 23:44:41 -------- d-----w- g:\windows\l2schemas
    2011-01-20 23:40:27 -------- d-----w- g:\windows\network diagnostic
    2011-01-20 23:28:41 -------- d-sh--w- g:\documents and settings\chris d\PrivacIE
    2011-01-20 23:27:40 -------- d-sh--w- g:\documents and settings\chris d\IETldCache
    2011-01-20 23:25:34 -------- d-----w- g:\windows\ie8updates
    2011-01-20 23:25:11 12800 -c----w- g:\windows\system32\dllcache\xpshims.dll
    2011-01-20 23:25:09 602112 -c----w- g:\windows\system32\dllcache\msfeeds.dll
    2011-01-20 23:25:09 55296 -c----w- g:\windows\system32\dllcache\msfeedsbs.dll
    2011-01-20 23:25:09 247808 -c----w- g:\windows\system32\dllcache\ieproxy.dll
    2011-01-20 23:25:09 1991680 -c----w- g:\windows\system32\dllcache\iertutil.dll
    2011-01-20 23:25:08 743424 -c----w- g:\windows\system32\dllcache\iedvtool.dll
    2011-01-20 23:25:08 11080704 -c----w- g:\windows\system32\dllcache\ieframe.dll
    2011-01-20 23:24:10 -------- dc-h--w- g:\windows\ie8
    2011-01-20 21:40:58 364544 -c----w- g:\windows\system32\dllcache\npdsplay.dll
    2011-01-20 21:22:56 3558912 -c----w- g:\windows\system32\dllcache\moviemk.exe
    2011-01-20 21:21:45 331776 -c----w- g:\windows\system32\dllcache\msadce.dll
    2011-01-20 21:21:33 293376 ------w- g:\windows\system32\browserchoice.exe
    2011-01-20 21:20:30 272128 -c----w- g:\windows\system32\dllcache\bthport.sys
    2011-01-20 21:20:27 2066432 -c----w- g:\windows\system32\dllcache\mstscax.dll
    2011-01-20 21:20:21 203136 -c----w- g:\windows\system32\dllcache\rmcast.sys
    2011-01-20 21:20:17 337408 -c----w- g:\windows\system32\dllcache\netapi32.dll
    2011-01-20 21:20:13 1172480 -c----w- g:\windows\system32\dllcache\msxml3.dll
    2011-01-20 21:19:46 5120 ----a-w- g:\windows\system32\xpsp4res.dll
    2011-01-20 21:19:45 218112 -c----w- g:\windows\system32\dllcache\wordpad.exe
    2011-01-20 21:09:42 -------- d-----w- g:\windows\system32\PreInstall
    2011-01-20 21:09:40 -------- d--h--w- g:\windows\$hf_mig$
    2011-01-20 21:04:59 -------- d-----w- g:\windows\system32\wbem\AutoRecover
    2011-01-20 21:04:44 -------- d-s---w- g:\windows\system32\Microsoft
    2011-01-20 20:55:45 -------- d-----w- g:\windows\ServicePackFiles
    2011-01-20 20:53:50 2897920 ------w- g:\windows\system32\xpsp2res.dll
    2011-01-20 20:52:57 19528 ----a-w- g:\windows\002232_.tmp
    2011-01-20 20:52:54 -------- d-----w- g:\windows\system32\ReinstallBackups
    2011-01-20 20:52:41 26144 ----a-w- g:\windows\system32\spupdsvc.exe
    2011-01-20 20:50:46 -------- d-----w- g:\windows\EHome
    2011-01-20 20:42:17 -------- d-----w- G:\d20d9068a7ace869771b9d
    2011-01-20 20:41:43 -------- d-----w- G:\4af052ee55cff33c66d9ab1e71ffc0a
    2011-01-20 20:39:23 239104 ----a-w- g:\windows\system32\srrstr.dll
    2011-01-20 20:38:31 25600 ----a-w- g:\windows\system32\xpsp1hfm.exe
    2011-01-20 20:38:31 -------- dc-h--w- g:\windows\$xpsp1hfm$
    2011-01-20 20:38:31 -------- d-----w- G:\7d7968cd29c66b45c3c431dd165c32ae
    2011-01-20 20:33:25 -------- d-----w- g:\windows\system32\bits
    2011-01-20 20:33:11 8192 ------w- g:\windows\system32\bitsprx2.dll
    2011-01-20 20:33:11 7168 ------w- g:\windows\system32\bitsprx3.dll
    2011-01-20 20:33:11 438784 ----a-w- g:\windows\system32\xpob2res.dll
    2011-01-20 20:33:11 354816 ----a-w- g:\windows\system32\winhttp.dll
    2011-01-20 20:33:11 18944 ----a-w- g:\windows\system32\qmgrprxy.dll
    2011-01-20 20:32:38 274288 ----a-w- g:\windows\system32\mucltui.dll
    2011-01-20 20:32:38 16736 ----a-w- g:\windows\system32\mucltui.dll.mui
    2011-01-20 20:32:06 217816 ----a-w- g:\windows\system32\wuaucpl.cpl
    2011-01-20 20:32:06 21728 ----a-w- g:\windows\system32\wucltui.dll.mui
    2011-01-20 20:32:06 17632 ----a-w- g:\windows\system32\wuaueng.dll.mui
    2011-01-20 20:32:06 15072 ----a-w- g:\windows\system32\wuaucpl.cpl.mui
    2011-01-20 20:32:06 15064 ----a-w- g:\windows\system32\wuapi.dll.mui
    2011-01-20 20:31:30 -------- d-sh--w- g:\documents and settings\chris d\UserData
    2011-01-20 20:20:16 446464 ----a-w- g:\windows\system32\nvudisp.exe
    2011-01-20 20:20:16 -------- d-----w- g:\windows\nview
    2011-01-20 20:15:00 446464 ----a-w- g:\windows\system32\NVUNINST.EXE
    2011-01-20 20:14:57 729088 ----a-w- g:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
    2011-01-20 20:14:57 69715 ----a-w- g:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
    2011-01-20 20:14:57 5632 ----a-w- g:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
    2011-01-20 20:14:57 32768 ----a-w- g:\program files\common files\installshield\professional\runtime\Objectps.dll
    2011-01-20 20:14:57 266240 ----a-w- g:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
    2011-01-20 20:14:57 192512 ----a-w- g:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
    2011-01-20 20:14:51 188548 ----a-w- g:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
    2011-01-20 20:14:50 311428 ----a-w- g:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
    2011-01-20 20:14:28 -------- d-----w- g:\program files\NVIDIA
    ==================== Find3M ====================
    2011-01-21 00:20:15 409600 ----a-w- g:\windows\system32\wrap_oal.dll
    2011-01-21 00:20:15 114688 ----a-w- g:\windows\system32\OpenAL32.dll
    2010-11-18 18:12:44 81920 ----a-w- g:\windows\system32\isign32.dll
    2010-11-09 14:52:35 249856 ----a-w- g:\windows\system32\odbc32.dll
    2010-11-06 00:26:58 916480 ----a-w- g:\windows\system32\wininet.dll
    2010-11-06 00:26:58 43520 ----a-w- g:\windows\system32\licmgr10.dll
    2010-11-06 00:26:58 1469440 ------w- g:\windows\system32\inetcpl.cpl
    2010-11-03 12:25:54 385024 ----a-w- g:\windows\system32\html.iec
    2010-10-28 13:13:22 290048 ----a-w- g:\windows\system32\atmfd.dll
    2010-10-26 13:25:00 1853312 ----a-w- g:\windows\system32\win32k.sys
    ============= FINISH: 16:18:17.90 ===============


    I have also attached the other log from DDS to this post.

    Here is my ark.txt file from GMER:

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-22 17:49:15
    Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c HDT722516DLAT80 rev.V43OA96A
    Running: sxlj1m4u.exe; Driver: G:\DOCUME~1\CHRISD~1\LOCALS~1\Temp\kxtdqpod.sys

    ---- Kernel code sections - GMER 1.0.15 ----
    .text G:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF784D360, 0x37388D, 0xE8000020]
    ---- User code sections - GMER 1.0.15 ----
    .text G:\WINDOWS\system32\SearchIndexer.exe[1852] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C G:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3644] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3644] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3644] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3644] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3644] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3644] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3644] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3644] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3644] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3836] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3836] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3836] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3836] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3836] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3836] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3836] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3836] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3836] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3836] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3836] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3836] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3836] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3836] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3852] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3852] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3860] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3860] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3920] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3920] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3920] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3920] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3920] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3920] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3920] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3920] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3920] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3920] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3920] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3920] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3920] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3920] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3944] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[3944] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[4060] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[4060] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[4060] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[4060] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[4060] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[4060] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[4060] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[4060] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[4060] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[4060] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[4060] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[4060] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[4060] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text G:\Program Files\Internet Explorer\iexplore.exe[4060] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    ---- EOF - GMER 1.0.15 ----


    I have just noticed that the logs only seem to mention drive G, which is the new hdd, but not the old drive which has the issue (drive C). I did try getting GMER to scan drive C but it still only scanned G anyway.

    Do these programs only scan the drive they are installed on? I can still access the files on the old hdd, so if needed i could try to install them there and scan again.

    Any help would be greatly appreciated :)
     

    Attached Files:

  2. chrisd84

    chrisd84 Thread Starter

    Joined:
    Jan 22, 2011
    Messages:
    33
    A small update to add.

    I have just noticed a shortcut on the second account on my old drive that is called "Palladium for Windows". I checked the properties and it lists the 'start in' as "C:\Documents and Settings\Gemma\Application Data\" (the second account) and the target as "G:\Documents and Settings\Chris D\Application Data\palladium.exe" (my account on the new hdd).

    Having looked at the history in MSE, it did also remove a "Rogue:Win32/FakePav" and a "TrojanDropper:Win32/FakePav" after it had remove the Alureon.A trojan. The details given were:

    Items:
    containerfile:C:\Documents and Settings\Gemma\Local Settings\Temp\0740cc5c.exe
    containerfile:C:\Documents and Settings\Gemma\Local Settings\Temp\b58e3206.exe
    file:C:\Documents and Settings\Gemma\Local Settings\Temp\0740cc5c.exe->(UPX)
    file:C:\Documents and Settings\Gemma\Local Settings\Temp\b58e3206.exe->(UPX)

    and

    Items:
    containerfile:C:\Documents and Settings\Gemma\Application Data\palladium.exe
    file:C:\Documents and Settings\Gemma\Application Data\palladium.exe->(UPX)


    I don't know if this is the same trojan or if they are related in some way, but i thought i would mention it just incase.
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
  4. chrisd84

    chrisd84 Thread Starter

    Joined:
    Jan 22, 2011
    Messages:
    33
    Hello, thank you for your reply.

    I just ran TDSS killer but as i am on a different hdd to the one infected, it only seemed to scan my current drive (G), whereas i need it to scan the C drive on the old hdd.

    As i cannot get the other drive to boot, is there any way around this?

    TDSS found no threats on drive G by the way.

    Thanks for any further suggestions (y)
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    try this
    it normally scans all discs
    Download MBR Check to your desktop

    • Right click MBRcheck.exe and select Run as Administrator (Vista or windows 7) or Double click MBRcheck.exe to run it (XP)
    • It will show a Black screen with some data on it
    • it will create a log called MBRcheck_time and date.txt on desktop
    • Post that resultant log here please
    • Do NOT fix anything or run any suggested fix before we see the report
     
  6. chrisd84

    chrisd84 Thread Starter

    Joined:
    Jan 22, 2011
    Messages:
    33
    Hello

    Sorry for the late reply, i've just recently got home from work.

    Here is the log from MBR Check:

    MBRCheck, version 1.2.3
    (c) 2010, AD
    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x000001fd
    Kernel Drivers (total 126):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806FF000 \WINDOWS\system32\hal.dll
    0xF8C35000 \WINDOWS\system32\KDCOM.DLL
    0xF8B45000 \WINDOWS\system32\BOOTVID.dll
    0xF8735000 04325162.sys
    0xF86E6000 ACPI.sys
    0xF8C37000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
    0xF86D5000 pci.sys
    0xF8745000 isapnp.sys
    0xF8755000 ohci1394.sys
    0xF8765000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
    0xF8CFD000 pciide.sys
    0xF89B5000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
    0xF8775000 MountMgr.sys
    0xF86B6000 ftdisk.sys
    0xF89BD000 PartMgr.sys
    0xF8785000 VolSnap.sys
    0xF869E000 atapi.sys
    0xF8795000 disk.sys
    0xF87A5000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
    0xF867E000 fltmgr.sys
    0xF866C000 sr.sys
    0xF8655000 KSecDD.sys
    0xF85C8000 Ntfs.sys
    0xF859B000 NDIS.sys
    0xF8581000 Mup.sys
    0xF87B5000 agp440.sys
    0xF8945000 \SystemRoot\System32\DRIVERS\intelppm.sys
    0xF7EF8000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
    0xF7EE4000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
    0xF8A5D000 \SystemRoot\System32\DRIVERS\usbuhci.sys
    0xF7EC0000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
    0xF8955000 \SystemRoot\System32\DRIVERS\nic1394.sys
    0xF7E3F000 \SystemRoot\system32\drivers\ctaud2k.sys
    0xF7E1B000 \SystemRoot\system32\drivers\portcls.sys
    0xF8965000 \SystemRoot\system32\drivers\drmk.sys
    0xF7DF8000 \SystemRoot\system32\drivers\ks.sys
    0xF7DC4000 \SystemRoot\system32\drivers\ctoss2k.sys
    0xF8A65000 \SystemRoot\system32\drivers\ctprxy2k.sys
    0xF8BF5000 \SystemRoot\system32\DRIVERS\gameenum.sys
    0xF8A6D000 \SystemRoot\system32\DRIVERS\DLKRTS.SYS
    0xF8A75000 \SystemRoot\System32\DRIVERS\fdc.sys
    0xF8975000 \SystemRoot\System32\DRIVERS\serial.sys
    0xF8BF9000 \SystemRoot\System32\DRIVERS\serenum.sys
    0xF7DB0000 \SystemRoot\System32\DRIVERS\parport.sys
    0xF8985000 \SystemRoot\System32\DRIVERS\i8042prt.sys
    0xF8A7D000 \SystemRoot\System32\DRIVERS\kbdclass.sys
    0xF8995000 \SystemRoot\System32\Drivers\Imapi.SYS
    0xF89A5000 \SystemRoot\System32\DRIVERS\cdrom.sys
    0xF87E5000 \SystemRoot\System32\DRIVERS\redbook.sys
    0xF8D37000 \SystemRoot\System32\DRIVERS\audstub.sys
    0xF87F5000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
    0xF8C01000 \SystemRoot\System32\DRIVERS\ndistapi.sys
    0xF7D99000 \SystemRoot\System32\DRIVERS\ndiswan.sys
    0xF8805000 \SystemRoot\System32\DRIVERS\raspppoe.sys
    0xF8815000 \SystemRoot\System32\DRIVERS\raspptp.sys
    0xF8A85000 \SystemRoot\System32\DRIVERS\TDI.SYS
    0xF7CE8000 \SystemRoot\System32\DRIVERS\psched.sys
    0xF8825000 \SystemRoot\System32\DRIVERS\msgpc.sys
    0xF8A8D000 \SystemRoot\System32\DRIVERS\ptilink.sys
    0xF8A95000 \SystemRoot\System32\DRIVERS\raspti.sys
    0xF8835000 \SystemRoot\System32\DRIVERS\termdd.sys
    0xF8A9D000 \SystemRoot\System32\DRIVERS\mouclass.sys
    0xF8C4D000 \SystemRoot\System32\DRIVERS\swenum.sys
    0xF7C8A000 \SystemRoot\System32\DRIVERS\update.sys
    0xF8C0D000 \SystemRoot\System32\DRIVERS\mssmbios.sys
    0xF8855000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF8865000 \SystemRoot\System32\DRIVERS\usbhub.sys
    0xF8C53000 \SystemRoot\System32\DRIVERS\USBD.SYS
    0xF4CFF000 \SystemRoot\system32\drivers\hap16v2k.sys
    0xF4BF5000 \SystemRoot\system32\drivers\ha10kx2k.sys
    0xF4BC6000 \SystemRoot\system32\drivers\emupia2k.sys
    0xF4B8A000 \SystemRoot\system32\drivers\ctsfm2k.sys
    0xF4AEE000 \SystemRoot\system32\drivers\ctac32k.sys
    0xF4AD3000 \SystemRoot\System32\drivers\COMMONFX.SYS
    0xF4A48000 \SystemRoot\System32\drivers\CTAUDFX.SYS
    0xF49BA000 \SystemRoot\System32\drivers\CTSBLFX.SYS
    0xF8ABD000 \SystemRoot\System32\DRIVERS\flpydisk.sys
    0xF496F000 \SystemRoot\system32\DRIVERS\MpFilter.sys
    0xF8BD1000 \SystemRoot\System32\DRIVERS\hidusb.sys
    0xF8915000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
    0xF8AED000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
    0xF491E000 \SystemRoot\system32\DRIVERS\0432516.sys
    0xF8C7F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF8E34000 \SystemRoot\System32\Drivers\Null.SYS
    0xF8C81000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF8AFD000 \SystemRoot\System32\drivers\vga.sys
    0xF8C83000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF8C85000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF8B05000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF8B0D000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF8BD9000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0xF48EB000 \SystemRoot\System32\DRIVERS\ipsec.sys
    0xF4892000 \SystemRoot\System32\DRIVERS\tcpip.sys
    0xF486A000 \SystemRoot\System32\DRIVERS\netbt.sys
    0xF4844000 \SystemRoot\System32\DRIVERS\ipnat.sys
    0xF4822000 \SystemRoot\System32\drivers\afd.sys
    0xF8925000 \SystemRoot\System32\DRIVERS\netbios.sys
    0xF47F7000 \SystemRoot\System32\DRIVERS\rdbss.sys
    0xF4787000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
    0xF7D89000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF7D79000 \SystemRoot\System32\DRIVERS\wanarp.sys
    0xF7D69000 \SystemRoot\System32\DRIVERS\arp1394.sys
    0xF423F000 \SystemRoot\system32\DRIVERS\04325161.sys
    0xF7C76000 \SystemRoot\System32\DRIVERS\mouhid.sys
    0xF7D09000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xF4227000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF8C9B000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF8545000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF8A15000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF8DAB000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\nv4_disp.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xBA704000 \SystemRoot\System32\DRIVERS\ndisuio.sys
    0xBA463000 \SystemRoot\System32\DRIVERS\mrxdav.sys
    0xF8C45000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xBA2CB000 \SystemRoot\System32\DRIVERS\srv.sys
    0xF8A3D000 \??\G:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A09F7B9-4E4C-4975-81AE-FBB214924886}\MpKsl549f44d1.sys
    0xB9F96000 \SystemRoot\system32\drivers\wdmaud.sys
    0xBA15B000 \SystemRoot\system32\drivers\sysaudio.sys
    0xB9D47000 \SystemRoot\System32\Drivers\HTTP.sys
    0xB9012000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xB8BD4000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll
    Processes (total 35):
    0 System Idle Process
    4 System
    492 G:\WINDOWS\system32\smss.exe
    548 csrss.exe
    572 G:\WINDOWS\system32\winlogon.exe
    616 G:\WINDOWS\system32\services.exe
    628 G:\WINDOWS\system32\lsass.exe
    788 G:\WINDOWS\system32\svchost.exe
    844 svchost.exe
    912 G:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    952 G:\WINDOWS\system32\svchost.exe
    1028 svchost.exe
    1172 svchost.exe
    1316 G:\WINDOWS\system32\spoolsv.exe
    1804 svchost.exe
    1852 G:\Program Files\bin\jqs.exe
    1876 G:\WINDOWS\system32\nvsvc32.exe
    1968 G:\WINDOWS\system32\searchindexer.exe
    1464 alg.exe
    2036 G:\WINDOWS\explorer.exe
    1576 G:\WINDOWS\system32\rundll32.exe
    1608 G:\Program Files\Microsoft Security Essentials\msseces.exe
    1224 G:\Program Files\Common Files\Java\Java Update\jusched.exe
    1668 G:\WINDOWS\system32\CtHelper.exe
    1692 G:\WINDOWS\system32\ctfmon.exe
    1704 G:\Program Files\Windows Live\Messenger\msnmsgr.exe
    2076 G:\Program Files\Windows Desktop Search\WindowsSearch.exe
    2500 G:\Program Files\Windows Live\Contacts\wlcomm.exe
    3372 G:\Program Files\mIRC\mirc.exe
    3736 G:\Program Files\Internet Explorer\iexplore.exe
    3800 G:\Program Files\Internet Explorer\iexplore.exe
    4092 G:\WINDOWS\system32\searchprotocolhost.exe
    336 G:\Program Files\Internet Explorer\iexplore.exe
    3684 searchfilterhost.exe
    2980 G:\Documents and Settings\Chris D\Desktop\MBRCheck.exe
    \\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive1 at offset 0x00000002`7116f400 (NTFS)
    \\.\E: --> \\.\PhysicalDrive1 at offset 0x00000009`c3dcd400 (NTFS)
    \\.\G: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\H: --> \\.\PhysicalDrive0 at offset 0x00000002`ee1b7200
    \\.\I: --> \\.\PhysicalDrive0 at offset 0x00000009`c45a5600
    PhysicalDrive1 Model Number: HDT722516DLAT80, Rev: V43OA96A
    PhysicalDrive0 Model Number: WDCWD1600AAJB-22WRA0, Rev: 58.01H58
    Size Device Name MBR Status
    --------------------------------------------
    153 GB \\.\PhysicalDrive1 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

    Done!
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    That is clear
    Please download Malwarebytes' Anti-Malware to your desktop
    from HERE orHERE

    Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

    Update Malwarebytes' Anti-Malware. Launch Malwarebytes' Anti-Malware. Then click Finish.

    If an update is found, it will download and install the latest version. Press Update to make sure the latest database is loaded.
    Once the program has loaded, select Perform full scan, then click Scan.
    When the scan is complete, click OK, then Show Results to view the results.
    Be sure that everything is checked, and click Remove Selected.
    When completed, a log will open in Notepad.
    Please include this log in your next reply.

    It might ask you to reboot to finish cleaning. Please do so. ( Press YES on the alert)
    If you receive an (Error Loading xxxxxxxxxx .dll) error on reboot please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it continues on every boot
     
  8. chrisd84

    chrisd84 Thread Starter

    Joined:
    Jan 22, 2011
    Messages:
    33
    Sorry for the late reply.

    Here is the log from MalwareBytes:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org
    Database version: 5599
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702
    25/01/2011 21:44:19
    mbam-log-2011-01-25 (21-44-19).txt
    Scan type: Full scan (C:\|D:\|E:\|G:\|H:\|I:\|)
    Objects scanned: 308196
    Time elapsed: 2 hour(s), 12 minute(s), 55 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)


    I had actually downloaded MalwareBytes a few days ago and it did find and remove some files, but the Kaspersky Virus Removal Tool still seemed to detect problems after each reboot, so i must have assumed it was still there :eek:

    Here is that MWB log:


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org
    Database version: 5576
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702
    23/01/2011 23:17:29
    mbam-log-2011-01-23 (23-17-29).txt
    Scan type: Full scan (C:\|D:\|E:\|G:\|H:\|I:\|)
    Objects scanned: 305290
    Time elapsed: 2 hour(s), 15 minute(s), 35 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 5
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\AWFTX3YG\dm11[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:\WINDOWS\Temp\57.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:\WINDOWS\Temp\5F.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
    e:\system volume information\_restore{f825d630-a5f5-4824-aee6-d8b58b6aef8e}\RP26\A0009319.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
    e:\system volume information\_restore{f825d630-a5f5-4824-aee6-d8b58b6aef8e}\RP26\A0009320.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.


    Before i posted this thread it had appeared that the Kaspersky Virus Removal Tool had removed a rootkit, but after booting into windows on the old drive, it returned. Would you suggest that i try this again now?
     
  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
  10. chrisd84

    chrisd84 Thread Starter

    Joined:
    Jan 22, 2011
    Messages:
    33
    Hello

    I ran the scan from the old drive with tdss killer as requested, here is the log:

    2011/01/26 18:47:38.0875 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
    2011/01/26 18:47:38.0875 ================================================================================
    2011/01/26 18:47:38.0875 SystemInfo:
    2011/01/26 18:47:38.0875
    2011/01/26 18:47:38.0875 OS Version: 5.1.2600 ServicePack: 3.0
    2011/01/26 18:47:38.0875 Product type: Workstation
    2011/01/26 18:47:38.0875 ComputerName: CHRIS
    2011/01/26 18:47:38.0875 UserName: Chris D
    2011/01/26 18:47:38.0875 Windows directory: C:\WINDOWS
    2011/01/26 18:47:38.0875 System windows directory: C:\WINDOWS
    2011/01/26 18:47:38.0875 Processor architecture: Intel x86
    2011/01/26 18:47:38.0875 Number of processors: 2
    2011/01/26 18:47:38.0875 Page size: 0x1000
    2011/01/26 18:47:38.0875 Boot type: Normal boot
    2011/01/26 18:47:38.0875 ================================================================================
    2011/01/26 18:47:41.0343 Initialize success
    2011/01/26 18:47:50.0937 ================================================================================
    2011/01/26 18:47:50.0937 Scan started
    2011/01/26 18:47:50.0937 Mode: Manual;
    2011/01/26 18:47:50.0937 ================================================================================
    2011/01/26 18:47:52.0843 a347bus (1f61cacacb521215f39061789147968c) C:\WINDOWS\system32\DRIVERS\a347bus.sys
    2011/01/26 18:47:53.0062 a347scsi (113e4b318bbaa7483ca4e582a4d63f49) C:\WINDOWS\system32\Drivers\a347scsi.sys
    2011/01/26 18:47:53.0265 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/01/26 18:47:53.0671 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/01/26 18:47:53.0937 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/01/26 18:47:54.0031 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/01/26 18:47:54.0265 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2011/01/26 18:47:54.0968 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/01/26 18:47:55.0421 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/01/26 18:47:55.0703 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/01/26 18:47:55.0703 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\atapi.sys. md5: 9f3a2f5aa6875c72bf062c712cfa2674
    2011/01/26 18:47:55.0718 atapi - detected Locked file (1)
    2011/01/26 18:47:55.0890 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/01/26 18:47:56.0109 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/01/26 18:47:56.0343 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
    2011/01/26 18:47:56.0562 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
    2011/01/26 18:47:56.0750 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
    2011/01/26 18:47:56.0937 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/01/26 18:47:57.0171 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/01/26 18:47:57.0375 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/01/26 18:47:57.0593 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/01/26 18:47:57.0796 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/01/26 18:47:58.0250 ctac32k (39e4d8f8e627eca4a76d9843606bae0a) C:\WINDOWS\system32\drivers\ctac32k.sys
    2011/01/26 18:47:58.0531 ctaud2k (de80bd73c255f8fecaf271c04a022a2f) C:\WINDOWS\system32\drivers\ctaud2k.sys
    2011/01/26 18:47:58.0828 ctdvda2k (18779d6877a2f4ff2f23193fee44b095) C:\WINDOWS\system32\drivers\ctdvda2k.sys
    2011/01/26 18:47:59.0093 ctprxy2k (a07820a06bfdbffa1d207c7778205a4d) C:\WINDOWS\system32\drivers\ctprxy2k.sys
    2011/01/26 18:47:59.0281 ctsfm2k (d29b3eeb5155a06b94f8d75c126a9c0c) C:\WINDOWS\system32\drivers\ctsfm2k.sys
    2011/01/26 18:47:59.0718 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/01/26 18:47:59.0921 DLKRTS (39d78dce2b9ced2b19747bc0c9e8ff10) C:\WINDOWS\system32\DRIVERS\DLKRTS.SYS
    2011/01/26 18:48:00.0171 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/01/26 18:48:00.0484 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/01/26 18:48:00.0687 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/01/26 18:48:00.0875 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/01/26 18:48:01.0015 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/01/26 18:48:01.0109 emupia (39fbced3e762b85846b3da494fcd33fe) C:\WINDOWS\system32\drivers\emupia2k.sys
    2011/01/26 18:48:01.0343 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/01/26 18:48:01.0546 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/01/26 18:48:01.0921 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/01/26 18:48:02.0218 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/01/26 18:48:02.0484 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/01/26 18:48:02.0703 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/01/26 18:48:02.0890 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/01/26 18:48:03.0062 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
    2011/01/26 18:48:03.0203 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/01/26 18:48:03.0484 ha10kx2k (848f9033ad1c2c6f7ee7e65c2daf45f1) C:\WINDOWS\system32\drivers\ha10kx2k.sys
    2011/01/26 18:48:03.0828 hap16v2k (d2fe992041527ef54e438a3fc82d3b23) C:\WINDOWS\system32\drivers\hap16v2k.sys
    2011/01/26 18:48:04.0109 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/01/26 18:48:04.0406 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2011/01/26 18:48:04.0546 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2011/01/26 18:48:04.0734 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2011/01/26 18:48:04.0984 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/01/26 18:48:05.0296 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/01/26 18:48:05.0531 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/01/26 18:48:05.0859 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/01/26 18:48:06.0093 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/01/26 18:48:06.0328 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/01/26 18:48:06.0453 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/01/26 18:48:06.0640 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/01/26 18:48:06.0859 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/01/26 18:48:07.0062 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/01/26 18:48:07.0250 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/01/26 18:48:07.0468 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/01/26 18:48:07.0703 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/01/26 18:48:07.0781 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/01/26 18:48:08.0078 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/01/26 18:48:08.0281 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/01/26 18:48:08.0500 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/01/26 18:48:08.0671 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/01/26 18:48:08.0781 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/01/26 18:48:09.0046 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/01/26 18:48:09.0171 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/01/26 18:48:09.0437 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/01/26 18:48:09.0656 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/01/26 18:48:09.0843 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/01/26 18:48:10.0046 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/01/26 18:48:10.0171 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/01/26 18:48:10.0375 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/01/26 18:48:10.0593 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/01/26 18:48:10.0828 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/01/26 18:48:11.0062 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/01/26 18:48:11.0156 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/01/26 18:48:11.0375 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/01/26 18:48:11.0515 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/01/26 18:48:11.0734 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/01/26 18:48:11.0953 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/01/26 18:48:12.0125 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/01/26 18:48:12.0281 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/01/26 18:48:12.0531 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/01/26 18:48:15.0593 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/01/26 18:48:18.0796 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/01/26 18:48:18.0906 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/01/26 18:48:19.0125 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/01/26 18:48:19.0375 ossrv (64631723b13cbcc153294347535844be) C:\WINDOWS\system32\drivers\ctoss2k.sys
    2011/01/26 18:48:19.0656 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/01/26 18:48:19.0859 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/01/26 18:48:20.0062 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/01/26 18:48:20.0156 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/01/26 18:48:20.0468 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/01/26 18:48:20.0671 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/01/26 18:48:21.0250 PfDetNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
    2011/01/26 18:48:21.0453 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/01/26 18:48:21.0640 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    2011/01/26 18:48:21.0875 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/01/26 18:48:22.0140 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/01/26 18:48:22.0359 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/01/26 18:48:22.0828 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/01/26 18:48:23.0000 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/01/26 18:48:23.0218 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/01/26 18:48:23.0406 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/01/26 18:48:23.0593 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/01/26 18:48:23.0953 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/01/26 18:48:24.0328 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/01/26 18:48:24.0453 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/01/26 18:48:24.0671 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    2011/01/26 18:48:24.0890 s125bus (06847aa6f3a9bf7c44134d00a2e578c0) C:\WINDOWS\system32\DRIVERS\s125bus.sys
    2011/01/26 18:48:25.0125 s125mdfl (f83f88e1b125308fb5015ea0349502b0) C:\WINDOWS\system32\DRIVERS\s125mdfl.sys
    2011/01/26 18:48:25.0312 s125mdm (402a97756c14940ad6ae5169c2fb105e) C:\WINDOWS\system32\DRIVERS\s125mdm.sys
    2011/01/26 18:48:25.0468 s125mgmt (82b14c51de76825ec769a6374e4c57d6) C:\WINDOWS\system32\DRIVERS\s125mgmt.sys
    2011/01/26 18:48:25.0656 s125obex (bedfc5707c356fd073bf1a4afe442d91) C:\WINDOWS\system32\DRIVERS\s125obex.sys
    2011/01/26 18:48:25.0875 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/01/26 18:48:25.0953 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/01/26 18:48:26.0140 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/01/26 18:48:26.0406 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/01/26 18:48:26.0750 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/01/26 18:48:26.0828 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/01/26 18:48:27.0109 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/01/26 18:48:27.0312 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/01/26 18:48:27.0453 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/01/26 18:48:27.0828 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/01/26 18:48:27.0937 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/01/26 18:48:28.0187 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
    2011/01/26 18:48:28.0421 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/01/26 18:48:28.0625 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/01/26 18:48:28.0812 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/01/26 18:48:29.0093 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
    2011/01/26 18:48:29.0500 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/01/26 18:48:30.0156 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/01/26 18:48:30.0562 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/01/26 18:48:30.0703 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/01/26 18:48:30.0921 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/01/26 18:48:31.0140 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/01/26 18:48:31.0265 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/01/26 18:48:31.0484 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/01/26 18:48:31.0765 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/01/26 18:48:31.0937 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/01/26 18:48:32.0125 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/01/26 18:48:32.0343 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    2011/01/26 18:48:32.0609 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/01/26 18:48:32.0828 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/01/26 18:48:33.0093 ================================================================================
    2011/01/26 18:48:33.0093 Scan finished
    2011/01/26 18:48:33.0093 ================================================================================
    2011/01/26 18:48:33.0109 Detected object count: 1
    2011/01/26 19:00:32.0093 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/01/26 19:00:32.0093 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\atapi.sys. md5: 9f3a2f5aa6875c72bf062c712cfa2674
    2011/01/26 19:00:32.0093 C:\WINDOWS\system32\DRIVERS\atapi.sys - copied to quarantine
    2011/01/26 19:00:32.0093 Locked file(atapi) - User select action: Quarantine


    Just to be sure, i rebooted and scanned again and got the same result (log below just incase):

    2011/01/26 19:11:40.0031 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
    2011/01/26 19:11:40.0031 ================================================================================
    2011/01/26 19:11:40.0031 SystemInfo:
    2011/01/26 19:11:40.0031
    2011/01/26 19:11:40.0031 OS Version: 5.1.2600 ServicePack: 3.0
    2011/01/26 19:11:40.0031 Product type: Workstation
    2011/01/26 19:11:40.0031 ComputerName: CHRIS
    2011/01/26 19:11:40.0031 UserName: Chris D
    2011/01/26 19:11:40.0031 Windows directory: C:\WINDOWS
    2011/01/26 19:11:40.0031 System windows directory: C:\WINDOWS
    2011/01/26 19:11:40.0031 Processor architecture: Intel x86
    2011/01/26 19:11:40.0031 Number of processors: 2
    2011/01/26 19:11:40.0031 Page size: 0x1000
    2011/01/26 19:11:40.0031 Boot type: Normal boot
    2011/01/26 19:11:40.0031 ================================================================================
    2011/01/26 19:11:41.0328 Initialize success
    2011/01/26 19:12:14.0734 ================================================================================
    2011/01/26 19:12:14.0734 Scan started
    2011/01/26 19:12:14.0734 Mode: Manual;
    2011/01/26 19:12:14.0734 ================================================================================
    2011/01/26 19:12:15.0531 a347bus (1f61cacacb521215f39061789147968c) C:\WINDOWS\system32\DRIVERS\a347bus.sys
    2011/01/26 19:12:15.0656 a347scsi (113e4b318bbaa7483ca4e582a4d63f49) C:\WINDOWS\system32\Drivers\a347scsi.sys
    2011/01/26 19:12:15.0843 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/01/26 19:12:16.0000 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/01/26 19:12:16.0156 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/01/26 19:12:16.0250 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/01/26 19:12:16.0406 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2011/01/26 19:12:16.0828 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/01/26 19:12:17.0156 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/01/26 19:12:17.0281 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/01/26 19:12:17.0281 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\atapi.sys. md5: 9f3a2f5aa6875c72bf062c712cfa2674
    2011/01/26 19:12:17.0281 atapi - detected Locked file (1)
    2011/01/26 19:12:17.0453 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/01/26 19:12:17.0562 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/01/26 19:12:17.0734 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
    2011/01/26 19:12:17.0953 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
    2011/01/26 19:12:18.0062 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
    2011/01/26 19:12:18.0234 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/01/26 19:12:18.0343 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/01/26 19:12:18.0546 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/01/26 19:12:18.0656 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/01/26 19:12:18.0812 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/01/26 19:12:19.0203 ctac32k (39e4d8f8e627eca4a76d9843606bae0a) C:\WINDOWS\system32\drivers\ctac32k.sys
    2011/01/26 19:12:19.0406 ctaud2k (de80bd73c255f8fecaf271c04a022a2f) C:\WINDOWS\system32\drivers\ctaud2k.sys
    2011/01/26 19:12:19.0687 ctdvda2k (18779d6877a2f4ff2f23193fee44b095) C:\WINDOWS\system32\drivers\ctdvda2k.sys
    2011/01/26 19:12:19.0796 ctprxy2k (a07820a06bfdbffa1d207c7778205a4d) C:\WINDOWS\system32\drivers\ctprxy2k.sys
    2011/01/26 19:12:19.0937 ctsfm2k (d29b3eeb5155a06b94f8d75c126a9c0c) C:\WINDOWS\system32\drivers\ctsfm2k.sys
    2011/01/26 19:12:20.0187 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/01/26 19:12:20.0328 DLKRTS (39d78dce2b9ced2b19747bc0c9e8ff10) C:\WINDOWS\system32\DRIVERS\DLKRTS.SYS
    2011/01/26 19:12:20.0500 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/01/26 19:12:20.0687 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/01/26 19:12:20.0812 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/01/26 19:12:20.0953 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/01/26 19:12:21.0078 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/01/26 19:12:21.0156 emupia (39fbced3e762b85846b3da494fcd33fe) C:\WINDOWS\system32\drivers\emupia2k.sys
    2011/01/26 19:12:21.0343 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/01/26 19:12:21.0468 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/01/26 19:12:21.0640 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/01/26 19:12:21.0781 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/01/26 19:12:21.0875 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/01/26 19:12:22.0078 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/01/26 19:12:22.0171 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/01/26 19:12:22.0281 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
    2011/01/26 19:12:22.0406 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/01/26 19:12:22.0562 ha10kx2k (848f9033ad1c2c6f7ee7e65c2daf45f1) C:\WINDOWS\system32\drivers\ha10kx2k.sys
    2011/01/26 19:12:22.0859 hap16v2k (d2fe992041527ef54e438a3fc82d3b23) C:\WINDOWS\system32\drivers\hap16v2k.sys
    2011/01/26 19:12:22.0968 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/01/26 19:12:23.0203 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2011/01/26 19:12:23.0359 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2011/01/26 19:12:23.0515 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2011/01/26 19:12:23.0656 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/01/26 19:12:23.0906 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/01/26 19:12:24.0031 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/01/26 19:12:24.0328 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/01/26 19:12:24.0468 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/01/26 19:12:24.0578 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/01/26 19:12:24.0703 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/01/26 19:12:24.0812 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/01/26 19:12:24.0968 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/01/26 19:12:25.0078 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/01/26 19:12:25.0171 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/01/26 19:12:25.0312 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/01/26 19:12:25.0437 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/01/26 19:12:25.0531 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/01/26 19:12:25.0796 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/01/26 19:12:25.0906 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/01/26 19:12:26.0031 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/01/26 19:12:26.0125 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/01/26 19:12:26.0218 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/01/26 19:12:26.0406 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/01/26 19:12:26.0531 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/01/26 19:12:26.0703 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/01/26 19:12:26.0843 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/01/26 19:12:26.0953 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/01/26 19:12:27.0062 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/01/26 19:12:27.0203 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/01/26 19:12:27.0328 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/01/26 19:12:27.0453 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/01/26 19:12:27.0593 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/01/26 19:12:27.0703 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/01/26 19:12:27.0781 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/01/26 19:12:27.0937 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/01/26 19:12:28.0046 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/01/26 19:12:28.0187 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/01/26 19:12:28.0328 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/01/26 19:12:28.0453 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/01/26 19:12:28.0656 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/01/26 19:12:28.0859 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/01/26 19:12:31.0437 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/01/26 19:12:35.0875 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/01/26 19:12:36.0125 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/01/26 19:12:36.0734 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/01/26 19:12:36.0890 ossrv (64631723b13cbcc153294347535844be) C:\WINDOWS\system32\drivers\ctoss2k.sys
    2011/01/26 19:12:37.0234 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/01/26 19:12:37.0437 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/01/26 19:12:37.0671 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/01/26 19:12:37.0828 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/01/26 19:12:38.0140 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/01/26 19:12:38.0343 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/01/26 19:12:39.0265 PfDetNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
    2011/01/26 19:12:39.0500 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/01/26 19:12:39.0718 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    2011/01/26 19:12:39.0890 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/01/26 19:12:40.0109 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/01/26 19:12:40.0203 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/01/26 19:12:40.0593 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/01/26 19:12:40.0671 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/01/26 19:12:40.0812 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/01/26 19:12:40.0921 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/01/26 19:12:41.0046 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/01/26 19:12:41.0171 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/01/26 19:12:41.0328 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/01/26 19:12:41.0437 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/01/26 19:12:41.0593 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    2011/01/26 19:12:41.0734 s125bus (06847aa6f3a9bf7c44134d00a2e578c0) C:\WINDOWS\system32\DRIVERS\s125bus.sys
    2011/01/26 19:12:41.0875 s125mdfl (f83f88e1b125308fb5015ea0349502b0) C:\WINDOWS\system32\DRIVERS\s125mdfl.sys
    2011/01/26 19:12:42.0000 s125mdm (402a97756c14940ad6ae5169c2fb105e) C:\WINDOWS\system32\DRIVERS\s125mdm.sys
    2011/01/26 19:12:42.0140 s125mgmt (82b14c51de76825ec769a6374e4c57d6) C:\WINDOWS\system32\DRIVERS\s125mgmt.sys
    2011/01/26 19:12:42.0281 s125obex (bedfc5707c356fd073bf1a4afe442d91) C:\WINDOWS\system32\DRIVERS\s125obex.sys
    2011/01/26 19:12:42.0437 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/01/26 19:12:42.0515 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/01/26 19:12:42.0625 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/01/26 19:12:42.0750 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/01/26 19:12:43.0031 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/01/26 19:12:43.0156 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/01/26 19:12:43.0296 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/01/26 19:12:43.0453 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/01/26 19:12:43.0562 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/01/26 19:12:43.0875 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/01/26 19:12:43.0984 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/01/26 19:12:44.0187 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
    2011/01/26 19:12:44.0312 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/01/26 19:12:44.0437 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/01/26 19:12:44.0515 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/01/26 19:12:44.0687 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
    2011/01/26 19:12:44.0796 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/01/26 19:12:45.0015 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/01/26 19:12:45.0156 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/01/26 19:12:45.0296 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/01/26 19:12:45.0390 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/01/26 19:12:45.0531 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/01/26 19:12:45.0609 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/01/26 19:12:45.0703 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/01/26 19:12:45.0906 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/01/26 19:12:46.0015 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/01/26 19:12:46.0171 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/01/26 19:12:46.0359 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    2011/01/26 19:12:46.0484 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/01/26 19:12:46.0640 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/01/26 19:12:46.0890 ================================================================================
    2011/01/26 19:12:46.0890 Scan finished
    2011/01/26 19:12:46.0890 ================================================================================
    2011/01/26 19:12:46.0906 Detected object count: 1
    2011/01/26 19:15:47.0609 Locked file(atapi) - User select action: Skip


    So it looks to me as though it is completely gone now, would you agree?

    If there is anything else i should do then just let me know.

    Also, however this thing got onto my pc, AVG Free 8.5 didn't detect it, do you think i should replace it with another AV scanner?

    I also do not use a firewall except for the windows one, is that enough do you think?

    And finally, would you recommend that i change my passwords etc just to be on the safe side?

    Sorry for all the questions, and thanks for your help :)
     
  11. chrisd84

    chrisd84 Thread Starter

    Joined:
    Jan 22, 2011
    Messages:
    33
    I have just finished a full system scan with MalwareBytes, and it found some issues. Here is the log:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5611

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    26/01/2011 23:04:31
    mbam-log-2011-01-26 (23-04-31).txt

    Scan type: Full scan (C:\|D:\|E:\|)
    Objects scanned: 264787
    Time elapsed: 1 hour(s), 39 minute(s), 15 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 4

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\WINDOWS\system32\_id.dat (Malware.Trace) -> Quarantined and deleted successfully.
    c:\documents and settings\Gemma\application data\asdfasfas.bat (Malware.Trace) -> Quarantined and deleted successfully.
    c:\documents and settings\Gemma\Desktop\palladium for windows.lnk (Rogue.Palladium) -> Quarantined and deleted successfully.
    c:\documents and settings\Gemma\start menu\Programs\palladium for windows.lnk (Rogue.Palladium) -> Quarantined and deleted successfully.


    I will re-scan again after rebooting and see if they return or not.
     
  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    That still doesn't look right
    please boot to infected drive &
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Here or Hereto your Desktop.
    As you download it rename it to username123.exe


    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues
     
  13. chrisd84

    chrisd84 Thread Starter

    Joined:
    Jan 22, 2011
    Messages:
    33
    Hello

    Firstly, i scanned with MWB again overnight and the results came up as all clear. Log:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org
    Database version: 5611
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702
    27/01/2011 01:47:28
    mbam-log-2011-01-27 (01-47-28).txt
    Scan type: Full scan (C:\|D:\|E:\|)
    Objects scanned: 264396
    Time elapsed: 1 hour(s), 26 minute(s), 40 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)


    Now, regarding combofix, i disabled my protection as specified in the link provided, however combofix is saying it will not run with AVG installed at all, even though it is currently disabled and closed. Is this normal?

    Please let me know if i should go ahead and uninstall it, and then i will try to run combofix again.

    Thanks :)
     
  14. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    That is correct Combofix will NOT run if AVG is installed and you need to uninstall AVG to run CF
     
  15. chrisd84

    chrisd84 Thread Starter

    Joined:
    Jan 22, 2011
    Messages:
    33
    Okay, thanks.

    However, AVG is refusing to uninstall. I have found a remover tool on the AVG website, but it warns that it will clear all user settings including the virus vault, does this mean that any files in there will be restored, or will they be deleted altogether? (i do have some virus's in the vault currently).

    Also, AVG has popped up twice so far this evening with warnings from the resident shield, here are the logs:

    Resident Shield detection
    "Infection";"Object";"Result";"Detection time";"Object Type";"Process"
    "Trojan horse SHeur3.BMWN";"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MTEIYCWL\dm11[1].exe";"Deleted";"28/01/2011, 18:45:10";"file";"C:\WINDOWS\system32\wscript.exe"
    "Trojan horse SHeur3.BMWN";"C:\System Volume Information\_restore{73D74D78-E673-4BE7-9C5D-326C4DA76C25}\RP860\A0465433.dll";"Moved to Virus Vault";"28/01/2011, 17:54:25";"file";"C:\WINDOWS\system32\cidaemon.exe"
    "Trojan horse SHeur3.BMWF";"C:\System Volume Information\_restore{73D74D78-E673-4BE7-9C5D-326C4DA76C25}\RP860\A0465434.dll";"Moved to Virus Vault";"28/01/2011, 17:54:21";"file";"C:\WINDOWS\system32\cidaemon.exe"

    As you said, something is definately not right still. Please let me know if you think i should go ahead with the AVG removal (i assume i'll have to if i want this solved?)

    Thanks.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/976305

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice