I'm sorry we could not get to your problem sooner. If you still need help, we'll need to see some additional information about what is happening in your machine.

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool.
• Click Yes at the prompt for Optional Scan.
• When done, DDS will open two (2) logs

1. DDS.txt
2. Attach.txt

• Save both reports to your desktop.
• Copy/paste both logs to your reply on the forum. Do not attach them.
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.

Yes, I'm still having issues, however, I was able to download Symantec Virus from my work and it is allowing me to keep it updated, however it did find some things and deleted and quarantined some others. I'm still unable to do any updates on Windows and there are still pop-up windows that are opening up even though the pop-up-blocker is still on.

Below is the information that was requested.

DDS (Ver_10-12-12.02) - NTFSx86 
Run by Danette Yakymac at 23:56:38.61 on Sun 12/19/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1982.1302 [GMT -5:00]

AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\VERIZONDM\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\VERIZONDM\bin\tgsrvc.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Danette Yakymac\Local Settings\Temporary Internet Files\Content.IE5\P83ONLOR\dds[1].scr
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Danette Yakymac\Local Settings\Temporary Internet Files\Content.IE5\PZZAXUX3\dds[1].pif

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AutorunsDisabled - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No File
uRun: [Aim6]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US;_rv:1.9.1.9)_Gecko/20100315_Firefox/3.5.9_(.NET_CLR_3.5.30729)" -"http://www.iwon.com/modules/launchGame/games/includes/blockDotGameIFrame.jhtml?categoryId=2&gameId=519&browser=IE"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Verizon Custom Uninstall Tracking] c:\docume~1\danett~1\locals~1\temp\InstallHelper.exe /uninstalltrackingvendor=Verizon
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [amoenrcxsw.tmp] "c:\docume~1\jonyak~1\locals~1\temp\amoenrcxsw.tmp"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: NameServer = 93.188.163.74,93.188.166.109
TCP: {B3B41B33-E5B1-4ACB-9114-73B62066E9BB} = 93.188.163.74,93.188.166.109
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\danett~1\applic~1\mozilla\firefox\profiles\ox9b8iaf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query=
FF - component: c:\documents and settings\danette yakymac\application data\mozilla\firefox\profiles\ox9b8iaf.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\danette yakymac\application data\mozilla\firefox\profiles\ox9b8iaf.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\danette yakymac\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\danette yakymac\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\jon yakymac\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\jon yakymac\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-5-6 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-5-6 108392]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 98304]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-5-16 632792]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2010-9-29 206120]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-7-1 1832072]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2010-9-29 185640]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-6-24 92008]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-5-17 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-12-3 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101219.003\NAVENG.SYS [2010-12-19 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101219.003\NAVEX15.SYS [2010-12-19 1360760]
S2 RadialpointSafeConnectAgent;Verizon Internet Security Suite SafeConnectAgent;"c:\program files\verizon\verizon internet security suite\safeconnect\bin\sanaagent.exe" radialpointsafeconnectagent --> c:\program files\verizon\verizon internet security suite\safeconnect\bin\SanaAgent.exe [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2010-5-21 23888]
S3 Radialpoint Security Services;Verizon Internet Security Suite;"c:\program files\verizon\verizon internet security suite\rpssecurityawarer.exe" --> c:\program files\verizon\verizon internet security suite\RpsSecurityAwareR.exe [?]
S3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;\??\c:\program files\verizon\verizon internet security suite\safeconnect\driver\platform_xp\safeconnectdriver.sys --> c:\program files\verizon\verizon internet security suite\safeconnect\driver\platform_xp\SafeConnectDriver.sys [?]
S3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;\??\c:\program files\verizon\verizon internet security suite\safeconnect\driver\platform_xp\safeconnectfilter.sys --> c:\program files\verizon\verizon internet security suite\safeconnect\driver\platform_xp\SafeConnectFilter.sys [?]
S3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;\??\c:\program files\verizon\verizon internet security suite\safeconnect\driver\platform_xp\safeconnectshim.sys --> c:\program files\verizon\verizon internet security suite\safeconnect\driver\platform_xp\SafeConnectShim.sys [?]

=============== Created Last 30 ================

2010-12-19 02:49:07 -------- d-----w- c:\docume~1\danett~1\applic~1\Coby Media Manager
2010-12-19 02:48:45 -------- d-----w- c:\program files\Coby
2010-12-19 02:41:41 143360 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin8.dll
2010-12-19 02:41:41 143360 ----a-w- c:\program files\internet explorer\plugins\npqtplugin8.dll
2010-12-03 21:44:28 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2010-12-03 21:43:11 99696 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2010-12-03 21:42:47 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-12-03 21:42:47 125488 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-03 21:42:14 -------- d-----w- c:\program files\Symantec
2010-11-27 05:09:12 -------- d-----w- c:\program files\TrendMicro
2010-11-26 02:07:26 -------- d-----w- c:\docume~1\danett~1\locals~1\applic~1\Deployment
2010-11-24 20:37:39 -------- d-----w- C:\mfe
2010-11-24 20:30:06 -------- d-----w- c:\program files\Citrix
2010-11-24 17:59:38 -------- d-----w- c:\docume~1\danett~1\locals~1\applic~1\Citrix
2010-11-24 17:59:35 103784 ----a-w- c:\documents and settings\danette yakymac\GoToAssistDownloadHelper.exe
2010-11-20 18:25:13 5632 ----a-w- c:\windows\system32\wbem\snmp\smimsgif.dll
2010-11-20 18:25:13 5632 ----a-w- c:\windows\system32\wbem\snmp\smierrsy.dll
2010-11-20 18:25:13 5632 ----a-w- c:\windows\system32\dllcache\smimsgif.dll
2010-11-20 18:25:13 5632 ----a-w- c:\windows\system32\dllcache\smierrsy.dll
2010-11-20 18:25:13 15872 ----a-w- c:\windows\system32\wbem\snmp\smierrsm.dll
2010-11-20 18:25:13 15872 ----a-w- c:\windows\system32\dllcache\smierrsm.dll
2010-11-20 18:25:13 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2010-11-20 18:25:13 10240 ----a-w- c:\windows\system32\dllcache\snmpstup.dll
2010-11-20 18:16:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-11-20 17:52:11 -------- d-----w- C:\c0cb078bc40d780d76
2010-11-20 16:05:15 -------- d-----w- c:\program files\common files\Motive
2010-11-20 15:47:02 8724992 ----a-w- c:\windows\VzInHomeAgentInstaller.msi
2010-11-20 15:36:59 -------- d-----w- c:\program files\VERIZONDM
2010-11-20 15:36:52 9836032 ----a-w- c:\windows\VerizonDM.msi

==================== Find3M  ====================

=================== ROOTKIT  ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160815AS rev.4.ADA -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-5

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A2A8EC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x88723872; SUB DWORD [EBP-0x4], 0x8872312e; PUSH EDI; CALL 0xffffffffffffdf33;  }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x8A44FAB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\0000006f[0x8A54EF18]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x8A376D98]
[0x8A3F9880] -> IRP_MJ_CREATE -> 0x8A2A8EC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a;  }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-5 -> \??\IDE#DiskST3160815AS_____________________________4.ADA___#5&1b2fdaae&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A2A8AEA
user & kernel MBR OK
sectors 312499998 (+255): user != kernel
Warning: possible TDL3 rootkit infection !

============= FINISH: 23:58:03.20 ===============

When you removed McAfee did you use the removal tool, Add/Remove Programs, or both?

Copy/paste both logs to your reply on the forum. Do not attach them.

Please confirm that DDS is on your Desktop. Please post the other log. Thanks.

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• Extract its contents to your desktop.

* We'll need to disable Symantec so it does not interfere.
To disable:
    * Open Symantec Endpoint Protection and then click Change settings from the left menu bar.
    * Click Configure Settings next to Antivirus and Antispyware Protection. Click the File System Auto-Protect tab and uncheck the box labeled Enable File System Auto-Protect. Click OK.
    * Click Configure Settings next to Proactive Threat Protection. Uncheck the boxes labeled Scan for trojans and worms and Scan for keyloggers. Click OK.

To re-enable after the scan is finished:
    * Open Symantec Endpoint Protection and then click Change settings from the left menu bar.
    * Click Configure Settings next to Antivirus and Antispyware Protection. Click the File System Auto-Protect tab and check the box labeled Enable File System Auto-Protect. Click OK.
    * Click Configure Settings next to Proactive Threat Protection. Check the boxes labeled Scan for trojans and worms and Scan for keyloggers. Click OK.

Screenshots and additional information:
http://www.columbia.edu/acis/software/nav/pc-basics.html#disable


Following that, please run TDSSKiller:

• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

• If an infected file is detected, the default action will be Cure Make sure that is selected. Click on Continue.

• If a suspicious file is detected, the default action will be Skip, click on Continue.

• It may ask you to reboot the computer to complete the process. Click on Reboot Now.

• If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.___log.txt". Please copy and paste the contents of that file here.

McAfee never really was able to be added to my computer. I was originally paying for the older version of Verizon Security Suite. I got messages from Verizon stating that I needed to update my security suite, which I tried but I was unable to update to the new version of  the Security Suite. I was getting messages from my older version of Verizon that Verizon servicepoint did not exist and it would not let me download McAfee, I then contacted Verizon, which in turn took over my computer and could not get it to install and then transferred me up Sr. Support in McAfee and they couldn't and they said that I had a virus. I also lost sound on my computer.

Yes, DDS is on my desktop.

Here is the other log.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 5/11/2008 12:03:03 AM
System Uptime: 12/19/2010 11:46:17 AM (12 hours ago)

Motherboard: Dell Inc. |  | 0RY206
Processor: AMD Sempron(tm) Processor LE-1300 | Socket AM2  | 2310/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 129.112 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

3DVIA player 5.0
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player 11.5
AIM 6
AIM Toolbar 5.0
Amazon MP3 Downloader 1.0.3
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
Bonjour
Browser Address Error Redirector
Canon MP Navigator EX 1.0
Canon MP470 series
Canon MP470 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCScore
Coby Media Manager
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Critical Update for Windows Media Player 11 (KB959772)
Diner Dash Flo on the Go
Documentation & Support Launcher
EarthLink Setup Files
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Games, Music, & Photos Launcher
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IHA_MessageCenter
Internet Service Offers Launcher
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 17
Java(TM) 6 Update 7
kgcbase
Kodak EasyShare software
LiveUpdate 3.3 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Modem Diagnostic Tool
Move Media Player
Mozilla Firefox (3.6.13)
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
netbrdg
NetWaiting
Norton Security Scan
NVIDIA Drivers
OfotoXMI
Paparazzi
PIXMA Extended Survey Program
PowerDVD
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Registry Mechanic 9.0
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
RPS CRT
RPS Diagnostic Utility
RPS Firewall
RPS ParentalControl
RPS PopupBlocker
RPS SafeConnect
SearchAssist
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SHASTA
skin0001
SKINXSDK
staticcr
Symantec Endpoint Protection
TomTom HOME 2.7.5.2014
TomTom HOME Visual Studio Merge Modules
tooltips
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Broadband Toolbar
Verizon Download Manager
Verizon Help and Support Tool
Verizon Servicepoint 1.5.24
Viewpoint Media Player
VPRINTOL
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WIRELESS
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

12/19/2010 8:10:58 AM, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
12/19/2010 8:10:31 AM, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/18/2010 7:20:25 PM, error: atapi [9]  - The device, \Device\Ide\IdePort3, did not respond within the timeout period.
12/17/2010 6:45:12 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
12/15/2010 3:13:40 PM, error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
12/15/2010 3:13:40 PM, error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error:  An instance of the service is already running.
12/13/2010 8:51:27 PM, error: Service Control Manager [7022]  - The IHA_MessageCenter service hung on starting.
12/13/2010 8:50:05 PM, error: Service Control Manager [7001]  - The Verizon Internet Security Suite SafeConnectAgent service depends on the RadialpointSafeConnectDriver service which failed to start because of the following error:  The dependency service or group failed to start.
12/13/2010 8:50:05 PM, error: Service Control Manager [7001]  - The RadialpointSafeConnectFilter service depends on the RadialpointSafeConnectShim service which failed to start because of the following error:  The system cannot find the path specified.
12/13/2010 8:50:05 PM, error: Service Control Manager [7001]  - The RadialpointSafeConnectDriver service depends on the RadialpointSafeConnectFilter service which failed to start because of the following error:  The dependency service or group failed to start.
12/13/2010 8:50:05 PM, error: Service Control Manager [7000]  - The Verizon Internet Security Suite Firewall service failed to start due to the following error:  The system cannot find the file specified.
12/13/2010 8:50:05 PM, error: Service Control Manager [7000]  - The RadialpointSafeConnectShim service failed to start due to the following error:  The system cannot find the path specified.
12/13/2010 8:48:59 PM, error: Ftdisk [49]  - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
12/13/2010 8:48:59 PM, error: Ftdisk [45]  - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================

2010/12/20 16:11:52.0000    TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/20 16:11:52.0000    ================================================================================
2010/12/20 16:11:52.0000    SystemInfo:
2010/12/20 16:11:52.0000   
2010/12/20 16:11:52.0000    OS Version: 5.1.2600 ServicePack: 3.0
2010/12/20 16:11:52.0000    Product type: Workstation
2010/12/20 16:11:52.0000    ComputerName: YAKY
2010/12/20 16:11:52.0000    UserName: Danette Yakymac
2010/12/20 16:11:52.0000    Windows directory: C:\WINDOWS
2010/12/20 16:11:52.0000    System windows directory: C:\WINDOWS
2010/12/20 16:11:52.0000    Processor architecture: Intel x86
2010/12/20 16:11:52.0000    Number of processors: 1
2010/12/20 16:11:52.0000    Page size: 0x1000
2010/12/20 16:11:52.0000    Boot type: Normal boot
2010/12/20 16:11:52.0000    ================================================================================
2010/12/20 16:11:52.0121    Initialize success
2010/12/20 16:11:56.0086    ================================================================================
2010/12/20 16:11:56.0086    Scan started
2010/12/20 16:11:56.0086    Mode: Manual;
2010/12/20 16:11:56.0086    ================================================================================
2010/12/20 16:11:57.0178    abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/12/20 16:11:57.0248    ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/20 16:11:57.0308    ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/20 16:11:57.0358    adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/12/20 16:11:57.0488    aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/20 16:11:57.0568    AFD             (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/20 16:11:57.0599    agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/20 16:11:57.0639    agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/12/20 16:11:57.0679    Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/12/20 16:11:57.0719    aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/12/20 16:11:57.0759    aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/12/20 16:11:57.0799    AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/12/20 16:11:57.0829    alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/12/20 16:11:57.0869    amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/12/20 16:11:57.0909    amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/12/20 16:11:57.0949    asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/12/20 16:11:58.0009    asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/12/20 16:11:58.0069    asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/12/20 16:11:58.0149    ASCTRM          (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2010/12/20 16:11:58.0239    AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/20 16:11:58.0310    atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/20 16:11:58.0420    Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/20 16:11:58.0500    audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/20 16:11:58.0560    Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/20 16:11:58.0720    Camav           (a839289518d08655e2162f3ecf3ee485) C:\WINDOWS\system32\Drivers\Camav.sys
2010/12/20 16:11:58.0800    cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/12/20 16:11:58.0840    cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/20 16:11:58.0900    CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/20 16:11:58.0960    cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/12/20 16:11:59.0061    Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/20 16:11:59.0141    Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/20 16:11:59.0211    Cdrom           (3626e81de83f0e87afb77335f4896e37) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/20 16:11:59.0211    Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: 3626e81de83f0e87afb77335f4896e37, Fake md5: 1f4260cc5b42272d71f79e570a27a4fe
2010/12/20 16:11:59.0211    Cdrom - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/12/20 16:11:59.0331    CmdIde          (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/12/20 16:11:59.0401    COH_Mon         (a02dc932f3806d29b39ef3114ce00405) C:\WINDOWS\system32\Drivers\COH_Mon.sys
2010/12/20 16:11:59.0461    Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/12/20 16:11:59.0521    dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/12/20 16:11:59.0561    dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/12/20 16:11:59.0661    Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/20 16:11:59.0742    dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/20 16:11:59.0812    dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/20 16:11:59.0852    dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/20 16:11:59.0962    DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/20 16:12:00.0022    dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/12/20 16:12:00.0112    drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/20 16:12:00.0142    E100B           (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/12/20 16:12:00.0272    eeCtrl          (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/12/20 16:12:00.0302    EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/12/20 16:12:00.0453    Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/20 16:12:00.0533    Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/20 16:12:00.0613    Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/20 16:12:00.0643    Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/20 16:12:00.0693    FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/20 16:12:00.0763    Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/20 16:12:00.0883    Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/20 16:12:00.0953    GEARAspiWDM     (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/12/20 16:12:01.0013    Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/20 16:12:01.0074    HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/20 16:12:01.0114    HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/20 16:12:01.0204    hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/12/20 16:12:01.0254    HSFHWBS2        (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/12/20 16:12:01.0294    HSF_DP          (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/12/20 16:12:01.0384    HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/20 16:12:01.0444    i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/12/20 16:12:01.0484    i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/12/20 16:12:01.0524    i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/20 16:12:01.0584    Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/20 16:12:01.0664    ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/12/20 16:12:01.0825    IntcAzAudAddService (dbc702fbc70dc58d9122ce56eadbd659) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/12/20 16:12:01.0955    IntelIde        (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/20 16:12:01.0965    intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/20 16:12:01.0985    Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/20 16:12:02.0015    IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/20 16:12:02.0045    IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/20 16:12:02.0095    IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/20 16:12:02.0115    IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/20 16:12:02.0175    IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/20 16:12:02.0235    isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/20 16:12:02.0295    Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/20 16:12:02.0315    kbdhid          (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/20 16:12:02.0355    kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/20 16:12:02.0546    KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/20 16:12:02.0916    mdmxsdk         (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/12/20 16:12:02.0936    mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/20 16:12:02.0996    Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/20 16:12:03.0016    MODEMCSA        (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/12/20 16:12:03.0036    Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/20 16:12:03.0056    mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/20 16:12:03.0136    MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/20 16:12:03.0187    mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/12/20 16:12:03.0297    MREMP50         (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2010/12/20 16:12:03.0337    MRESP50         (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2010/12/20 16:12:03.0487    MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/20 16:12:03.0547    MRxSmb          (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/20 16:12:03.0607    Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/20 16:12:03.0647    MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/20 16:12:03.0687    MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/20 16:12:03.0727    MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/20 16:12:03.0767    mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/20 16:12:03.0827    MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/20 16:12:03.0908    Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/20 16:12:03.0978    NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/20 16:12:04.0168    NAVENG          (c8ef74e4d8105b1d02d58ea4734cf616) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101219.003\NAVENG.SYS
2010/12/20 16:12:04.0218    NAVEX15         (94b3164055d821a62944d9fe84036470) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101219.003\NAVEX15.SYS
2010/12/20 16:12:04.0358    NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/20 16:12:04.0418    NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/20 16:12:04.0498    NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/20 16:12:04.0569    Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/20 16:12:04.0599    NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/20 16:12:04.0669    NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/20 16:12:04.0739    NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/20 16:12:04.0809    NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/20 16:12:04.0869    Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/20 16:12:04.0949    Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/20 16:12:04.0999    Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/20 16:12:05.0219    nv              (cce4877e45f5300fffbb4a6bc5e7fda7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/20 16:12:05.0460    NVENETFD        (1492c7738f68625805f5f53c8bad24c6) C:\WINDOWS\system32\drivers\NVENETFD.sys
2010/12/20 16:12:05.0570    nvnetbus        (ae73e61f07ddc84255bece6b02f18390) C:\WINDOWS\system32\drivers\nvnetbus.sys
2010/12/20 16:12:05.0690    NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/20 16:12:05.0760    NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/20 16:12:05.0820    Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/20 16:12:05.0890    PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/20 16:12:05.0951    ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/20 16:12:06.0001    PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/20 16:12:06.0091    PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/20 16:12:06.0161    Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/20 16:12:06.0451    perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/12/20 16:12:06.0521    perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/12/20 16:12:06.0631    PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/20 16:12:06.0672    Processor       (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/20 16:12:06.0712    PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/20 16:12:06.0802    Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/20 16:12:06.0862    PxHelp20        (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/20 16:12:06.0952    ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/12/20 16:12:06.0992    Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/12/20 16:12:07.0052    ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/12/20 16:12:07.0112    ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/12/20 16:12:07.0172    ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/12/20 16:12:07.0353    RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/20 16:12:07.0463    Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/20 16:12:07.0523    RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/20 16:12:07.0573    Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/20 16:12:07.0673    Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/20 16:12:07.0713    RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/20 16:12:07.0773    rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/20 16:12:07.0853    RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/20 16:12:07.0933    redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/20 16:12:08.0023    RPPKT           (b7e136986bb3dac249a00e760281f0a9) C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys
2010/12/20 16:12:08.0074    RPSKT           (750d83c39d60964b6bc2b8a75ed7a165) C:\WINDOWS\system32\DRIVERS\rp_skt32.sys
2010/12/20 16:12:08.0164    Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/20 16:12:08.0234    serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/20 16:12:08.0314    Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/20 16:12:08.0384    Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/20 16:12:08.0464    sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/12/20 16:12:08.0524    SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/20 16:12:08.0594    Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/12/20 16:12:08.0714    SPBBCDrv        (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2010/12/20 16:12:08.0865    splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/20 16:12:08.0915    sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/20 16:12:08.0995    SRTSP           (5a293729e1f9fce3a2106d1f5dc5e98a) C:\WINDOWS\system32\Drivers\SRTSP.SYS
2010/12/20 16:12:09.0125    SRTSPL          (0ddb7fba32be09d8057063c0cee24137) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
2010/12/20 16:12:09.0175    SRTSPX          (a99719dfb61b61aa5026341bbb733c0a) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
2010/12/20 16:12:09.0255    Srv             (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/20 16:12:09.0335    streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/20 16:12:09.0405    swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/20 16:12:09.0446    swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/20 16:12:09.0496    symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/12/20 16:12:09.0546    symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/12/20 16:12:09.0636    SymEvent        (e42a34e6f5ca71a84d4c2de620aad13d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/12/20 16:12:09.0756    SYMREDRV        (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2010/12/20 16:12:09.0826    SYMTDI          (d46676bb414c7531bdffe637a33f5033) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2010/12/20 16:12:09.0886    sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/12/20 16:12:09.0926    sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/12/20 16:12:10.0016    sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/20 16:12:10.0086    SysPlant        (8adc033c77b2b006ea59beb2c8c6a38b) C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
2010/12/20 16:12:10.0167    Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/20 16:12:10.0227    TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/20 16:12:10.0287    TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/20 16:12:10.0367    Teefer2         (1d3c046a9106de97ddc8276958700bf4) C:\WINDOWS\system32\DRIVERS\teefer2.sys
2010/12/20 16:12:10.0407    TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/20 16:12:10.0477    TosIde          (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/12/20 16:12:10.0557    Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/20 16:12:10.0607    ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/12/20 16:12:10.0697    Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/20 16:12:10.0757    usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/20 16:12:10.0828    usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/20 16:12:10.0888    usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/20 16:12:10.0928    usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/20 16:12:10.0968    usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/12/20 16:12:10.0988    usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/20 16:12:11.0068    usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/20 16:12:11.0128    USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/20 16:12:11.0168    usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/20 16:12:11.0218    VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/20 16:12:11.0278    viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/12/20 16:12:11.0328    ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/12/20 16:12:11.0418    VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/20 16:12:11.0458    Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/20 16:12:11.0509    wanatw          (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/12/20 16:12:11.0619    wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/20 16:12:11.0699    winachsf        (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/12/20 16:12:11.0819    WPS             (d48d0b1b5fdc074373c624af3b573412) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2010/12/20 16:12:11.0879    WpsHelper       (ff983a25ae6f7d3f87f26bf51f02a201) C:\WINDOWS\system32\drivers\WpsHelper.sys
2010/12/20 16:12:11.0949    WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/20 16:12:12.0009    WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/20 16:12:12.0049    WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/20 16:12:12.0200    ================================================================================
2010/12/20 16:12:12.0200    Scan finished
2010/12/20 16:12:12.0200    ================================================================================
2010/12/20 16:12:12.0210    Detected object count: 1
2010/12/20 16:12:42.0393    Cdrom           (3626e81de83f0e87afb77335f4896e37) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/20 16:12:42.0393    Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: 3626e81de83f0e87afb77335f4896e37, Fake md5: 1f4260cc5b42272d71f79e570a27a4fe
2010/12/20 16:12:43.0905    Backup copy found, using it..
2010/12/20 16:12:43.0915    C:\WINDOWS\system32\DRIVERS\cdrom.sys - will be cured after reboot
2010/12/20 16:12:43.0915    Rootkit.Win32.TDSS.tdl3(Cdrom) - User select action: Cure
2010/12/20 16:12:47.0831    Deinitialize success

Let's run a scan with MBAM. Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

• If an update is found, the program will automatically update itself.
• Press the OK button to close that box and continue.
• If you encounter any problems while downloading the updates,

On the Scanner tab:

• Make sure the "Perform Quick Scan" option is selected.
• Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top.

• When the scan is finished, a message box will say "The scan completed successfully.

• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report along into your next reply and exit MBAM. Let me know how things are running.

Note:-- If MBAM encounters a file that is difficult to remove,
you may be asked to reboot your computer so it can proceed with the disinfection process.
Regardless if prompted to restart the computer or not, please do so immediately.
Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

-- MBAM may make changes to your registry as part of its disinfection routine.
If you're using other security programs that detect registry changes (like Spybot's Teatimer),
they may interfere with the fix or alert you after scanning with MBAM.
Please disable such programs until disinfection is complete or permit them to allow the changes.

**If you need to re-install MBAM but encounter issue in re-installing, try using the MBAM Cleanup Utility by downloading it from HERE

No Reply within 3 days will result in this topic being closed, and I will remove it from my subscriptions. If you require more time, please let me know.

Instructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log at the top of this board to start a new forum topic.

Are you still with me?

Yes, I am still with you. It's wasn't allowing me to downloading/updating of Malwarebytes. I was able to find another way to download it to work on my machine. However, when I tried to do an update it gave me the following error program error updating. I will need to see if I can manually get the update from another machine today.I had rebooted my machine as was told after the scan was over and did not have internet access until I restored two of the files with the tcip. I am still unable to update windows. Also still getting pop up windows/advertisements even though pop-up blocker is checked.

I ran a scan with what I had downloaded, it's listed below.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/22/2010 12:50:24 AM
mbam-log-2010-12-22 (00-50-24).txt

Scan type: Quick scan
Objects scanned: 180252
Time elapsed: 9 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9034A523-D068-4BE8-A284-9DF278BE776E} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034A523-D068-4BE8-A284-9DF278BE776E} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ASCWarning32.WarningBHO (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ASCWarning32.WarningBHO.1 (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\asc (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\amoenrcxsw.tmp (Trojan.FakeAlert) -> Value: amoenrcxsw.tmp -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (93.188.163.74,93.188.166.109) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B3B41B33-E5B1-4ACB-9114-73B62066E9BB}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.163.74,93.188.166.109) Good: () -> Quarantined and deleted successfully.

Folders Infected:
c:\program files\ASC 2.1 (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\jon yakymac\local settings\Temp\amoenrcxsw.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\prtprocs\w32x86\x931a93e7a.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\jon yakymac\local settings\Temp\0.4655082338628953.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\jon yakymac\local settings\Temp\0.47694074409888343.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\jon yakymac\local settings\temp\onxemrwsac.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\jon yakymac\local settings\Temp\Ggj.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\jon yakymac\local settings\Temp\Ggk.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\jon yakymac\local settings\temp\roaxsecmwn.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\jon yakymac\local settings\temp\searwmcnox.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\documents and settings\Logan\local settings\temporary internet files\Content.IE5\R6N771J4\omni[1].gif (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\jon yakymac\application data\microsoft\internet explorer\quick launch\antispycheck 2.1.lnk (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.

Skip the MBAM update for now. We'll use another tool and run MBAM later to see if you are able to update. It looks like you had quite a mess in there. Apparently, Symantec Endpoint wasn't doing such a good job.

Make sure all anti-spyware and anti-virus programs are disabled before you do this.

Download Combofix from any of the links below.  Before saving it, rename it to yakys.exe. You MUST rename it before saving it. Save it to your desktop.

Link 1
Link 2

Double click on your yakys.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt.

As a rule the security suites provided by ISP's are not so great. I usually suggest Microsoft Security Essentials with MBAM, however in your case, you have an anti-virus that is not easily removed, and requires some extra work in the registry. I think if I were you, I'd keep Symantec along with MBAM. See if you are able to update MBAM and run a new scan now. Please post the new log.

Yeah, and apparently neither did the Verizon Security Suite, because that is what I originally had on my machine and it didn't catch anything either. Do you have a recommendation on what would be a better anti-virus sofware?

Here is the text from the scan from the combofix:

ComboFix 10-12-22.01 - Danette Yakymac 12/22/2010  15:01:47.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1982.1381 [GMT -5:00]
Running from: c:\documents and settings\Danette Yakymac\Desktop\yakys.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Danette Yakymac\Application Data\completescan
c:\documents and settings\Danette Yakymac\Application Data\install
c:\documents and settings\Danette Yakymac\GoToAssistDownloadHelper.exe
c:\windows\system32\Oeminfo.ini
c:\windows\system32\system

.
(((((((((((((((((((((((((   Files Created from 2010-11-22 to 2010-12-22  )))))))))))))))))))))))))))))))
.

2010-12-22 05:38 . 2010-12-22 05:38    --------    d-----w-    c:\documents and settings\Danette Yakymac\Application Data\Malwarebytes
2010-12-22 05:38 . 2010-12-20 23:09    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-22 05:38 . 2010-12-20 23:08    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-12-19 02:49 . 2010-12-19 03:02    --------    d-----w-    c:\documents and settings\Danette Yakymac\Application Data\Coby Media Manager
2010-12-19 02:48 . 2010-12-19 02:48    --------    d-----w-    c:\program files\Coby
2010-12-19 02:41 . 2010-12-19 02:41    143360    ----a-w-    c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
2010-12-19 02:41 . 2010-12-19 02:41    143360    ----a-w-    c:\program files\Internet Explorer\PLUGINS\npqtplugin8.dll
2010-12-08 02:49 . 2010-12-08 02:49    --------    d-----w-    c:\documents and settings\Jon Yakymac\Application Data\2E7487EFB66652875A94AA1A785ADC23
2010-12-04 04:09 . 2010-12-04 04:09    --------    d-----w-    c:\documents and settings\Logan\Local Settings\Application Data\Symantec
2010-12-03 21:44 . 2010-09-11 03:32    167936    ----a-w-    c:\windows\system32\drivers\wpshelper.sys
2010-12-03 21:43 . 2010-08-06 00:11    99696    ----a-w-    c:\windows\system32\drivers\SysPlant.sys
2010-12-03 21:42 . 2010-12-03 21:42    60808    ----a-w-    c:\windows\system32\S32EVNT1.DLL
2010-12-03 21:42 . 2010-12-03 21:42    125488    ----a-w-    c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-03 21:42 . 2010-12-03 21:42    --------    d-----w-    c:\program files\Symantec
2010-11-27 05:09 . 2010-11-27 05:09    --------    d-----w-    c:\program files\TrendMicro
2010-11-26 02:07 . 2010-11-27 05:21    --------    d-----w-    c:\documents and settings\Danette Yakymac\Local Settings\Application Data\Deployment
2010-11-24 20:37 . 2010-11-24 20:37    --------    d-----w-    C:\mfe
2010-11-24 20:30 . 2010-11-24 20:30    --------    d-----w-    c:\program files\Citrix
2010-11-24 17:59 . 2010-11-24 17:59    --------    d-----w-    c:\documents and settings\Danette Yakymac\Local Settings\Application Data\Citrix

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 21:13 . 2004-08-04 02:59    62976    ----a-w-    c:\windows\system32\drivers\cdrom.sys
2010-10-23 06:03 . 2010-10-23 06:03    210    ----a-w-    c:\documents and settings\Jon Yakymac\Application Data\10126.bat
2010-09-30 00:57 . 2010-11-20 15:36    9836032    ----a-w-    c:\windows\VerizonDM.msi
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-07 8466432]
"nwiz"="nwiz.exe" [2008-04-07 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-07 81920]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16859648]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2010-09-29 206120]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-05-06 115560]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-5-10 282624]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter

R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 5:06 PM 98304]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [5/16/2010 10:28 PM 632792]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [9/29/2010 6:00 AM 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [9/29/2010 6:00 AM 185640]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/24/2010 9:41 AM 92008]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/17/2008 11:30 AM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/3/2010 4:43 PM 102448]
S2 RadialpointSafeConnectAgent;Verizon Internet Security Suite SafeConnectAgent;"c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe" RadialpointSafeConnectAgent --> c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/21/2010 7:27 AM 23888]
S3 Radialpoint Security Services;Verizon Internet Security Suite;"c:\program files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe" --> c:\program files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe [?]
S3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;\??\c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectDriver.sys --> c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectDriver.sys [?]
S3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;\??\c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectFilter.sys --> c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectFilter.sys [?]
S3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;\??\c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectShim.sys --> c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectShim.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-12-17 c:\windows\Tasks\Norton Security Scan for Danette Yakymac.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-16 04:51]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Danette Yakymac\Application Data\Mozilla\Firefox\Profiles\ox9b8iaf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
Notify-NavLogon - (no file)
SafeBoot-klmdb.sys
SafeBoot-Symantec Antvirus
AddRemove-RadialpointClientGateway_is1 - c:\program files\Verizon\VSP\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-22 15:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3295702947-2556381379-3834421881-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1232)
c:\windows\system32\l3codeca.acm
.
Completion time: 2010-12-22  15:07:16
ComboFix-quarantined-files.txt  2010-12-22 20:06

Pre-Run: 138,618,589,184 bytes free
Post-Run: 139,079,491,584 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 0A2DD57E4864B0CC0658719989AB47DA

Yes, I was able to update MBAM and here is the log from the new scan.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5381

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/22/2010 10:32:28 PM
mbam-log-2010-12-22 (22-32-28).txt

Scan type: Quick scan
Objects scanned: 175251
Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Great! Now let's take care of some vulnerabilities.

Please update your AdobeReader by opening the program and going to Help>Check for updates.

Reboot after you update AR.

Download and scan each user profile with CCleaner (a good utility to keep and use regularly.):

http://www.piriform.com/ccleaner/builds

** Select to download the SLIM version.

** Because CCleaner removes everything in temp folders, if you have anything saved in a temp folder, back it up or move it to a permanent folder prior to running CCleaner.

** We will be cleaning cookies as well. Make a note of any passwords, etc. that you want to save. If you do not want to delete cookies, simply uncheck that option.

1. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

2. Then select the items you wish to clean up. In the Windows Tab:

• Clean all entries in the "Internet Explorer" section.
• Clean all the entries in the "Windows Explorer" section
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose. In the Applications Tab:
• Clean all in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

3. Click the "Analyze" button. When the list of files comes up, click the "Run Cleaner" button.

4. A pop up box will appear advising this process will permanently delete files from your system.

5. Click "OK" and it will scan and clean your system.

6. Click "exit" when done. REBOOT.

Please follow these steps to remove older version Java components and update.

• Download the latest version of Java SE Runtime Environment (JRE) 6 Update 23  to your Desktop.
• You will  find it here: http://majorgeeks.com/download.php?det=4648
• Click the "Download" button. Make sure you do not by accident download any of the other programs advertised on that page.
• Do not install it yet.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each of the Java versions.
  Close Add/Remove.

• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version. NOTE: As always during installations, beware of any pre-checked option to install a toolbar. If you do not want it, UNcheck it.

Delete the downloaded installation file after completing the above procedure and reboot if not prompted to do so.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.

To disable the JQS service if you don't want to use it:

* Go to Start-->Control Panel-->Java-->Advanced-->Miscellaneous and uncheck the box for Java Quick Starter.

* Click Ok and reboot your computer.

Let me know how things are running after that. If everything is running well, we'll remove our tools and reset System Restore.

Ok I was able to do all of that and everything seems ok except for when before I started running the cleaner on my son's account on the computer. The following popped up:

Registry Mechanic is missing core application files:

C:\Program Files\Registry Mechanic\Data\map.dat

C:\Program Files\Registry Mechanic\Data\values.dat

C:\Program Files\Registry Mechanic\Data\keys.dat

Please re-install

I ran a scan with the Malware Bytes and came up with this log on his:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5381

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/23/2010 1:50:29 AM
mbam-log-2010-12-23 (01-50-29).txt

Scan type: Quick scan
Objects scanned: 174897
Time elapsed: 3 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034A523-D068-4BE8-A284-9DF278BE776E} (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)