Ok. Here is the Kaspersky results and fresh DDS---------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, June 1, 2010
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, June 01, 2010 02:56:54
Records in database: 4194417
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
Scan statistics:
Objects scanned: 73701
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 01:39:41
File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\termdd.sys.vir Infected: Rootkit.Win32.TDSS.ap 1
Selected area has been scanned.
DDSDDS (Ver_10-03-17.01) - NTFSx86
Run by Andy at 17:56:39.14 on Tue 06/01/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.586 [GMT -7:00]
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Andy\Desktop\dds.scr
============== Pseudo HJT Report ===============
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} -
hxxp://go.microsoft.com/fwlink/?linkid=39204DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
hxxp://download.macromedia.com/pub/shoc ... wflash.cab================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\andy\applic~1\mozilla\firefox\profiles\fnsulyyz.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2006-11-26 15872]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-31 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-31 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-31 40384]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2006-11-26 74752]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-31 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-31 40384]
S3 RTL8192u;Realtek RTL8192U Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192u.sys [2010-5-24 439680]
S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\system32\drivers\tj2knd5.sys [2006-11-25 17616]
S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\system32\drivers\tj2kunic.sys [2006-11-25 69680]
=============== Created Last 30 ================
2010-06-01 05:01:54 0 d-----w- c:\windows\system32\CatRoot_bak
2010-06-01 05:00:17 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-06-01 05:00:17 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-06-01 04:53:31 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-06-01 04:53:31 0 d-----w- c:\windows\system32\PreInstall
2010-05-31 23:04:12 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-05-31 19:55:32 0 d-----w- c:\docume~1\andy\applic~1\Malwarebytes
2010-05-31 19:55:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-31 19:55:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-31 19:55:13 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-31 19:55:13 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-31 09:03:01 0 d-sha-r- C:\cmdcons
2010-05-31 08:59:55 98816 ----a-w- c:\windows\sed.exe
2010-05-31 08:59:55 77312 ----a-w- c:\windows\MBR.exe
2010-05-31 08:59:55 256512 ----a-w- c:\windows\PEV.exe
2010-05-31 08:59:55 161792 ----a-w- c:\windows\SWREG.exe
2010-05-27 06:17:42 0 d-----w- c:\program files\Trend Micro
2010-05-27 05:37:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-05-27 03:36:27 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-05-27 03:36:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-05-27 02:14:06 0 d-----w- c:\windows\system32\ReinstallBackups
2010-05-26 06:41:59 0 d-----w- c:\program files\AVG
2010-05-26 06:12:24 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-26 06:06:55 3284 ----a-w- c:\windows\system32\ANIWZCS{39A8FA5B-D7AE-4288-A4F4-CEEB59F9321A}
2010-05-26 06:06:43 143360 ----a-w- c:\windows\system32\ANIWConnService(2)(2).exe
2010-05-26 06:06:37 5 ----a-w- c:\windows\system32\ANIWZCSUSERNAME{39A8FA5B-D7AE-4288-A4F4-CEEB59F9321A}
2010-05-26 04:56:35 0 d-----w- c:\program files\Mozilla Firefox(2)
2010-05-26 04:51:00 0 d-s---w- c:\documents and settings\andy\UserData
2010-05-26 04:49:18 3284 ----a-w- c:\windows\system32\ANIWZCS{553FEE6C-F93B-4BCE-9EA8-B46CDCD824F3}
2010-05-26 04:48:05 5 ----a-w- c:\windows\system32\ANIWZCSUSERNAME{553FEE6C-F93B-4BCE-9EA8-B46CDCD824F3}
2010-05-25 16:26:19 7 ----a-w- c:\windows\system32\ANIWZCSUSERNAME
2010-05-24 17:49:07 3284 ----a-w- c:\windows\system32\ANIWZCS{6D27BB31-2114-4C59-A12F-9F046D965A3D}
2010-05-24 17:47:43 5 ----a-w- c:\windows\system32\ANIWZCSUSERNAME{6D27BB31-2114-4C59-A12F-9F046D965A3D}
2010-05-24 17:47:09 200704 ----a-w- c:\windows\system32\ssleay32.dll
2010-05-24 17:47:09 1089536 ----a-w- c:\windows\system32\libeay32.dll
2010-05-24 17:46:37 439680 ----a-w- c:\windows\system32\drivers\RTL8192u.sys
2010-05-24 17:46:37 0 d-----w- c:\program files\D-Link
==================== Find3M ====================
2010-06-01 05:22:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-03-27 06:48:45 368640 ----a-w- c:\windows\system32\ReWire.dll
2010-03-27 06:48:45 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2010-03-10 08:02:04 417792 ----a-w- c:\windows\system32\vbscript.dll
============= FINISH: 17:56:59.14 ===============