[Resolved] Crypt.AQLW; no firewall

[LindaM]

part 3:
17:56:00.0567 4392   rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:56:00.0621 4392   rdbss - ok
17:56:00.0766 4392   RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:56:00.0807 4392   RDPCDD - ok
17:56:00.0936 4392   rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
17:56:01.0024 4392   rdpdr - ok
17:56:01.0101 4392   RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:56:01.0151 4392   RDPENCDD - ok
17:56:01.0327 4392   RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
17:56:01.0680 4392   RDPWD - ok
17:56:02.0110 4392   RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
17:56:02.0203 4392   RemoteAccess - ok
17:56:02.0841 4392   RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
17:56:02.0930 4392   RemoteRegistry - ok
17:56:03.0186 4392   rimmptsk        (7a6648b61661b1421ffab762e391e33f) C:\Windows\system32\DRIVERS\rimmptsk.sys
17:56:03.0266 4392   rimmptsk - ok
17:56:03.0334 4392   rimsptsk        (d0a35b7670aa3558eaab483f64446496) C:\Windows\system32\DRIVERS\rimsptsk.sys
17:56:03.0419 4392   rimsptsk - ok
17:56:03.0719 4392   rismxdp         (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
17:56:03.0795 4392   rismxdp - ok
17:56:03.0808 4392   rksample - ok
17:56:05.0084 4392   RoxMediaDB9     (ebcde8b48fadc6479d96a56d0a432160) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
17:56:05.0146 4392   RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - warning
17:56:05.0146 4392   RoxMediaDB9 - detected UnsignedFile.Multi.Generic (1)
17:56:05.0869 4392   RoxWatch9       (ab2b1de1c8f31efce2384b14b3dc4260) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
17:56:05.0953 4392   RoxWatch9 ( UnsignedFile.Multi.Generic ) - warning
17:56:05.0953 4392   RoxWatch9 - detected UnsignedFile.Multi.Generic (1)
17:56:06.0031 4392   RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
17:56:06.0106 4392   RpcLocator - ok
17:56:06.0264 4392   RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:56:06.0357 4392   RpcSs - ok
17:56:07.0361 4392   rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:56:07.0428 4392   rspndr - ok
17:56:07.0614 4392   s125obex        (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\rdpwd.dll
17:56:07.0631 4392   s125obex ( Backdoor.Multi.ZAccess.gen ) - infected
17:56:07.0631 4392   s125obex - detected Backdoor.Multi.ZAccess.gen (0)
17:56:07.0783 4392   SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:56:07.0799 4392   SamSs - ok
17:56:07.0852 4392   sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:56:07.0867 4392   sbp2port - ok
17:56:08.0183 4392   SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
17:56:08.0219 4392   SCardSvr - ok
17:56:08.0468 4392   Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
17:56:08.0622 4392   Schedule - ok
17:56:08.0734 4392   SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:56:08.0770 4392   SCPolicySvc - ok
17:56:09.0002 4392   sdbus           (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
17:56:09.0026 4392   sdbus - ok
17:56:09.0325 4392   SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
17:56:09.0344 4392   SDRSVC - ok
17:56:09.0374 4392   se2Eunic        (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\sptisrv.dll
17:56:09.0390 4392   se2Eunic ( Backdoor.Multi.ZAccess.gen ) - infected
17:56:09.0390 4392   se2Eunic - detected Backdoor.Multi.ZAccess.gen (0)
17:56:09.0880 4392   SeaPort         (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
17:56:09.0923 4392   SeaPort - ok
17:56:09.0973 4392   secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:56:10.0186 4392   secdrv - ok
17:56:10.0355 4392   seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
17:56:10.0419 4392   seclogon - ok
17:56:10.0536 4392   SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
17:56:10.0569 4392   SENS - ok
17:56:10.0574 4392   sentinel - ok
17:56:10.0728 4392   Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:56:10.0823 4392   Serenum - ok
17:56:10.0863 4392   Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:56:10.0925 4392   Serial - ok
17:56:11.0073 4392   sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:56:11.0148 4392   sermouse - ok
17:56:11.0253 4392   SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
17:56:11.0305 4392   SessionEnv - ok
17:56:11.0413 4392   sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
17:56:11.0447 4392   sffdisk - ok
17:56:11.0483 4392   sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
17:56:11.0545 4392   sffp_mmc - ok
17:56:11.0659 4392   sffp_sd         (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:56:11.0720 4392   sffp_sd - ok
17:56:11.0820 4392   sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:56:11.0887 4392   sfloppy - ok
17:56:12.0195 4392   SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
17:56:12.0308 4392   SharedAccess - ok
17:56:12.0444 4392   ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
17:56:12.0493 4392   ShellHWDetection - ok
17:56:12.0649 4392   sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
17:56:12.0664 4392   sisagp - ok
17:56:12.0805 4392   SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
17:56:12.0819 4392   SiSRaid2 - ok
17:56:12.0931 4392   SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
17:56:12.0946 4392   SiSRaid4 - ok
17:56:14.0537 4392   slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
17:56:15.0037 4392   slsvc - ok
17:56:15.0525 4392   SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
17:56:15.0571 4392   SLUINotify - ok
17:56:15.0854 4392   Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:56:15.0944 4392   Smb - ok
17:56:15.0961 4392   smwdm - ok
17:56:15.0972 4392   snac - ok
17:56:16.0083 4392   SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
17:56:16.0202 4392   SNMPTRAP - ok
17:56:16.0334 4392   spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:56:16.0348 4392   spldr - ok
17:56:16.0619 4392   Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
17:56:16.0676 4392   Spooler - ok
17:56:16.0964 4392   srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:56:17.0084 4392   srv - ok
17:56:17.0641 4392   srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:56:17.0742 4392   srv2 - ok
17:56:17.0807 4392   srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:56:17.0864 4392   srvnet - ok
17:56:17.0934 4392   SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
17:56:17.0979 4392   SSDPSRV - ok
17:56:17.0985 4392   sskbfd - ok
17:56:18.0543 4392   SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
17:56:18.0572 4392   SstpSvc - ok
17:56:18.0700 4392   StillCam        (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
17:56:18.0733 4392   StillCam - ok
17:56:18.0988 4392   stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
17:56:19.0061 4392   stisvc - ok
17:56:19.0506 4392   stllssvr        (51778fd315c9882f1cbd932743e62a72) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
17:56:19.0662 4392   stllssvr ( UnsignedFile.Multi.Generic ) - warning
17:56:19.0662 4392   stllssvr - detected UnsignedFile.Multi.Generic (1)
17:56:19.0746 4392   swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:56:19.0816 4392   swenum - ok
17:56:20.0666 4392   swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
17:56:20.0726 4392   swprv - ok
17:56:20.0836 4392   Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:56:20.0846 4392   Symc8xx - ok
17:56:20.0926 4392   Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:56:20.0936 4392   Sym_hi - ok
17:56:21.0026 4392   Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:56:21.0046 4392   Sym_u3 - ok
17:56:21.0046 4392   sysdown - ok
17:56:21.0246 4392   SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
17:56:21.0316 4392   SysMain - ok
17:56:21.0676 4392   TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
17:56:21.0746 4392   TabletInputService - ok
17:56:21.0746 4392   tandpl - ok
17:56:22.0146 4392   TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
17:56:22.0286 4392   TapiSrv - ok
17:56:22.0406 4392   TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
17:56:22.0504 4392   TBS - ok
17:56:23.0061 4392   Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
17:56:23.0187 4392   Tcpip - ok
17:56:23.0206 4392   Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
17:56:23.0283 4392   Tcpip6 - ok
17:56:23.0447 4392   tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
17:56:23.0476 4392   tcpipreg - ok
17:56:23.0601 4392   TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:56:23.0686 4392   TDPIPE - ok
17:56:23.0825 4392   TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:56:23.0926 4392   TDTCP - ok
17:56:24.0000 4392   tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:56:24.0030 4392   tdx - ok
17:56:24.0444 4392   TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:56:24.0470 4392   TermDD - ok
17:56:24.0572 4392   TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
17:56:24.0786 4392   TermService - ok
17:56:25.0013 4392   Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
17:56:25.0048 4392   Themes - ok
17:56:25.0434 4392   THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:56:25.0466 4392   THREADORDER - ok
17:56:25.0476 4392   tng-dtmg - ok
17:56:25.0879 4392   TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
17:56:25.0928 4392   TrkWks - ok
17:56:26.0079 4392   TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
17:56:26.0143 4392   TrustedInstaller - ok
17:56:26.0255 4392   tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:56:26.0321 4392   tssecsrv - ok
17:56:26.0407 4392   tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:56:26.0461 4392   tunmp - ok
17:56:26.0726 4392   tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
17:56:26.0808 4392   tunnel - ok
17:56:26.0946 4392   uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
17:56:26.0981 4392   uagp35 - ok
17:56:27.0172 4392   udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:56:27.0268 4392   udfs - ok
17:56:27.0443 4392   UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
17:56:27.0527 4392   UI0Detect - ok
17:56:27.0576 4392   uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
17:56:27.0591 4392   uliagpkx - ok
17:56:27.0653 4392   uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
17:56:27.0689 4392   uliahci - ok
17:56:27.0976 4392   UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:56:28.0020 4392   UlSata - ok
17:56:28.0084 4392   ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:56:28.0107 4392   ulsata2 - ok
17:56:28.0425 4392   umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:56:28.0470 4392   umbus - ok
17:56:28.0995 4392   upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
17:56:29.0099 4392   upnphost - ok
17:56:29.0374 4392   usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:56:29.0431 4392   usbccgp - ok
17:56:29.0621 4392   usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:56:29.0708 4392   usbcir - ok
17:56:29.0834 4392   usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:56:29.0873 4392   usbehci - ok
17:56:30.0006 4392   usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:56:30.0104 4392   usbhub - ok
17:56:30.0200 4392   usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
17:56:30.0283 4392   usbohci - ok
17:56:30.0470 4392   usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:56:30.0542 4392   usbprint - ok
17:56:30.0689 4392   usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
17:56:31.0205 4392   usbscan - ok
17:56:31.0260 4392   UsbserFilt      (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\ALABULK.dll
17:56:31.0261 4392   UsbserFilt ( Backdoor.Multi.ZAccess.gen ) - infected
17:56:31.0261 4392   UsbserFilt - detected Backdoor.Multi.ZAccess.gen (0)
17:56:31.0442 4392   USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:56:31.0466 4392   USBSTOR - ok
17:56:31.0835 4392   usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:56:31.0864 4392   usbuhci - ok
17:56:31.0955 4392   UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
17:56:31.0999 4392   UxSms - ok
17:56:32.0422 4392   vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
17:56:32.0662 4392   vds - ok
17:56:32.0828 4392   vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
17:56:32.0932 4392   vga - ok
17:56:33.0198 4392   VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:56:33.0272 4392   VgaSave - ok
17:56:33.0500 4392   viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
17:56:33.0517 4392   viaagp - ok
17:56:33.0542 4392   ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
17:56:33.0609 4392   ViaC7 - ok
17:56:33.0691 4392   viaide          (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
17:56:33.0716 4392   viaide - ok
17:56:33.0721 4392   vmauthdservice - ok
17:56:33.0964 4392   volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:56:33.0985 4392   volmgr - ok
17:56:34.0467 4392   volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:56:34.0507 4392   volmgrx - ok
17:56:34.0587 4392   volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:56:34.0626 4392   volsnap - ok
17:56:35.0005 4392   vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
17:56:35.0025 4392   vsmraid - ok
17:56:36.0187 4392   VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
17:56:36.0631 4392   VSS - ok
17:56:37.0161 4392   vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
17:56:37.0385 4392   vToolbarUpdater11.0.2 - ok
17:56:37.0970 4392   vvoice - ok
17:56:38.0014 4392   vwlogger - ok
17:56:39.0313 4392   W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
17:56:39.0471 4392   W32Time - ok
17:56:39.0486 4392   W8335XP - ok
17:56:39.0652 4392   WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:56:39.0705 4392   WacomPen - ok
17:56:39.0833 4392   Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:56:39.0931 4392   Wanarp - ok
17:56:39.0936 4392   Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:56:39.0970 4392   Wanarpv6 - ok
17:56:40.0540 4392   wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
17:56:40.0625 4392   wcncsvc - ok
17:56:40.0662 4392   WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
17:56:40.0700 4392   WcsPlugInService - ok
17:56:40.0736 4392   Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
17:56:40.0751 4392   Wd - ok
17:56:41.0092 4392   Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:56:41.0164 4392   Wdf01000 - ok
17:56:41.0279 4392   WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:56:41.0316 4392   WdiServiceHost - ok
17:56:41.0328 4392   WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:56:41.0364 4392   WdiSystemHost - ok
17:56:41.0578 4392   WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
17:56:41.0934 4392   WebClient - ok
17:56:42.0303 4392   Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
17:56:42.0360 4392   Wecsvc - ok
17:56:42.0615 4392   wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
17:56:42.0709 4392   wercplsupport - ok
17:56:42.0925 4392   WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
17:56:43.0003 4392   WerSvc - ok
17:56:43.0081 4392   winachsf        (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
17:56:43.0219 4392   winachsf - ok
17:56:43.0765 4392   WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
17:56:43.0800 4392   WinDefend - ok
17:56:43.0808 4392   WinHttpAutoProxySvc - ok
17:56:44.0198 4392   Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
17:56:44.0228 4392   Winmgmt - ok
17:56:44.0829 4392   WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
17:56:44.0945 4392   WinRM - ok
17:56:45.0065 4392   Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
17:56:45.0117 4392   Wlansvc - ok
17:56:45.0125 4392   wltrysvc - ok
17:56:45.0235 4392   WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:56:45.0287 4392   WmiAcpi - ok
17:56:46.0025 4392   wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
17:56:46.0052 4392   wmiApSrv - ok
17:56:46.0905 4392   WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:56:47.0132 4392   WMPNetworkSvc - ok
17:56:47.0409 4392   WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
17:56:47.0470 4392   WPCSvc - ok
17:56:47.0701 4392   WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
17:56:47.0738 4392   WPDBusEnum - ok
17:56:49.0096 4392   WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:56:49.0280 4392   WPFFontCache_v0400 - ok
17:56:49.0802 4392   ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:56:49.0889 4392   ws2ifsl - ok
17:56:50.0464 4392   wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
17:56:50.0526 4392   wscsvc - ok
17:56:50.0533 4392   WSearch - ok
17:56:54.0150 4392   wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
17:56:54.0617 4392   wuauserv - ok
17:56:55.0591 4392   WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:56:55.0672 4392   WUDFRd - ok
17:56:55.0753 4392   wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
17:56:55.0829 4392   wudfsvc - ok
17:56:55.0834 4392   XBCD - ok
17:56:55.0980 4392   zpaction        (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\netcfgsvr.dll
17:56:55.0982 4392   zpaction ( Backdoor.Multi.ZAccess.gen ) - infected
17:56:55.0982 4392   zpaction - detected Backdoor.Multi.ZAccess.gen (0)
17:56:56.0009 4392   zpcache - ok
17:56:56.0079 4392   MBR (0x1B8)     (e9f67288208d53ef770f82e186904857) \Device\Harddisk0\DR0
17:56:56.0134 4392   \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
17:56:56.0134 4392   \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
17:56:56.0463 4392   \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:56:56.0463 4392   \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:56:56.0471 4392   MBR (0x1B8)     (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR1
17:56:57.0479 4392   \Device\Harddisk1\DR1 - ok
17:56:57.0502 4392   Boot (0x1200)   (a67eeb4099c45467e49dd1162eafb6fc) \Device\Harddisk0\DR0\Partition0
17:56:57.0523 4392   \Device\Harddisk0\DR0\Partition0 - ok
17:56:57.0548 4392   Boot (0x1200)   (22d3e2e64385aad27cf9f2bbb01ad023) \Device\Harddisk0\DR0\Partition1
17:56:57.0598 4392   \Device\Harddisk0\DR0\Partition1 - ok
17:56:57.0604 4392   Boot (0x1200)   (454d969f9243882dfc3ffebf65f10ee5) \Device\Harddisk1\DR1\Partition0
17:56:57.0606 4392   \Device\Harddisk1\DR1\Partition0 - ok
17:56:57.0613 4392   ============================================================
17:56:57.0613 4392   Scan finished
17:56:57.0613 4392   ============================================================
17:56:57.0630 3712   Detected object count: 21
17:56:57.0630 3712   Actual detected object count: 21
17:58:38.0835 3712   FTSvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:58:38.0835 3712   FTSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:58:38.0840 3712   hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
17:58:38.0840 3712   hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:58:38.0841 3712   hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:58:38.0841 3712   hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:58:38.0845 3712   HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
17:58:38.0845 3712   HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:58:39.0190 3712   C:\Windows\system32\USB_RNDIS_XP.dll - copied to quarantine
17:58:39.0211 3712   HKLM\SYSTEM\ControlSet001\services\iaimfp3 - will be deleted on reboot
17:58:39.0237 3712   HKLM\SYSTEM\ControlSet003\services\iaimfp3 - will be deleted on reboot
17:58:39.0265 3712   C:\Windows\system32\USB_RNDIS_XP.dll - will be deleted on reboot
17:58:39.0265 3712   iaimfp3 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:58:39.0268 3712   IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:58:39.0269 3712   IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:58:39.0274 3712   McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
17:58:39.0274 3712   McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:58:39.0277 3712   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:58:39.0277 3712   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:58:39.0636 3712   C:\Windows\system32\DRIVERS\netbt.sys - copied to quarantine
17:58:39.0640 3712   C:\Windows\$NtUninstallKB65013$\355199198\@ - copied to quarantine
17:58:39.0641 3712   C:\Windows\$NtUninstallKB65013$\355199198\cfg.ini - copied to quarantine
17:58:39.0642 3712   C:\Windows\$NtUninstallKB65013$\355199198\Desktop.ini - copied to quarantine
17:58:39.0657 3712   C:\Windows\$NtUninstallKB65013$\355199198\L\qnbwvoto - copied to quarantine
17:58:39.0658 3712   C:\Windows\$NtUninstallKB65013$\355199198\oemid - copied to quarantine
17:58:39.0668 3712   C:\Windows\$NtUninstallKB65013$\355199198\U\00000001.@ - copied to quarantine
17:58:39.0728 3712   C:\Windows\$NtUninstallKB65013$\355199198\U\00000002.@ - copied to quarantine
17:58:39.0746 3712   C:\Windows\$NtUninstallKB65013$\355199198\U\00000004.@ - copied to quarantine
17:58:39.0776 3712   C:\Windows\$NtUninstallKB65013$\355199198\U\80000000.@ - copied to quarantine
17:58:39.0874 3712   C:\Windows\$NtUninstallKB65013$\355199198\U\80000004.@ - copied to quarantine
17:58:39.0901 3712   C:\Windows\$NtUninstallKB65013$\355199198\U\80000032.@ - copied to quarantine
17:58:39.0902 3712   C:\Windows\$NtUninstallKB65013$\355199198\version - copied to quarantine
17:58:39.0971 3712   Backup copy found, using it..
17:58:40.0022 3712   C:\Windows\system32\DRIVERS\netbt.sys - will be cured on reboot
17:59:00.0714 3712   C:\Windows\$NtUninstallKB65013$\2411681852 - will be deleted on reboot
17:59:00.0715 3712   C:\Windows\$NtUninstallKB65013$\355199198\@ - will be deleted on reboot
17:59:00.0716 3712   C:\Windows\$NtUninstallKB65013$\355199198\cfg.ini - will be deleted on reboot
17:59:00.0716 3712   C:\Windows\$NtUninstallKB65013$\355199198\Desktop.ini - will be deleted on reboot
17:59:00.0731 3712   C:\Windows\$NtUninstallKB65013$\355199198\oemid - will be deleted on reboot
17:59:00.0739 3712   C:\Windows\$NtUninstallKB65013$\355199198\U\00000001.@ - will be deleted on reboot
17:59:00.0739 3712   C:\Windows\$NtUninstallKB65013$\355199198\U\00000002.@ - will be deleted on reboot
17:59:00.0739 3712   C:\Windows\$NtUninstallKB65013$\355199198\U\00000004.@ - will be deleted on reboot
17:59:00.0740 3712   C:\Windows\$NtUninstallKB65013$\355199198\U\80000000.@ - will be deleted on reboot
17:59:00.0740 3712   C:\Windows\$NtUninstallKB65013$\355199198\U\80000004.@ - will be deleted on reboot
17:59:00.0740 3712   C:\Windows\$NtUninstallKB65013$\355199198\U\80000032.@ - will be deleted on reboot
17:59:00.0741 3712   C:\Windows\$NtUninstallKB65013$\355199198\version - will be deleted on reboot
17:59:00.0742 3712   netbt ( Virus.Win32.ZAccess.k ) - User select action: Cure
17:59:00.0742 3712   pfc ( UnsignedFile.Multi.Generic ) - skipped by user
17:59:00.0743 3712   pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:59:00.0749 3712   Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:59:00.0751 3712   Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:59:00.0752 3712   PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
17:59:00.0752 3712   PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:59:00.0759 3712   RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - skipped by user
17:59:00.0759 3712   RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:59:00.0759 3712   RoxWatch9 ( UnsignedFile.Multi.Generic ) - skipped by user
17:59:00.0760 3712   RoxWatch9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:59:00.0846 3712   C:\Windows\system32\rdpwd.dll - copied to quarantine
17:59:00.0886 3712   HKLM\SYSTEM\ControlSet001\services\s125obex - will be deleted on reboot
17:59:00.0887 3712   HKLM\SYSTEM\ControlSet003\services\s125obex - will be deleted on reboot
17:59:00.0895 3712   C:\Windows\system32\rdpwd.dll - will be deleted on reboot
17:59:00.0895 3712   s125obex ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:59:00.0975 3712   C:\Windows\system32\sptisrv.dll - copied to quarantine
17:59:00.0976 3712   HKLM\SYSTEM\ControlSet001\services\se2Eunic - will be deleted on reboot
17:59:00.0977 3712   HKLM\SYSTEM\ControlSet003\services\se2Eunic - will be deleted on reboot
17:59:00.0981 3712   C:\Windows\system32\sptisrv.dll - will be deleted on reboot
17:59:00.0981 3712   se2Eunic ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:59:00.0985 3712   stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
17:59:00.0985 3712   stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:59:01.0234 3712   C:\Windows\system32\ALABULK.dll - copied to quarantine
17:59:01.0234 3712   HKLM\SYSTEM\ControlSet001\services\UsbserFilt - will be deleted on reboot
17:59:01.0235 3712   HKLM\SYSTEM\ControlSet003\services\UsbserFilt - will be deleted on reboot
17:59:01.0241 3712   C:\Windows\system32\ALABULK.dll - will be deleted on reboot
17:59:01.0241 3712   UsbserFilt ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:59:01.0306 3712   C:\Windows\system32\netcfgsvr.dll - copied to quarantine
17:59:01.0307 3712   HKLM\SYSTEM\ControlSet001\services\zpaction - will be deleted on reboot
17:59:01.0308 3712   HKLM\SYSTEM\ControlSet003\services\zpaction - will be deleted on reboot
17:59:01.0314 3712   C:\Windows\system32\netcfgsvr.dll - will be deleted on reboot
17:59:01.0314 3712   zpaction ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:59:01.0504 3712   \Device\Harddisk0\DR0\# - copied to quarantine
17:59:01.0504 3712   \Device\Harddisk0\DR0 - copied to quarantine
17:59:02.0548 3712   \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
17:59:02.0558 3712   \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
17:59:02.0563 3712   \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
17:59:02.0568 3712   \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
17:59:02.0581 3712   \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
17:59:02.0725 3712   \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
17:59:02.0840 3712   \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
17:59:02.0891 3712   \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
17:59:02.0914 3712   \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
17:59:02.0917 3712   \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
17:59:02.0960 3712   \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
17:59:02.0995 3712   \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
17:59:03.0083 3712   \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
17:59:03.0084 3712   \Device\Harddisk0\DR0 - ok
17:59:03.0092 3712   \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
17:59:03.0093 3712   \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:59:03.0093 3712   \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
17:59:14.0630 1900   Deinitialize success

[Hoov]

How did the computer run after the reboot?

Please try running combofix now. Post the log if it does run. Let me know if it does not.

[LindaM]

ComboFix ran and here's the report:

ComboFix 12-04-24.05 - trish 04/27/2012  21:11:37.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3326.2696 [GMT -4:00]
Running from: c:\users\trish\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Brand Affinity Technologies
c:\program files\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.dll
c:\program files\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.InstallState
c:\program files\Brand Affinity Technologies\Fantapper Player\fantapper_imaxx20110715.crx
c:\program files\Brand Affinity Technologies\Fantapper Player\fantapper_imaxx20110715.xpi
c:\program files\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe
c:\program files\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.InstallState
c:\program files\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.dll
c:\program files\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.InstallState
c:\program files\Brand Affinity Technologies\Fantapper Player\FT_Enabled.ico
c:\program files\Brand Affinity Technologies\Fantapper Player\FT_Plugin_Installer.jpg
c:\program files\Brand Affinity Technologies\Fantapper Player\IEInstaller.dll
c:\program files\Brand Affinity Technologies\Fantapper Player\ieupdate.msi
c:\program files\Brand Affinity Technologies\Fantapper Player\OpenIE.dll
c:\program files\Brand Affinity Technologies\Fantapper Player\OpenIE.InstallState
c:\program files\Brand Affinity Technologies\Fantapper Player\update.msi
c:\windows\$NtUninstallKB65013$\355199198\L\qnbwvoto
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\btkrnl.dll
c:\windows\system32\commserver.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\foldersize.dll
c:\windows\system32\FreeTdi.dll
c:\windows\system32\icollectservice.dll
c:\windows\system32\lxdj_device.dll
c:\windows\system32\mwstick.dll
c:\windows\system32\oem18.inf
c:\windows\system32\se59bus.dll
c:\windows\system32\urttemp
c:\windows\system32\urttemp\regtlib.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_radiosvr
-------\Service_FTSvc
-------\Service_FTSvc
.
.
(((((((((((((((((((((((((   Files Created from 2012-03-28 to 2012-04-28  )))))))))))))))))))))))))))))))
.
.
2012-04-28 01:24 . 2012-04-28 01:32   --------   d-----w-   c:\users\trish\AppData\Local\temp
2012-04-28 01:24 . 2012-04-28 01:24   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-04-28 01:24 . 2012-04-28 01:24   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-04-27 21:58 . 2012-04-27 21:58   --------   d-----w-   C:\TDSSKiller_Quarantine
2012-04-25 23:21 . 2012-04-25 23:23   40776   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-25 23:08 . 2012-04-25 23:08   --------   d-----w-   c:\users\trish\AppData\Local\AVG Secure Search
2012-04-25 23:06 . 2012-04-25 23:07   --------   d-----w-   c:\programdata\AVG Secure Search
2012-04-25 23:05 . 2012-04-25 23:06   --------   d-----w-   c:\program files\Common Files\AVG Secure Search
2012-04-25 23:05 . 2012-04-25 23:07   --------   d-----w-   c:\program files\AVG Secure Search
2012-04-25 00:56 . 2012-04-25 00:56   --------   d-----w-   c:\users\trish\AppData\Local\Google
2012-04-25 00:55 . 2012-04-25 00:55   --------   d-----w-   c:\programdata\blekko toolbars
2012-04-25 00:55 . 2012-04-25 00:55   --------   d-----w-   c:\program files\blekkotb_soc
2012-04-24 00:51 . 2012-04-24 00:51   --------   d-----w-   c:\users\trish\AppData\Roaming\AVG2012
2012-04-23 23:26 . 2012-04-23 23:26   70304   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-23 23:26 . 2012-04-23 23:26   418464   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-04-19 23:59 . 2012-04-19 23:46   72192   ----a-w-   c:\windows\system32\drivers\tdx.sys
2012-04-19 21:43 . 2012-04-19 21:43   --------   d-----w-   c:\program files\Broadcom
2012-04-19 21:42 . 2007-12-08 18:33   987136   ----a-w-   c:\windows\system32\BCMLogon.dll
2012-04-19 21:38 . 2012-04-19 21:38   --------   d-----w-   c:\users\trish\AppData\Roaming\InstallShield
2012-04-19 21:11 . 2012-04-19 21:11   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\Apps
2012-04-19 21:07 . 2012-04-19 21:10   --------   d-----w-   c:\users\trish\AppData\Local\Deployment
2012-04-19 20:37 . 2012-04-19 20:37   --------   d-----w-   c:\program files\CCleaner
2012-04-18 01:10 . 2012-04-18 01:10   --------   d-----w-   c:\program files\MALWAREBYTES ANTI-MALWARE
2012-04-17 23:32 . 2012-02-28 01:03   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2012-04-17 23:32 . 2012-02-28 01:11   1127424   ----a-w-   c:\windows\system32\wininet.dll
2012-04-17 23:32 . 2012-02-28 01:13   678912   ----a-w-   c:\program files\Internet Explorer\iedvtool.dll
2012-04-17 21:57 . 2012-02-28 01:58   141112   ----a-w-   c:\program files\Internet Explorer\sqmapi.dll
2012-04-17 21:57 . 2012-02-28 01:18   1799168   ----a-w-   c:\windows\system32\jscript9.dll
2012-04-17 21:57 . 2012-02-28 01:08   194048   ----a-w-   c:\program files\Internet Explorer\IEShims.dll
2012-04-17 21:56 . 2012-02-28 01:11   1427456   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-04-16 22:30 . 2012-02-29 15:11   5120   ----a-w-   c:\windows\system32\wmi.dll
2012-04-16 22:30 . 2012-02-29 15:11   172032   ----a-w-   c:\windows\system32\wintrust.dll
2012-04-16 22:30 . 2012-02-29 15:09   157696   ----a-w-   c:\windows\system32\imagehlp.dll
2012-04-16 22:29 . 2012-02-29 13:32   12800   ----a-w-   c:\windows\system32\drivers\fs_rec.sys
2012-04-16 21:49 . 2012-04-16 21:49   --------   d-----w-   C:\5369dcd0e13be9bad7477e73
2012-04-15 13:20 . 2012-04-15 13:20   --------   d-----w-   C:\AVG2012
2012-04-15 13:20 . 2012-04-15 13:20   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\Nova Development
2012-04-15 13:19 . 2012-04-15 13:19   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\ArcSoft
2012-04-15 13:19 . 2012-04-15 13:19   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\MediaDirect
2012-04-15 03:11 . 2012-03-01 11:01   2409784   ----a-w-   c:\program files\Windows Mail\OESpamFilter.dat
2012-04-03 03:32 . 2012-04-03 03:33   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\Adobe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-27 22:00 . 2009-10-20 21:19   185856   ----a-w-   c:\windows\system32\drivers\netbt.sys
2012-04-04 19:56 . 2011-04-15 20:27   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}]
2012-03-14 19:42   85288   ----a-w-   c:\program files\blekkotb_soc\blekkotb_019X.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-04-25 23:05   2067328   ----a-w-   c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}"= "c:\program files\blekkotb_soc\blekkotb_019X.dll" [2012-03-14 85288]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-04-25 2067328]
.
[HKEY_CLASSES_ROOT\clsid\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-10-13 184320]
"EmbarqVALite_McciTrayApp"="c:\program files\EmbarqVALite\EMBARQHelpHelper.exe" [2007-06-05 988256]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"ReminderApp"="c:\program files\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe" [2009-08-14 144672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-04-25 1116544]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Event Planner Reminder 2009.lnk -  [N/A]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 253088]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
HPService   REG_MULTI_SZ      HPSLPSVC
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
zpcache
tandpl
W8335XP
dtsagntsvc
cdr4_2k
psdvdisk
sentinel
LwUsbHid
smwdm
rksample
Defrag32b
rampartsvc
imountsrv
meraksmtp
iaimfp3
dmserver
mcpromgr
tng-dtmg
zpaction
iPassP
CoolerXPDriver
apache
jukebox3
kbstuff
nm
carboniteservice
cisvc
UsbserFilt
lxcccustomerconnect
isamsmt
XBCD
s125obex
se2Eunic
sskbfd
NETw5x32
sysdown
db2jds
vwlogger
ss_mdm
ichaud
rasirda
vvoice
Cinemsup
snac
vmauthdservice
ESMCR
amsint
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 23:26]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3978C37F-2B3B-45A3-B892-564ADCF83083}: NameServer = 192.168.1.1,192.168.1.10
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{156ED6F5-38A0-43AC-98CC-40684021492C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{313A832A-AAF3-4880-A8D0-C42BEE319C02} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-SPMTray - c:\program files\PC Speed Maximizer\SPMTray.exe
HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
SafeBoot-19224244.sys
.
.
.
**************************************************************************
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.tdx]
"ImagePath"="\?"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1496)
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2012-04-27  21:40:22 - machine was rebooted
ComboFix-quarantined-files.txt  2012-04-28 01:40
.
Pre-Run: 57,998,135,296 bytes free
Post-Run: 58,420,748,288 bytes free
.
- - End Of File - - 2B59B6AF7C2B38291AE2C4C04CBC044D

[Hoov]

How is the computer running now?

[LindaM]

Hoov,

I'm actually posting from my friends computer.  No virus pop ups.  I do have the firewall back.  AVG has been reinstalled (haven't run a scan yet).  It's running much better than it was.  Just have a few little issues:

1) Windows will not update - 8 updates failed to install - windows error code 80096001.
2) The start up process is still a little slow.
3) Internet Explorer hangs up when loading.

LindaM

[Hoov]

That happens occasionally, problems occurring after recovering from any malware infection. Sometimes it is the fault of the malware having changed settings, sometimes the removal process has to remove system files because they are infected. We can go about fixing the errors now that windows is working.

I need you to reboot windows cleanly. To do that please go to the run command and type in msconfig . Once that starts, select selective startup, and then uncheck the load startup items. Now click on the services tab, and down near the bottom of the window, check the box that says Hide all Microsoft Services now go up and uncheck all the services still listed, make sure you scroll down the list if need to unselect all the non Microsoft services. Now click apply, then click OK and reboot the computer.

Now try and run windows update. Let me know how it goes. When windows update finishes, or fails, run msconfig and select normal startup then click apply then OK and reboot windows.

Let me know how it all went.

[LindaM]

Hi Hoov,

I did the startup changes and ran the windows update.  They failed to install again.  Same error message.
I did an AVG scan and no problems were found.  I will run a Malwarebytes scan and see how that is.

Linda

[Hoov]

I need you to go to the administration tools in Vista / Windows 7. They are in the Control Panel. Open the Admin tools, then open the event viewer. Over on the left hand side expand the window category and then click on  System. Then up at the top click on Action and then click on Save Events As, type in system as the file name,  make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Over on the left hand side and click on Application. Then up at the top click on Action and then click on Save Events As, type in application as the file name,  make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Zip them both up into a single zip file, post them back here in your next reply as attachments.

[LindaM]

I've tried to attach the zipped up file, but the server won't let me...says its to big to post..4,787kb...

[Hoov]

How did the Malwarebytes' Anti-Malware scan go?

I am sending you a PM on what to do with the logs.

[LindaM]

I haven't had the opportunity to run Malwarebytes yet....But I will and I'll post the results.
Linda

[LindaM]

Malwarebyes scan just finished.  16 infected files.  Here's the post:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.25.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
trish :: TRISH-PC [administrator]

4/28/2012 9:22:18 PM
mbam-log-2012-04-28 (21-22-18).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 341997
Time elapsed: 1 hour(s), 33 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\Interface\{66666666-6666-6666-6666-660066226658} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 14
C:\Qoobox\Quarantine\C\Windows\System32\btkrnl.dll.vir (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\System32\commserver.dll.vir (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\System32\foldersize.dll.vir (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\System32\FreeTdi.dll.vir (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\System32\icollectservice.dll.vir (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\System32\lxdj_device.dll.vir (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\System32\mwstick.dll.vir (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\System32\se59bus.dll.vir (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\27.04.2012_17.53.28\rtkt0000\zafs0000\tsk0002.dta (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\27.04.2012_17.53.28\zaea0000\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\27.04.2012_17.53.28\zaea0001\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\27.04.2012_17.53.28\zaea0002\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\27.04.2012_17.53.28\zaea0003\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\27.04.2012_17.53.28\zaea0004\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.

(end)

LindaM

[Hoov]

Actually the 14 files had been detected and removed by combofix and by TDSSKiller. You only had 2 more registry entries. But before I give you more instructions, I need to look at your event viewer logs. Did you get my private message?

[Hoov]

It appears there are a boatload of services that are not starting with windows. Please go to the run command and type in msconfig . Once that starts, select  normal startup then click apply then OK and reboot the computer. Let me know if you had to select normal startup. If you did not have to, you can just terminate msconfig, and let me know that as well.

[LindaM]

Hoov,

I went into the msconfig and normal startup was selected, and all the items in the services are checked but alot of them say stopped

LindaM