Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Search redirecting via marveloussearchsystem.com


  • This topic is locked This topic is locked
4 replies to this topic

#1 OldKidOnTheBlock

OldKidOnTheBlock

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 07 October 2011 - 11:30 AM

Hey there, first post --

I, too, am having the same problem with my computer at home. I'm running Windows XP with SP3.

Most of the searches I've done for this problem (on uninfected computers, obv) point to SpyNoMore, which I later found out was a rogue company that sells you solutions to computer problems they create. Also,I found some results indicating that this infection is tied to the ZeroAcccess Rootkit.

If a fix gets posted for this, I'd be eager to follow along with it. From what I've read, this is one of the nastier infections you can get.

Thanks,

OldKid

Pasting in reply with instructions from other topic. ~ OB

Hello and welcome.

Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please follow our Removal Guide here How to remove Google Redirects. You will move to the Automated Removal Instructions

If it finds something make sure Cure is selected
Next click Continue then Reboot now
A log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware


Please ask any needed questions,post logs and Let us know how the PC is running now.


Edited by Orange Blossom, 08 October 2011 - 11:34 AM.


BC AdBot (Login to Remove)

 


#2 OldKidOnTheBlock

OldKidOnTheBlock
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 07 October 2011 - 09:09 PM

Hey again, thank you for your quick response. In answer to your questions --

1) Yes, I'm on a router. Other devices do not exhibit redirect behavior. Only the PC that is wired directly to the modem.

2) I'm using Firefox 3.6.6

3) Here's the output from MiniToolBox:

MiniToolBox by Farbar
Ran by Administrator (administrator) on 07-10-2011 at 20:29:44
Microsoft Windows XP Service Pack 2 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "VMware Network Adapter VMnet8"

set address name="VMware Network Adapter VMnet8" source=static addr=192.168.175.1 mask=255.255.255.0
set dns name="VMware Network Adapter VMnet8" source=static addr=none register=PRIMARY
set wins name="VMware Network Adapter VMnet8" source=static addr=none

# Interface IP Configuration for "VMware Network Adapter VMnet1"

set address name="VMware Network Adapter VMnet1" source=static addr=192.168.129.1 mask=255.255.255.0
set dns name="VMware Network Adapter VMnet1" source=static addr=none register=PRIMARY
set wins name="VMware Network Adapter VMnet1" source=static addr=none

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : D9MTP071

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter VMware Network Adapter VMnet8:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8

Physical Address. . . . . . . . . : 00-50-56-C0-00-08

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.175.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled



Ethernet adapter VMware Network Adapter VMnet1:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1

Physical Address. . . . . . . . . : 00-50-56-C0-00-01

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.129.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-13-20-01-72-FC

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

NetBIOS over Tcpip. . . . . . . . : Disabled

Lease Obtained. . . . . . . . . . : October 7, 2011 8:23:15 PM

Lease Expires . . . . . . . . . . : January 18, 2038 11:14:07 PM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.226.84, 74.125.226.80, 74.125.226.82, 74.125.226.83
74.125.226.81



Pinging google.com [74.125.226.84] with 32 bytes of data:



Reply from 74.125.226.84: bytes=32 time=9ms TTL=56

Reply from 74.125.226.84: bytes=32 time=10ms TTL=56



Ping statistics for 74.125.226.84:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 9ms, Maximum = 10ms, Average = 9ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 209.191.122.70, 67.195.160.76, 72.30.2.43, 98.137.149.56
98.139.180.149



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=47ms TTL=53

Reply from 209.191.122.70: bytes=32 time=51ms TTL=53



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 47ms, Maximum = 51ms, Average = 49ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 50 56 c0 00 08 ...... VMware Virtual Ethernet Adapter for VMnet8
0x3 ...00 50 56 c0 00 01 ...... VMware Virtual Ethernet Adapter for VMnet1
0x4 ...00 13 20 01 72 fc ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.100 192.168.1.100 20
192.168.1.100 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.100 192.168.1.100 20
192.168.129.0 255.255.255.0 192.168.129.1 192.168.129.1 20
192.168.129.1 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.129.255 255.255.255.255 192.168.129.1 192.168.129.1 20
192.168.175.0 255.255.255.0 192.168.175.1 192.168.175.1 20
192.168.175.1 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.175.255 255.255.255.255 192.168.175.1 192.168.175.1 20
224.0.0.0 240.0.0.0 192.168.1.100 192.168.1.100 20
224.0.0.0 240.0.0.0 192.168.129.1 192.168.129.1 20
224.0.0.0 240.0.0.0 192.168.175.1 192.168.175.1 20
255.255.255.255 255.255.255.255 192.168.1.100 192.168.1.100 1
255.255.255.255 255.255.255.255 192.168.129.1 192.168.129.1 1
255.255.255.255 255.255.255.255 192.168.175.1 192.168.175.1 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Program Files\VMware\VMware Player\vsocklib.dll [330288] (VMware, Inc.)
Catalog9 07 C:\Program Files\VMware\VMware Player\vsocklib.dll [330288] (VMware, Inc.)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/07/2011 08:14:39 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8402.0, P4 0, P5 0, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (10/07/2011 06:07:10 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8402.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (10/06/2011 10:03:59 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.3156, faulting module mshtml.dll, version 6.0.2900.3698, fault address 0x000f622a.
Processing media-specific event for [explorer.exe!ws!]

Error: (10/05/2011 09:23:44 AM) (Source: Bonjour Service) (User: )
Description: 460: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (10/05/2011 09:23:44 AM) (Source: Bonjour Service) (User: )
Description: 444: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (10/05/2011 09:23:44 AM) (Source: Bonjour Service) (User: )
Description: 428: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (10/05/2011 09:23:44 AM) (Source: Bonjour Service) (User: )
Description: 212: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (10/05/2011 09:23:44 AM) (Source: Bonjour Service) (User: )
Description: 236: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (10/05/2011 09:23:44 AM) (Source: Bonjour Service) (User: )
Description: 216: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (10/01/2011 02:15:57 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 1.9.2.3828, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (10/07/2011 08:29:50 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (10/07/2011 08:29:46 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (10/07/2011 08:29:28 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (10/07/2011 08:25:33 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (10/07/2011 08:24:53 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
MpFilter

Error: (10/07/2011 08:24:19 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (10/07/2011 08:23:55 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/07/2011 05:56:40 PM) (Source: DCOM) (User: jennifer)
Description: The server {ABC01078-F197-4B0B-ADBC-CFE684B39C82} did not register with DCOM within the required timeout.

Error: (10/07/2011 05:56:10 PM) (Source: DCOM) (User: jennifer)
Description: DCOM got error "%gusvc" attempting to start the service gusvc with arguments ""
in order to run the server:
{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error: (10/07/2011 05:37:48 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service failed to start due to the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (10/07/2011 08:14:39 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0moaccapability3.0.8402.000unspecifiedunspecifiedNILNILNIL

Error: (10/07/2011 06:07:10 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x80070003moaccachereset3.0.8402.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (10/06/2011 10:03:59 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.3156mshtml.dll6.0.2900.3698000f622a

Error: (10/05/2011 09:23:44 AM) (Source: Bonjour Service)(User: )
Description: 460: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (10/05/2011 09:23:44 AM) (Source: Bonjour Service)(User: )
Description: 444: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (10/05/2011 09:23:44 AM) (Source: Bonjour Service)(User: )
Description: 428: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (10/05/2011 09:23:44 AM) (Source: Bonjour Service)(User: )
Description: 212: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (10/05/2011 09:23:44 AM) (Source: Bonjour Service)(User: )
Description: 236: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (10/05/2011 09:23:44 AM) (Source: Bonjour Service)(User: )
Description: 216: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (10/01/2011 02:15:57 PM) (Source: Application Hang)(User: )
Description: firefox.exe1.9.2.3828hungapp0.0.0.000000000


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 1.0.0)
7-Zip 4.30 beta
Ace DivX Player
ActivePerl 5.12.1 Build 1201 (Version: 5.12.1201)
Ad-Aware SE Personal (Version: 1.06)
Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)
Adobe Flash Player 10 Plugin (Version: 10.0.22.87)
Adobe Reader 7.0 (Version: 7.0.0)
Adobe Shockwave Player (Version: 10.2.0.23)
AIO_Scan (Version: 82.0.203.000)
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.3.3.0)
ATI Control Panel (Version: 6.14.10.5120)
Audacity 1.2.6
AVG 2011 (Version: 10.0.1516)
Azureus (Version: 2.5.0.0)
Baldur's Gate
BlackBerry Desktop Software 4.5 (Version: 4.5.0.15)
BlackBerry Device Software Updater (Version: 5.0.1.52)
BlackBerry Device Software v4.5.0 for the BlackBerry 8330 smartphone (Version: 4.5.0.186 (Platform 3.4.0.59))
BlitzIn 2.5
Bonjour (Version: 3.0.0.2)
BookMark Master v3.13
BufferChm (Version: 82.0.173.000)
Business Plan Pro 2005 (Version: 8.02.0009)
C4200 (Version: 82.0.203.000)
c4200_Help (Version: 82.0.203.000)
calibre (Version: 0.8.6)
Civilization III
Compatibility Pack for the 2007 Office system (Version: 12.0.6021.5000)
Copy (Version: 82.0.188.000)
CustomerResearchQFolder (Version: 1.00.0000)
Dell Digital Jukebox Driver
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Media Experience (Version: 3.0)
Dell Media Experience Update
Dell System Restore (Version: 2.00.0000)
DellSupport (Version: 6.0.3062)
Destinations (Version: 82.0.173.000)
Dev-C++ 5 beta 9 release (4.9.9.2)
DeviceManagementQFolder (Version: 1.00.0000)
DivX Codec 3.1alpha release
DivX Web Player (Version: 1.4.0)
DivxToDVD 0.5.2 (Version: 0.5.2)
DocProc (Version: 8.1.0.0)
DocProcQFolder (Version: 1.00.0000)
DoulosSIL 4.106
Dragon NaturallySpeaking 8 (Version: 8.00.000.085)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Empty Temp Folders 2.8.3
eSupportQFolder (Version: 1.00.0000)
Evrsoft First Page 2006
Fallout
Fantom CD (Version: 1.2.1.1810)
FileZilla Client 3.2.1 (Version: 3.2.1)
FinalBurner Free v1.30.0.127
Foxit PDF Editor
Foxit Reader 5.0 (Version: 5.0.2.718)
Free FLV to AVI Converter V1.5 (Version: 1.5)
FTP Surfer (Version: 1.00.0700)
Google Talk (remove only)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.1.2003.1856)
Google Update Helper (Version: 1.3.21.69)
GraphCalc v4.0.1
HP Customer Participation Program 8.0 (Version: 8.0)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP OCR Software 8.0 (Version: 8.0)
HP Photosmart All-In-One Software 8.0 (Version: 8.0)
HP Photosmart Essential (Version: 1.12.0.46)
HP Smart Web Printing 1.0 (Version: 1.5.48)
HP Solution Center 8.0 (Version: 8.0)
HP Update (Version: 4.000.005.006)
HPProductAssistant (Version: 82.0.173.000)
HPSSupply (Version: 2.1.3.0000)
HTML-Kit (Version: 1.0)
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections (Version: 8.00.5000)
IrfanView (remove only)
iriver Music Manager (Version: 2.00.000)
iTunes (Version: 10.4.0.80)
Jasc Paint Shop Photo Album (Version: 4.0.3)
Jasc Paint Shop Pro 8 Dell Edition (Version: 8.10.0000)
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 20 (Version: 6.0.200)
Karaoke Manager (Version: 1.21.0)
LAME v3.98.2 for Audacity
Learn2 Player (Uninstall Only)
Lemmings for Windows 95
Lernout & Hauspie TruVoice American English TTS Engine
LiveUpdate 3.0 (Symantec Corporation) (Version: 3.0.0.166)
Macromedia Dreamweaver 8 (Version: 8.0.0.2734)
Macromedia Extension Manager (Version: 1.7.240)
Macromedia FreeHand MXa (Version: 11.0.2)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
MarketResearch (Version: 82.0.174.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 (Version: 2.0.50727)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office PowerPoint Viewer 2003 (Version: 11.0.6458.0)
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Morpheus 5.0 (remove only)
Mozilla Firefox (3.6.6) (Version: 3.6.6 (en-US))
MP3MyMP3 3.0
MSN
MSN Messenger 7.0 (Version: 7.0.0777)
MSVC80_x86 (Version: 1.0.1.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Musicmatch® Jukebox (Version: 10.00.3030)
Network Play System (Patching)
Palo Alto Software's Application Manager 8.1 (Version: 8.12.0009)
PC Connectivity Solution (Version: 8.47.7.0)
Photo Click (Version: 1.0.0)
Picasa 3 (Version: 3.6)
PlayStation®Network Downloader (Version: 2.03.00126)
PlayStation®Store (Version: 3.2.11.09227)
PowerDVD 5.3
PS_AIO_ProductContext (Version: 82.0.203.000)
PS_AIO_Software (Version: 82.0.203.000)
PS_AIO_Software_min (Version: 82.0.203.000)
PS3 Media Server (Version: 1.25.1)
Qianhong 3.5.1 (Version: 3.5.1)
QuickTime (Version: 7.69.80.9)
RealPlayer
Reasonable NoClone 2011 Home (Version: 5.0.47)
Roxio Media Manager (Version: 9.4.023)
SAMSUNG SYMBIAN USB Download Driver (Version: 1.1.808.7165)
SamsungConnectivityCableDriver (Version: 6.83.6.2.1)
Scan (Version: 8.1.0.0)
SolutionCenter (Version: 82.0.188.000)
Speakonia (Version: 1.0.3.5)
Starfleet Command - Gold Edition
Status (Version: 82.0.173.000)
Taxman 2007 Version 1.2 (Version: 1.2)
The Sims Superstar
Toolbox (Version: 82.0.173.000)
Total Annihilation
TrayApp (Version: 82.0.188.000)
UnloadSupport (Version: 1.00.0000)
VideoLAN VLC media player 0.8.6a (Version: 0.8.6a)
Viewpoint Media Player
VMware Player (Version: 2.5.1.5078)
VSO CopyToDVD 3 (Version: 3.0.63)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 82.0.173.000)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.5.0526.0)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.5.0530.0)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer 3.1 (KB893803) (Version: 3.1)
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 (Version: 9.00.3636)
Windows XP Hotfix - KB834707 (Version: 20040929.110854)
Windows XP Hotfix - KB873333 (Version: 20050114.005213)
Windows XP Hotfix - KB873339 (Version: 20041117.092459)
Windows XP Hotfix - KB885250 (Version: 20050118.202711)
Windows XP Hotfix - KB885835 (Version: 20041027.181713)
Windows XP Hotfix - KB885836 (Version: 20041028.173203)
Windows XP Hotfix - KB886185 (Version: 20041021.090540)
Windows XP Hotfix - KB887472 (Version: 20041014.162858)
Windows XP Hotfix - KB887742 (Version: 20041103.095002)
Windows XP Hotfix - KB888113 (Version: 20041116.131036)
Windows XP Hotfix - KB888302 (Version: 20041207.111426)
Windows XP Hotfix - KB888310 (Version: 20041027.095746)
Windows XP Hotfix - KB890175 (Version: 20041201.233338)
Windows XP Hotfix - KB890859 (Version: 1)
Windows XP Hotfix - KB890923 (Version: 1)
Windows XP Hotfix - KB891781 (Version: 20050110.165439)
Windows XP Hotfix - KB893066 (Version: 1)
Windows XP Hotfix - KB893086 (Version: 1)
WordPerfect Office 12 (Version: 12.0.0.238)
XviD MPEG-4 Video Codec (Version: XviD-1.0.3-20122004)

========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 510.07 MB
Available physical RAM: 294.28 MB
Total Pagefile: 1247.27 MB
Available Pagefile: 1006.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 2004.19 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:145.94 GB) (Free:32.92 GB) NTFS

========================= Users: ========================================

User accounts for \\D9MTP071

__vmware_user__ Administrator Guest
HelpAssistant jennifer SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

**** End of log ****
4) I downloaded TDSS Killer -- it finds one threat: Rootkit.Win32.ZAccess.h for the service NetBT -- I choose cure and select continue, and then it says 'All threats neutralized' - but on rescan it reveals the same threat.
Here's the log:

20:42:16.0406 1800 TDSS rootkit removing tool 2.6.6.0 Oct 7 2011 12:45:24
20:42:16.0656 1800 ============================================================
20:42:16.0656 1800 Current date / time: 2011/10/07 20:42:16.0656
20:42:16.0656 1800 SystemInfo:
20:42:16.0656 1800
20:42:16.0656 1800 OS Version: 5.1.2600 ServicePack: 2.0
20:42:16.0656 1800 Product type: Workstation
20:42:16.0656 1800 ComputerName: D9MTP071
20:42:16.0656 1800 UserName: Administrator
20:42:16.0656 1800 Windows directory: C:\WINDOWS
20:42:16.0656 1800 System windows directory: C:\WINDOWS
20:42:16.0656 1800 Processor architecture: Intel x86
20:42:16.0656 1800 Number of processors: 2
20:42:16.0656 1800 Page size: 0x1000
20:42:16.0656 1800 Boot type: Safe boot with network
20:42:16.0656 1800 ============================================================
20:42:20.0171 1800 Initialize success
20:42:21.0812 1028 ============================================================
20:42:21.0812 1028 Scan started
20:42:21.0812 1028 Mode: Manual;
20:42:21.0812 1028 ============================================================
20:42:24.0000 1028 Abiosdsk - ok
20:42:24.0078 1028 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:42:24.0078 1028 abp480n5 - ok
20:42:24.0093 1028 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:42:24.0093 1028 ACPI - ok
20:42:24.0156 1028 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:42:24.0171 1028 ACPIEC - ok
20:42:24.0203 1028 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:42:24.0203 1028 adpu160m - ok
20:42:24.0250 1028 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
20:42:24.0250 1028 aeaudio - ok
20:42:24.0328 1028 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
20:42:24.0328 1028 aec - ok
20:42:24.0390 1028 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
20:42:24.0390 1028 AFD - ok
20:42:24.0406 1028 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
20:42:24.0406 1028 agp440 - ok
20:42:24.0437 1028 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:42:24.0437 1028 agpCPQ - ok
20:42:24.0468 1028 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:42:24.0468 1028 Aha154x - ok
20:42:24.0500 1028 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:42:24.0500 1028 aic78u2 - ok
20:42:24.0515 1028 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:42:24.0531 1028 aic78xx - ok
20:42:24.0578 1028 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
20:42:24.0578 1028 AliIde - ok
20:42:24.0609 1028 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:42:24.0609 1028 alim1541 - ok
20:42:24.0640 1028 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:42:24.0640 1028 amdagp - ok
20:42:24.0656 1028 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
20:42:24.0656 1028 amsint - ok
20:42:24.0734 1028 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
20:42:24.0734 1028 asc - ok
20:42:24.0750 1028 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:42:24.0750 1028 asc3350p - ok
20:42:24.0781 1028 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:42:24.0781 1028 asc3550 - ok
20:42:24.0859 1028 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:42:24.0859 1028 AsyncMac - ok
20:42:24.0875 1028 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:42:24.0875 1028 atapi - ok
20:42:24.0906 1028 Atdisk - ok
20:42:24.0968 1028 ati2mtag (f0d0b0cdec0be32d775f404cac2604bf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:42:25.0000 1028 ati2mtag - ok
20:42:25.0109 1028 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:42:25.0109 1028 Atmarpc - ok
20:42:25.0171 1028 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:42:25.0171 1028 audstub - ok
20:42:25.0234 1028 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:42:25.0234 1028 Beep - ok
20:42:25.0296 1028 Bridge (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
20:42:25.0296 1028 Bridge - ok
20:42:25.0328 1028 BridgeMP (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
20:42:25.0328 1028 BridgeMP - ok
20:42:25.0359 1028 catchme - ok
20:42:25.0390 1028 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:42:25.0390 1028 cbidf - ok
20:42:25.0421 1028 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:42:25.0421 1028 cbidf2k - ok
20:42:25.0453 1028 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:42:25.0453 1028 cd20xrnt - ok
20:42:25.0484 1028 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:42:25.0500 1028 Cdaudio - ok
20:42:25.0515 1028 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
20:42:25.0515 1028 Cdfs - ok
20:42:25.0562 1028 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:42:25.0562 1028 Cdrom - ok
20:42:25.0578 1028 Changer - ok
20:42:25.0640 1028 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:42:25.0640 1028 CmdIde - ok
20:42:25.0734 1028 Copystar (69759e553a8a8eca70e0c18d7424df60) C:\WINDOWS\system32\DRIVERS\copystar.sys
20:42:25.0734 1028 Copystar - ok
20:42:25.0765 1028 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:42:25.0765 1028 Cpqarray - ok
20:42:25.0828 1028 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:42:25.0828 1028 dac2w2k - ok
20:42:25.0843 1028 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:42:25.0859 1028 dac960nt - ok
20:42:25.0906 1028 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
20:42:25.0906 1028 Disk - ok
20:42:26.0000 1028 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
20:42:26.0031 1028 dmboot - ok
20:42:26.0109 1028 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
20:42:26.0125 1028 dmio - ok
20:42:26.0203 1028 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:42:26.0203 1028 dmload - ok
20:42:26.0250 1028 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
20:42:26.0250 1028 DMusic - ok
20:42:26.0281 1028 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:42:26.0296 1028 dpti2o - ok
20:42:26.0343 1028 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
20:42:26.0343 1028 drmkaud - ok
20:42:26.0593 1028 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
20:42:26.0593 1028 DSproct - ok
20:42:26.0656 1028 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
20:42:26.0656 1028 dsunidrv - ok
20:42:26.0687 1028 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:42:26.0687 1028 E100B - ok
20:42:26.0765 1028 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
20:42:26.0765 1028 Fastfat - ok
20:42:26.0812 1028 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:42:26.0828 1028 Fdc - ok
20:42:26.0859 1028 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
20:42:26.0859 1028 Fips - ok
20:42:26.0890 1028 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:42:26.0890 1028 Flpydisk - ok
20:42:26.0921 1028 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:42:26.0921 1028 FltMgr - ok
20:42:26.0968 1028 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:42:26.0968 1028 Fs_Rec - ok
20:42:27.0031 1028 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:42:27.0031 1028 Ftdisk - ok
20:42:27.0093 1028 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:42:27.0093 1028 GEARAspiWDM - ok
20:42:27.0140 1028 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:42:27.0140 1028 Gpc - ok
20:42:27.0218 1028 hcmon (dffc465c0a31dd2a86c4dd0a552aded8) C:\WINDOWS\system32\drivers\hcmon.sys
20:42:27.0218 1028 hcmon - ok
20:42:27.0312 1028 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:42:27.0312 1028 HidUsb - ok
20:42:27.0328 1028 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
20:42:27.0328 1028 hpn - ok
20:42:27.0421 1028 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:42:27.0421 1028 HPZid412 - ok
20:42:27.0453 1028 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:42:27.0453 1028 HPZipr12 - ok
20:42:27.0515 1028 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:42:27.0515 1028 HPZius12 - ok
20:42:27.0578 1028 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
20:42:27.0593 1028 HTTP - ok
20:42:27.0609 1028 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
20:42:27.0625 1028 i2omgmt - ok
20:42:27.0640 1028 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:42:27.0640 1028 i2omp - ok
20:42:27.0687 1028 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:42:27.0687 1028 i8042prt - ok
20:42:27.0734 1028 IFP700 (7d19431e613a70262e5586fa76bb29f0) C:\WINDOWS\system32\drivers\ifp700.sys
20:42:27.0734 1028 IFP700 - ok
20:42:27.0765 1028 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:42:27.0781 1028 Imapi - ok
20:42:27.0828 1028 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:42:27.0828 1028 ini910u - ok
20:42:27.0859 1028 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:42:27.0859 1028 IntelIde - ok
20:42:27.0921 1028 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:42:27.0921 1028 intelppm - ok
20:42:27.0953 1028 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:42:27.0953 1028 Ip6Fw - ok
20:42:28.0015 1028 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:42:28.0015 1028 IpFilterDriver - ok
20:42:28.0109 1028 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:42:28.0109 1028 IpInIp - ok
20:42:28.0203 1028 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:42:28.0218 1028 IpNat - ok
20:42:28.0250 1028 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:42:28.0250 1028 IPSec - ok
20:42:28.0281 1028 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:42:28.0281 1028 IRENUM - ok
20:42:28.0312 1028 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:42:28.0312 1028 isapnp - ok
20:42:28.0375 1028 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:42:28.0375 1028 Kbdclass - ok
20:42:28.0421 1028 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:42:28.0421 1028 kbdhid - ok
20:42:28.0468 1028 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
20:42:28.0484 1028 kmixer - ok
20:42:28.0515 1028 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
20:42:28.0515 1028 KSecDD - ok
20:42:28.0578 1028 lbrtfdc - ok
20:42:28.0703 1028 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
20:42:28.0703 1028 MBAMProtector - ok
20:42:28.0750 1028 MBAMSwissArmy - ok
20:42:28.0828 1028 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:42:28.0828 1028 mnmdd - ok
20:42:28.0890 1028 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
20:42:28.0890 1028 Modem - ok
20:42:28.0906 1028 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:42:28.0906 1028 Mouclass - ok
20:42:28.0937 1028 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:42:28.0937 1028 mouhid - ok
20:42:28.0968 1028 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
20:42:28.0968 1028 MountMgr - ok
20:42:29.0015 1028 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
20:42:29.0031 1028 MpFilter - ok
20:42:29.0187 1028 MpKsl0f9845cc (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1D57B61-C50D-4A2E-BF68-C223387BC74B}\MpKsl0f9845cc.sys
20:42:29.0187 1028 MpKsl0f9845cc - ok
20:42:29.0203 1028 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:42:29.0203 1028 mraid35x - ok
20:42:29.0265 1028 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:42:29.0265 1028 MRxDAV - ok
20:42:29.0312 1028 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:42:29.0328 1028 MRxSmb - ok
20:42:29.0359 1028 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
20:42:29.0359 1028 Msfs - ok
20:42:29.0406 1028 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:42:29.0406 1028 MSKSSRV - ok
20:42:29.0437 1028 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:42:29.0437 1028 MSPCLOCK - ok
20:42:29.0468 1028 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
20:42:29.0468 1028 MSPQM - ok
20:42:29.0500 1028 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:42:29.0500 1028 mssmbios - ok
20:42:29.0515 1028 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
20:42:29.0515 1028 Mup - ok
20:42:29.0546 1028 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
20:42:29.0562 1028 NDIS - ok
20:42:29.0578 1028 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:42:29.0578 1028 NdisTapi - ok
20:42:29.0609 1028 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:42:29.0609 1028 Ndisuio - ok
20:42:29.0640 1028 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:42:29.0640 1028 NdisWan - ok
20:42:29.0656 1028 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
20:42:29.0656 1028 NDProxy - ok
20:42:29.0703 1028 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:42:29.0703 1028 NetBIOS - ok
20:42:29.0734 1028 NetBT (baad9b0f993ca369c8bc5bd3bb97a092) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:42:29.0734 1028 NetBT ( Rootkit.Win32.ZAccess.h ) - infected
20:42:29.0734 1028 NetBT - detected Rootkit.Win32.ZAccess.h (0)
20:42:29.0859 1028 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
20:42:29.0859 1028 Npfs - ok
20:42:29.0937 1028 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
20:42:29.0984 1028 Ntfs - ok
20:42:30.0093 1028 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:42:30.0093 1028 Null - ok
20:42:30.0187 1028 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:42:30.0234 1028 nv - ok
20:42:30.0296 1028 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:42:30.0296 1028 NwlnkFlt - ok
20:42:30.0312 1028 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:42:30.0312 1028 NwlnkFwd - ok
20:42:30.0390 1028 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
20:42:30.0390 1028 omci - ok
20:42:30.0437 1028 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
20:42:30.0437 1028 Parport - ok
20:42:30.0484 1028 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
20:42:30.0484 1028 PartMgr - ok
20:42:30.0531 1028 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:42:30.0531 1028 ParVdm - ok
20:42:30.0578 1028 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
20:42:30.0578 1028 pccsmcfd - ok
20:42:30.0609 1028 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
20:42:30.0625 1028 PCI - ok
20:42:30.0640 1028 PCIDump - ok
20:42:30.0671 1028 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:42:30.0671 1028 PCIIde - ok
20:42:30.0718 1028 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:42:30.0718 1028 Pcmcia - ok
20:42:30.0781 1028 Pcouffin (49b2d1b1ec3688684724779af59b872d) C:\WINDOWS\system32\Drivers\Pcouffin.sys
20:42:30.0781 1028 Pcouffin - ok
20:42:30.0796 1028 PDCOMP - ok
20:42:30.0828 1028 PDFRAME - ok
20:42:30.0843 1028 PDRELI - ok
20:42:30.0875 1028 PDRFRAME - ok
20:42:30.0906 1028 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
20:42:30.0906 1028 perc2 - ok
20:42:30.0937 1028 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:42:30.0937 1028 perc2hib - ok
20:42:31.0078 1028 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:42:31.0078 1028 PptpMiniport - ok
20:42:31.0140 1028 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
20:42:31.0140 1028 PSched - ok
20:42:31.0218 1028 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:42:31.0218 1028 Ptilink - ok
20:42:31.0265 1028 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:42:31.0265 1028 PxHelp20 - ok
20:42:31.0312 1028 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:42:31.0312 1028 ql1080 - ok
20:42:31.0328 1028 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:42:31.0328 1028 Ql10wnt - ok
20:42:31.0359 1028 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:42:31.0359 1028 ql12160 - ok
20:42:31.0375 1028 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:42:31.0390 1028 ql1240 - ok
20:42:31.0406 1028 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:42:31.0406 1028 ql1280 - ok
20:42:31.0437 1028 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:42:31.0437 1028 RasAcd - ok
20:42:31.0484 1028 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:42:31.0484 1028 Rasl2tp - ok
20:42:31.0515 1028 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:42:31.0515 1028 RasPppoe - ok
20:42:31.0546 1028 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:42:31.0546 1028 Raspti - ok
20:42:31.0625 1028 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:42:31.0625 1028 Rdbss - ok
20:42:31.0640 1028 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:42:31.0640 1028 RDPCDD - ok
20:42:31.0734 1028 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:42:31.0734 1028 rdpdr - ok
20:42:31.0828 1028 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
20:42:31.0828 1028 RDPWD - ok
20:42:31.0859 1028 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:42:31.0859 1028 redbook - ok
20:42:31.0937 1028 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
20:42:31.0937 1028 RimUsb - ok
20:42:31.0953 1028 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
20:42:31.0953 1028 RimVSerPort - ok
20:42:32.0015 1028 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
20:42:32.0015 1028 ROOTMODEM - ok
20:42:32.0203 1028 Secdrv (d40e5b623d1a7e9bf09bdbf376d16432) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:42:32.0203 1028 Secdrv - ok
20:42:32.0234 1028 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:42:32.0250 1028 serenum - ok
20:42:32.0265 1028 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
20:42:32.0265 1028 Serial - ok
20:42:32.0312 1028 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:42:32.0328 1028 Sfloppy - ok
20:42:32.0359 1028 Simbad - ok
20:42:32.0390 1028 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:42:32.0390 1028 sisagp - ok
20:42:32.0468 1028 smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys
20:42:32.0484 1028 smwdm - ok
20:42:32.0500 1028 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:42:32.0500 1028 Sparrow - ok
20:42:32.0531 1028 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
20:42:32.0531 1028 splitter - ok
20:42:32.0562 1028 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
20:42:32.0562 1028 sr - ok
20:42:32.0656 1028 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
20:42:32.0671 1028 Srv - ok
20:42:32.0718 1028 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:42:32.0718 1028 swenum - ok
20:42:32.0750 1028 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
20:42:32.0750 1028 swmidi - ok
20:42:32.0765 1028 SWMX00 - ok
20:42:32.0781 1028 SWNC5E00 - ok
20:42:32.0828 1028 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
20:42:32.0828 1028 symc810 - ok
20:42:32.0859 1028 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:42:32.0859 1028 symc8xx - ok
20:42:32.0875 1028 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:42:32.0890 1028 sym_hi - ok
20:42:32.0906 1028 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:42:32.0906 1028 sym_u3 - ok
20:42:32.0953 1028 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
20:42:32.0953 1028 sysaudio - ok
20:42:33.0031 1028 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:42:33.0046 1028 Tcpip - ok
20:42:33.0109 1028 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:42:33.0109 1028 TDPIPE - ok
20:42:33.0156 1028 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
20:42:33.0156 1028 TDTCP - ok
20:42:33.0281 1028 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:42:33.0281 1028 TermDD - ok
20:42:33.0328 1028 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
20:42:33.0328 1028 TosIde - ok
20:42:33.0421 1028 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
20:42:33.0421 1028 Udfs - ok
20:42:33.0453 1028 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
20:42:33.0453 1028 ultra - ok
20:42:33.0500 1028 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
20:42:33.0500 1028 Update - ok
20:42:33.0578 1028 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:42:33.0578 1028 USBAAPL - ok
20:42:33.0625 1028 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:42:33.0625 1028 usbccgp - ok
20:42:33.0640 1028 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:42:33.0640 1028 usbehci - ok
20:42:33.0671 1028 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:42:33.0671 1028 usbhub - ok
20:42:33.0734 1028 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:42:33.0734 1028 usbprint - ok
20:42:33.0796 1028 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:42:33.0796 1028 usbscan - ok
20:42:33.0859 1028 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:42:33.0859 1028 USBSTOR - ok
20:42:33.0875 1028 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:42:33.0890 1028 usbuhci - ok
20:42:33.0953 1028 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
20:42:33.0953 1028 VgaSave - ok
20:42:34.0015 1028 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:42:34.0015 1028 viaagp - ok
20:42:34.0031 1028 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:42:34.0031 1028 ViaIde - ok
20:42:34.0093 1028 vmci (a131387e5bfdfc27debda8428ea14173) C:\WINDOWS\system32\Drivers\vmci.sys
20:42:34.0093 1028 vmci - ok
20:42:34.0156 1028 vmkbd (9450172735eca807d3ae92bbc04dcb5c) C:\WINDOWS\system32\drivers\VMkbd.sys
20:42:34.0156 1028 vmkbd - ok
20:42:34.0171 1028 VMnetAdapter (898706a05d20b706848a440961c52436) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
20:42:34.0171 1028 VMnetAdapter - ok
20:42:34.0234 1028 VMnetBridge (5692cbd2a25e04c62707bfc311884b65) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
20:42:34.0250 1028 VMnetBridge - ok
20:42:34.0296 1028 VMnetuserif (7cccbc8a9be8766a32a8d26f52f9f31c) C:\WINDOWS\system32\drivers\vmnetuserif.sys
20:42:34.0296 1028 VMnetuserif - ok
20:42:34.0312 1028 VMparport (742bbfe7e125a3b0169ab303fa73ba4a) C:\WINDOWS\system32\Drivers\VMparport.sys
20:42:34.0312 1028 VMparport - ok
20:42:34.0437 1028 vmx86 (3e039755695e7a80fd0f40685ad0f73b) C:\WINDOWS\system32\Drivers\vmx86.sys
20:42:34.0468 1028 vmx86 - ok
20:42:34.0484 1028 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
20:42:34.0484 1028 VolSnap - ok
20:42:34.0656 1028 vstor2-ws60 (70652ddbb219083acda28ca0cb0d6663) C:\Program Files\VMware\VMware Player\vstor2-ws60.sys
20:42:34.0656 1028 vstor2-ws60 - ok
20:42:34.0703 1028 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:42:34.0703 1028 Wanarp - ok
20:42:34.0718 1028 wanatw - ok
20:42:34.0750 1028 WDICA - ok
20:42:34.0812 1028 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
20:42:34.0812 1028 wdmaud - ok
20:42:34.0875 1028 WinDriver6 (097a8291df541f9b9af2c500797cdcaa) C:\WINDOWS\system32\drivers\windrvr6.sys
20:42:34.0875 1028 WinDriver6 - ok
20:42:35.0078 1028 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:42:35.0078 1028 WS2IFSL - ok
20:42:35.0140 1028 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:42:35.0140 1028 WudfPf - ok
20:42:35.0203 1028 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:42:35.0203 1028 WudfRd - ok
20:42:35.0343 1028 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
20:42:35.0343 1028 \Device\Harddisk0\DR0 - ok
20:42:35.0375 1028 Boot (0x1200) (6655886d1e44a2fe840a8a47618d8349) \Device\Harddisk0\DR0\Partition0
20:42:35.0375 1028 \Device\Harddisk0\DR0\Partition0 - ok
20:42:35.0375 1028 ============================================================
20:42:35.0375 1028 Scan finished
20:42:35.0375 1028 ============================================================
20:42:35.0421 0308 Detected object count: 1
20:42:35.0421 0308 Actual detected object count: 1
20:43:10.0265 0308 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\NETBT.SYS) error 13
20:43:10.0515 0308 Backup copy not found, trying to cure infected file..
20:43:10.0515 0308 C:\WINDOWS\system32\DRIVERS\netbt.sys - Cure failed (FFFFFFFF)
20:43:10.0515 0308 C:\WINDOWS\system32\DRIVERS\netbt.sys - processing error
20:43:10.0515 0308 NetBT ( Rootkit.Win32.ZAccess.h ) - User select action: Cure

5) Tried to download MBAM and install it, but it said that the application couldn't be initialized. I've tried renaming the install exe but it continues to give the same error.

Back to you,

OldKid

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:58 PM

Posted 07 October 2011 - 09:19 PM

Not a good thing. But we can fix it. We need to move and have a custom fix made.
Include this link back to this topic.

http://www.bleepingcomputer.com/forums/topic422265.html/page__pid__2433370#entry2433370

you need some updates like Java and Adobe Reader but they will do it there.

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 OldKidOnTheBlock

OldKidOnTheBlock
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 07 October 2011 - 11:28 PM

Hi again,

I followed steps 6-9 as directed and have posted results here:

http://www.bleepingcomputer.com/forums/topic422422.html

GMER would not complete. Gave me a BSOD with "pagefault in non-paged area" caused by "uxryapow.sys"

Cheers, and let me know what to do next.

Thanks so much for your hard work.

OldKid

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:58 PM

Posted 08 October 2011 - 11:37 AM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic422421.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users