Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus 2012, Ping.exe, Browser redirects


  • This topic is locked This topic is locked
7 replies to this topic

#1 tristx

tristx

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 20 December 2011 - 12:55 PM

I have a computer that became infected with one of the fake XP Antivirus 2012 programs.
I searched online and found some instructions for removing it which as far as I can tell have worked.
I'm no longer having the fake virus scan and alert popup but I'm left with some other problems.
I noticed ping.exe using between 40-70% of system resources.
I searched for any copies of the ping.exe file and renamed them.
So far I haven't seen ping.exe since then or any other program using up the system resources like it was.
Scans from adaware and malwarebytes come up clean so I tried out firefox and internet explorer.
The problem I'm experiencing now is browser redirects from both browsers.
I can do a google search in either one and sometimes when I click on the link I'm redirected to newscanary and another bogus page which will contain pieces of my original google search.
As I was looking for fixes for the bowser redierects I came across this page and after researching decided I should probably stop going at this blind and ask for help.

Thanks,
Bob

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:49 PM

Posted 20 December 2011 - 03:21 PM

Hello Bob and welcome.
Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?

Please post that MBAM log...
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
[*]Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.



Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 tristx

tristx
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 20 December 2011 - 06:18 PM

There is a router here and other machines are fine, they are not redirecting.
This machine has firefox and IE. Some websites require IE, otherwise I prefer firefox.

OS is Windows XP

------------

Here are my 2 MBAM logs from yesterday:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8399

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

12/19/2011 4:19:32 PM
mbam-log-2011-12-19 (16-19-32).txt

Scan type: Full scan (C:\|)
Objects scanned: 386701
Time elapsed: 1 hour(s), 49 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{7BD346D5-C67B-5728-F631-5EFB4AF4874F} (Trojan.Zbot.CBCGen) -> Value: {7BD346D5-C67B-5728-F631-5EFB4AF4874F} -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\emcnew\application data\Ehyltu\oqzaco.exe (Trojan.Zbot.CBCGen) -> Quarantined and deleted successfully.
c:\documents and settings\emcnew\local settings\application data\xna.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8399

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

12/19/2011 6:52:43 PM
mbam-log-2011-12-19 (18-52-43).txt

Scan type: Full scan (C:\|)
Objects scanned: 385621
Time elapsed: 1 hour(s), 53 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------

Here is the Result.txt from Minitoolbox.

MiniToolBox by Farbar
Ran by emcnew (administrator) on 20-12-2011 at 16:57:37
Microsoft Windows XP Professional Service Pack 2 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "*.local"
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 14884 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)
Dell Wireless 1390 WLAN Mini-Card = Wireless Network Connection (Media disconnected)
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.


Windows IP Configuration



Host Name . . . . . . . . . . . . : mgmt2

Primary Dns Suffix . . . . . . . : dmcengineers.net

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : dmcengineers.net

gateway.2wire.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-15-C5-0A-27-A3

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.110

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.10

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Tuesday, December 20, 2011 11:01:25 AM

Lease Expires . . . . . . . . . . : Wednesday, December 28, 2011 11:01:25 AM



Ethernet adapter Wireless Network Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Dell Wireless 1390 WLAN Mini-Card

Physical Address. . . . . . . . . : 00-16-CE-53-F3-04

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 15 c5 0a 27 a3 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
0x3 ...00 16 ce 53 f3 04 ...... Dell Wireless 1390 WLAN Mini-Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.110 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.110 192.168.0.110 10
192.168.0.110 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.0.255 255.255.255.255 192.168.0.110 192.168.0.110 10
224.0.0.0 240.0.0.0 192.168.0.110 192.168.0.110 10
255.255.255.255 255.255.255.255 192.168.0.110 192.168.0.110 1
255.255.255.255 255.255.255.255 192.168.0.110 3 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/20/2011 04:00:42 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (12/19/2011 04:33:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/19/2011 04:13:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/19/2011 04:05:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9964578

Error: (12/19/2011 04:05:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9964578

Error: (12/19/2011 04:05:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/19/2011 04:05:35 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9950891

Error: (12/19/2011 04:05:35 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/19/2011 04:05:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9948922

Error: (12/19/2011 04:05:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9948922


System errors:
=============
Error: (12/20/2011 05:00:37 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/20/2011 05:00:37 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/20/2011 05:00:37 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/20/2011 05:00:37 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/20/2011 05:00:36 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/20/2011 05:00:36 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/20/2011 05:00:36 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/20/2011 05:00:36 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/20/2011 05:00:35 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/20/2011 05:00:35 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127


Microsoft Office Sessions:
=========================
Error: (12/20/2011 04:00:42 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: The specified domain either does not exist or could not be contacted.

Error: (12/19/2011 04:33:38 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/19/2011 04:13:02 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/19/2011 04:05:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9964578

Error: (12/19/2011 04:05:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9964578

Error: (12/19/2011 04:05:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/19/2011 04:05:35 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9950891

Error: (12/19/2011 04:05:35 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/19/2011 04:05:33 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9948922

Error: (12/19/2011 04:05:33 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9948922


=========================== Installed Programs ============================

Ad-Aware (Version: 9.0.7)
Adobe Acrobat 6.0 Standard (Version: 006.000.000)
Adobe Flash Player 10 Plugin (Version: 10.3.181.26)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader 8.1.2 Security Update 1 (KB403742)
ALPS Touch Pad Driver
Apple Application Support (Version: 1.5.1)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.1.116)
AutoCAD LT 2006 - English (Version: 16.2.77.0)
Autodesk DWF Viewer (Version: 5.1)
Bentley MicroStation V8 XM Edition 08.09.04.51 (Version: 08.09.04051)
Bentley Utility Industry Suite 08.09.04.40 (Version: 08.09.04.40)
Bentley WaterCAD V8 XM 08.09.400.34 (Version: 08.09.400.34)
Bluetooth Stack for Windows by Toshiba (Version: v4.00.22(D))
Broadcom Advanced Control Suite (Version: 8.68.05)
Canon Camera WIA Driver (Version: 5.3)
Canon Camera WIA Driver (Version: 5.4)
Canon Camera WIA Driver (Version: 5.5)
Canon EOS-1D Mark II WIA Driver (Version: 5.3)
Canon EOS-1Ds Mark II WIA Driver (Version: 5.5)
Canon EOS 20D WIA Driver (Version: 5.4)
Canon Utilities EOS Capture 1.2 (Version: 1.2)
Canon Utilities EOS Viewer Utility 1.2 (Version: 1.2.1)
Canon Utilities PhotoStitch 3.1 (Version: 3.1.14)
CDDRV_Installer (Version: 4.60)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Conexant HDA D110 MDC V.92 Modem
Dell Printer Software Uninstall
Dell Wireless WLAN Card (Version: 4.10.47.3)
Digital Line Detect (Version: 1.15)
EOS Viewer Utility 1.2.1 (Version: 1.2.1)
erLT (Version: 1.20.0137)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.79)
HEC-RAS
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HP Software Update (Version: 2.0.37.20031205)
HY-8 7.2 (Version: 7.2.4)
HydroCAD
iTunes (Version: 10.2.2.12)
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
KhalInstallWrapper (Version: 2.00.0000)
KONICA MINOLTA bizhub C353 Series
Logitech SetPoint (Version: 4.80)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 1 (Version: 2.1.21022)
Microsoft .NET Framework 3.0 Service Pack 1 (Version: 3.1.21022)
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 (Version: 3.5.21022)
Microsoft Default Manager (Version: 2.1.54.0)
Microsoft Exception Message Box (Version: 9.00.2047.00)
Microsoft Office 2003 Primary Interop Assemblies (Version: 11.0.6553.0)
Microsoft Office Outlook 2003 with Business Contact Manager Update (Version: 2.0.5324.0)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Search Enhancement Pack (Version: 2.0.264.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) (Version: 8.00.2039)
Microsoft UI Engine (Version: 4.0.0318.1)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60816.0)
Microsoft Works 6-9 Converter (Version: 9.7.0621)
MobileMe Control Panel (Version: 3.0.0.101)
Mozilla Firefox 4.0.1 (x86 en-US) (Version: 4.0.1)
MSN Toolbar (Version: 4.0.0401.0)
MSN Toolbar Platform (Version: 4.0.0401.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
NVIDIA Drivers
overland (Version: 2.1.5)
PC Attorney (Version: 2.1.0000)
Photosmart 140,240,7200,7600,7700,7900 Series (Version: 2.0)
PhotoStitch (Version: 3.1.14)
PowerDVD 5.7
PS7900 (Version: 1.01.0000)
PSShortcutsP (Version: 1.01.0000)
PSUsage (Version: 1.30.0000)
QFolder (Version: 1.00.0000)
QuickSet (Version: 7.1.8)
QuickTime (Version: 7.69.80.9)
RealPlayer
RealUpgrade 1.0 (Version: 1.0.0)
Rhapsody Player Engine (Version: 1.0.604)
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 (Version: 3.0.0.71102)
Samsung PC Studio 3 (Version: 3.1.3.71102)
Samsung PC Studio 3 USB Driver Installer (Version: 1.00.0000)
Samsung PC Studio for SGH-D807 (Version: 3.0.0.60701)
SlingPlayer (Version: 2.0.4521)
Smart Defrag 2 (Version: 2.2)
Sony USB Driver
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spybot - Search & Destroy (Version: 1.6.2)
TOSHIBA e-STUDIO3511-4511 Client (Version: 1.00.001)
ViewSonic Monitor Drivers
Visual Basic for Applications ® Core - English (Version: 6.4.99.69)
Visual Basic for Applications ® Core (Version: 6.4.99.69)
Visual Studio 2005 Tools for Office Second Edition Runtime
Vodafone 804SS USB driver Software
Vu360
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live OneCare safety scanner
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339 (Version: 20041117.092459)
Windows XP Hotfix - KB885250 (Version: 20050118.202711)
Windows XP Hotfix - KB885835 (Version: 20041027.181713)
Windows XP Hotfix - KB885836 (Version: 20041028.173203)
Windows XP Hotfix - KB885855 (Version: 20040930.104104)
Windows XP Hotfix - KB886185 (Version: 20041021.090540)
Windows XP Hotfix - KB887472 (Version: 20041014.162858)
Windows XP Hotfix - KB887742 (Version: 20041103.095002)
Windows XP Hotfix - KB888113 (Version: 20041116.131036)
Windows XP Hotfix - KB888302 (Version: 20041207.111426)
Windows XP Hotfix - KB889673 (Version: 20041116.085848)
Windows XP Hotfix - KB890859 (Version: 1)
Windows XP Hotfix - KB891781 (Version: 20050110.165439)
WinTR-55, Version 1.00.09 (Version: 1.00.09)
XML Paper Specification Shared Components Pack 1.0

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 32%
Total physical RAM: 2046.11 MB
Available physical RAM: 1386.46 MB
Total Pagefile: 3938.87 MB
Available Pagefile: 3572.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.18 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.47 GB) (Free:13.5 GB) NTFS
6 Drive s: (DATA) (Network) (Total:117.19 GB) (Free:9.12 GB) NTFS

========================= Users: ========================================

User accounts for \\MGMT2

Administrator Guest HelpAssistant
SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini041210-01.dmp
C:\WINDOWS\Minidump\Mini092307-01.dmp

**** End of log ****

--------------------

Here is the TDSSKiller log, it did require a reboot and cleaning.

17:08:48.0107 3560 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
17:08:48.0700 3560 ============================================================
17:08:48.0700 3560 Current date / time: 2011/12/20 17:08:48.0700
17:08:48.0700 3560 SystemInfo:
17:08:48.0700 3560
17:08:48.0700 3560 OS Version: 5.1.2600 ServicePack: 2.0
17:08:48.0700 3560 Product type: Workstation
17:08:48.0700 3560 ComputerName: MGMT2
17:08:48.0700 3560 UserName: emcnew
17:08:48.0700 3560 Windows directory: C:\WINDOWS
17:08:48.0700 3560 System windows directory: C:\WINDOWS
17:08:48.0700 3560 Processor architecture: Intel x86
17:08:48.0700 3560 Number of processors: 2
17:08:48.0700 3560 Page size: 0x1000
17:08:48.0700 3560 Boot type: Normal boot
17:08:48.0700 3560 ============================================================
17:08:49.0998 3560 Initialize success
17:08:55.0764 1916 ============================================================
17:08:55.0764 1916 Scan started
17:08:55.0764 1916 Mode: Manual;
17:08:55.0764 1916 ============================================================
17:08:56.0233 1916 Abiosdsk - ok
17:08:56.0265 1916 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:08:56.0265 1916 abp480n5 - ok
17:08:56.0311 1916 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:08:56.0311 1916 ACPI - ok
17:08:56.0343 1916 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:08:56.0343 1916 ACPIEC - ok
17:08:56.0358 1916 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:08:56.0358 1916 adpu160m - ok
17:08:56.0405 1916 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
17:08:56.0405 1916 aec - ok
17:08:56.0468 1916 AFD (955c92ab7a0811f39402f2a1c429a96b) C:\WINDOWS\System32\drivers\afd.sys
17:08:56.0468 1916 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: 955c92ab7a0811f39402f2a1c429a96b, Fake md5: 55e6e1c51b6d30e54335750955453702
17:08:56.0468 1916 AFD ( Rootkit.Win32.ZAccess.aml ) - infected
17:08:56.0468 1916 AFD - detected Rootkit.Win32.ZAccess.aml (0)
17:08:56.0546 1916 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:08:56.0546 1916 agp440 - ok
17:08:56.0593 1916 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:08:56.0593 1916 agpCPQ - ok
17:08:56.0624 1916 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:08:56.0624 1916 Aha154x - ok
17:08:56.0655 1916 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:08:56.0655 1916 aic78u2 - ok
17:08:56.0671 1916 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:08:56.0671 1916 aic78xx - ok
17:08:56.0687 1916 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:08:56.0687 1916 AliIde - ok
17:08:56.0749 1916 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:08:56.0749 1916 alim1541 - ok
17:08:56.0765 1916 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:08:56.0765 1916 amdagp - ok
17:08:56.0796 1916 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:08:56.0796 1916 amsint - ok
17:08:56.0843 1916 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
17:08:56.0843 1916 ApfiltrService - ok
17:08:56.0890 1916 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
17:08:56.0905 1916 APPDRV - ok
17:08:56.0984 1916 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:08:56.0984 1916 Arp1394 - ok
17:08:57.0030 1916 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:08:57.0030 1916 asc - ok
17:08:57.0046 1916 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:08:57.0046 1916 asc3350p - ok
17:08:57.0077 1916 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:08:57.0077 1916 asc3550 - ok
17:08:57.0124 1916 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:08:57.0124 1916 AsyncMac - ok
17:08:57.0155 1916 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:08:57.0155 1916 atapi - ok
17:08:57.0171 1916 Atdisk - ok
17:08:57.0202 1916 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:08:57.0202 1916 Atmarpc - ok
17:08:57.0265 1916 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:08:57.0265 1916 audstub - ok
17:08:57.0327 1916 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
17:08:57.0327 1916 b57w2k - ok
17:08:57.0390 1916 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
17:08:57.0390 1916 BCM43XX - ok
17:08:57.0421 1916 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:08:57.0421 1916 Beep - ok
17:08:57.0452 1916 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:08:57.0452 1916 cbidf - ok
17:08:57.0468 1916 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:08:57.0468 1916 cbidf2k - ok
17:08:57.0499 1916 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:08:57.0499 1916 cd20xrnt - ok
17:08:57.0531 1916 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:08:57.0531 1916 Cdaudio - ok
17:08:57.0593 1916 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
17:08:57.0593 1916 Cdfs - ok
17:08:57.0609 1916 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:08:57.0609 1916 Cdrom - ok
17:08:57.0624 1916 Changer - ok
17:08:57.0671 1916 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:08:57.0671 1916 CmBatt - ok
17:08:57.0687 1916 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:08:57.0687 1916 CmdIde - ok
17:08:57.0702 1916 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:08:57.0702 1916 Compbatt - ok
17:08:57.0749 1916 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:08:57.0749 1916 Cpqarray - ok
17:08:57.0781 1916 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:08:57.0796 1916 dac2w2k - ok
17:08:57.0812 1916 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:08:57.0812 1916 dac960nt - ok
17:08:57.0827 1916 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
17:08:57.0827 1916 Disk - ok
17:08:57.0906 1916 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
17:08:57.0921 1916 dmboot - ok
17:08:57.0999 1916 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
17:08:57.0999 1916 dmio - ok
17:08:58.0031 1916 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:08:58.0031 1916 dmload - ok
17:08:58.0078 1916 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
17:08:58.0078 1916 DMusic - ok
17:08:58.0124 1916 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:08:58.0124 1916 dpti2o - ok
17:08:58.0140 1916 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
17:08:58.0156 1916 drmkaud - ok
17:08:58.0187 1916 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:08:58.0187 1916 E100B - ok
17:08:58.0218 1916 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
17:08:58.0234 1916 Fastfat - ok
17:08:58.0328 1916 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:08:58.0328 1916 Fdc - ok
17:08:58.0359 1916 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
17:08:58.0359 1916 Fips - ok
17:08:58.0390 1916 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:08:58.0390 1916 Flpydisk - ok
17:08:58.0406 1916 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:08:58.0406 1916 FltMgr - ok
17:08:58.0437 1916 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:08:58.0437 1916 Fs_Rec - ok
17:08:58.0468 1916 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:08:58.0468 1916 Ftdisk - ok
17:08:58.0484 1916 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
17:08:58.0484 1916 GEARAspiWDM - ok
17:08:58.0515 1916 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:08:58.0515 1916 Gpc - ok
17:08:58.0593 1916 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:08:58.0593 1916 HDAudBus - ok
17:08:58.0640 1916 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:08:58.0640 1916 HidUsb - ok
17:08:58.0656 1916 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
17:08:58.0656 1916 hpn - ok
17:08:58.0703 1916 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:08:58.0703 1916 HPZid412 - ok
17:08:58.0718 1916 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:08:58.0718 1916 HPZipr12 - ok
17:08:58.0765 1916 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:08:58.0765 1916 HPZius12 - ok
17:08:58.0828 1916 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
17:08:58.0828 1916 HSF_DPV - ok
17:08:58.0906 1916 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
17:08:58.0906 1916 HSXHWAZL - ok
17:08:58.0953 1916 HTTP (bfb7b73c942e816c4fb4a5a7bae87136) C:\WINDOWS\system32\Drivers\HTTP.sys
17:08:58.0953 1916 HTTP - ok
17:08:58.0984 1916 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:08:59.0000 1916 i2omgmt - ok
17:08:59.0015 1916 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:08:59.0015 1916 i2omp - ok
17:08:59.0031 1916 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:08:59.0031 1916 i8042prt - ok
17:08:59.0062 1916 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:08:59.0062 1916 Imapi - ok
17:08:59.0078 1916 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:08:59.0093 1916 ini910u - ok
17:08:59.0140 1916 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:08:59.0140 1916 IntelIde - ok
17:08:59.0171 1916 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:08:59.0171 1916 intelppm - ok
17:08:59.0203 1916 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:08:59.0203 1916 Ip6Fw - ok
17:08:59.0234 1916 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:08:59.0250 1916 IpFilterDriver - ok
17:08:59.0265 1916 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:08:59.0265 1916 IpInIp - ok
17:08:59.0312 1916 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:08:59.0312 1916 IpNat - ok
17:08:59.0328 1916 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:08:59.0328 1916 IPSec - ok
17:08:59.0359 1916 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:08:59.0359 1916 IRENUM - ok
17:08:59.0453 1916 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:08:59.0453 1916 isapnp - ok
17:08:59.0468 1916 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:08:59.0468 1916 Kbdclass - ok
17:08:59.0515 1916 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:08:59.0515 1916 kbdhid - ok
17:08:59.0547 1916 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
17:08:59.0547 1916 kmixer - ok
17:08:59.0578 1916 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
17:08:59.0578 1916 KSecDD - ok
17:08:59.0687 1916 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
17:08:59.0687 1916 Lavasoft Kernexplorer - ok
17:08:59.0781 1916 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
17:08:59.0781 1916 Lbd - ok
17:08:59.0828 1916 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
17:08:59.0828 1916 LBeepKE - ok
17:08:59.0844 1916 lbrtfdc - ok
17:08:59.0922 1916 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:08:59.0922 1916 mdmxsdk - ok
17:08:59.0953 1916 mferkdk - ok
17:08:59.0984 1916 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:08:59.0984 1916 mnmdd - ok
17:09:00.0000 1916 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
17:09:00.0000 1916 Modem - ok
17:09:00.0094 1916 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:09:00.0094 1916 Mouclass - ok
17:09:00.0125 1916 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:09:00.0125 1916 mouhid - ok
17:09:00.0140 1916 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
17:09:00.0140 1916 MountMgr - ok
17:09:00.0172 1916 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:09:00.0172 1916 mraid35x - ok
17:09:00.0187 1916 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:09:00.0187 1916 MRxDAV - ok
17:09:00.0250 1916 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:09:00.0250 1916 MRxSmb - ok
17:09:00.0312 1916 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
17:09:00.0312 1916 Msfs - ok
17:09:00.0359 1916 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:09:00.0359 1916 MSKSSRV - ok
17:09:00.0375 1916 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:09:00.0375 1916 MSPCLOCK - ok
17:09:00.0406 1916 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
17:09:00.0406 1916 MSPQM - ok
17:09:00.0453 1916 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:09:00.0453 1916 mssmbios - ok
17:09:00.0469 1916 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
17:09:00.0469 1916 Mup - ok
17:09:00.0500 1916 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
17:09:00.0500 1916 NDIS - ok
17:09:00.0516 1916 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:09:00.0516 1916 NdisTapi - ok
17:09:00.0531 1916 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:09:00.0531 1916 Ndisuio - ok
17:09:00.0609 1916 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:09:00.0609 1916 NdisWan - ok
17:09:00.0625 1916 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
17:09:00.0625 1916 NDProxy - ok
17:09:00.0641 1916 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:09:00.0641 1916 NetBIOS - ok
17:09:00.0672 1916 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:09:00.0672 1916 NetBT - ok
17:09:00.0719 1916 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:09:00.0719 1916 NIC1394 - ok
17:09:00.0750 1916 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
17:09:00.0750 1916 Npfs - ok
17:09:00.0781 1916 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
17:09:00.0781 1916 Ntfs - ok
17:09:00.0922 1916 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:09:00.0922 1916 Null - ok
17:09:01.0094 1916 nv (5796a04ccc99542fdfb43f2accd803df) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:09:01.0125 1916 nv - ok
17:09:01.0219 1916 NWDellModem (3494ca48eacbb2411727530191d0ff7c) C:\WINDOWS\system32\DRIVERS\nwdelmdm.sys
17:09:01.0219 1916 NWDellModem - ok
17:09:01.0234 1916 NWDellPort (3494ca48eacbb2411727530191d0ff7c) C:\WINDOWS\system32\DRIVERS\nwdelser.sys
17:09:01.0234 1916 NWDellPort - ok
17:09:01.0250 1916 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:09:01.0250 1916 NwlnkFlt - ok
17:09:01.0266 1916 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:09:01.0281 1916 NwlnkFwd - ok
17:09:01.0313 1916 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:09:01.0313 1916 ohci1394 - ok
17:09:01.0344 1916 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
17:09:01.0359 1916 Parport - ok
17:09:01.0359 1916 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
17:09:01.0359 1916 PartMgr - ok
17:09:01.0391 1916 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:09:01.0391 1916 ParVdm - ok
17:09:01.0406 1916 PCASp50 - ok
17:09:01.0406 1916 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
17:09:01.0422 1916 PCI - ok
17:09:01.0422 1916 PCIDump - ok
17:09:01.0438 1916 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:09:01.0438 1916 PCIIde - ok
17:09:01.0453 1916 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:09:01.0453 1916 Pcmcia - ok
17:09:01.0469 1916 PDCOMP - ok
17:09:01.0485 1916 PDFRAME - ok
17:09:01.0485 1916 PDRELI - ok
17:09:01.0500 1916 PDRFRAME - ok
17:09:01.0516 1916 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
17:09:01.0531 1916 perc2 - ok
17:09:01.0547 1916 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:09:01.0547 1916 perc2hib - ok
17:09:01.0625 1916 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:09:01.0625 1916 PptpMiniport - ok
17:09:01.0641 1916 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
17:09:01.0641 1916 PSched - ok
17:09:01.0656 1916 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:09:01.0672 1916 Ptilink - ok
17:09:01.0688 1916 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:09:01.0688 1916 ql1080 - ok
17:09:01.0703 1916 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:09:01.0703 1916 Ql10wnt - ok
17:09:01.0719 1916 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:09:01.0719 1916 ql12160 - ok
17:09:01.0735 1916 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:09:01.0735 1916 ql1240 - ok
17:09:01.0766 1916 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:09:01.0766 1916 ql1280 - ok
17:09:01.0797 1916 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:09:01.0797 1916 RasAcd - ok
17:09:01.0860 1916 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:09:01.0860 1916 Rasl2tp - ok
17:09:01.0891 1916 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:09:01.0891 1916 RasPppoe - ok
17:09:01.0906 1916 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:09:01.0906 1916 Raspti - ok
17:09:01.0969 1916 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:09:01.0969 1916 Rdbss - ok
17:09:01.0985 1916 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:09:01.0985 1916 RDPCDD - ok
17:09:02.0016 1916 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:09:02.0016 1916 rdpdr - ok
17:09:02.0047 1916 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
17:09:02.0063 1916 RDPWD - ok
17:09:02.0094 1916 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:09:02.0094 1916 redbook - ok
17:09:02.0157 1916 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:09:02.0157 1916 Secdrv - ok
17:09:02.0219 1916 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:09:02.0219 1916 serenum - ok
17:09:02.0235 1916 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
17:09:02.0235 1916 Serial - ok
17:09:02.0282 1916 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
17:09:02.0282 1916 Sfloppy - ok
17:09:02.0297 1916 Simbad - ok
17:09:02.0328 1916 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:09:02.0328 1916 sisagp - ok
17:09:02.0375 1916 SmartDefragDriver (14bb60a4f1c5291217a05d5728c403e6) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
17:09:02.0375 1916 SmartDefragDriver - ok
17:09:02.0422 1916 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
17:09:02.0422 1916 SONYPVU1 - ok
17:09:02.0453 1916 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:09:02.0453 1916 Sparrow - ok
17:09:02.0500 1916 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
17:09:02.0500 1916 splitter - ok
17:09:02.0547 1916 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
17:09:02.0547 1916 sr - ok
17:09:02.0594 1916 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
17:09:02.0594 1916 Srv - ok
17:09:02.0641 1916 sscdbus (2d4027c46b4c6e45875e3c4ba3f67492) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
17:09:02.0657 1916 sscdbus - ok
17:09:02.0672 1916 sscdmdfl (f548f1eba107bc19e91189e6a460bd0e) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
17:09:02.0672 1916 sscdmdfl - ok
17:09:02.0688 1916 sscdmdm (71d348d53597379dfe1de255d70af13c) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
17:09:02.0688 1916 sscdmdm - ok
17:09:02.0719 1916 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
17:09:02.0719 1916 StarOpen - ok
17:09:02.0797 1916 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
17:09:02.0797 1916 STHDA - ok
17:09:02.0922 1916 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:09:02.0922 1916 swenum - ok
17:09:02.0954 1916 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
17:09:02.0969 1916 swmidi - ok
17:09:02.0985 1916 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
17:09:03.0000 1916 symc810 - ok
17:09:03.0016 1916 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:09:03.0016 1916 symc8xx - ok
17:09:03.0032 1916 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:09:03.0032 1916 sym_hi - ok
17:09:03.0047 1916 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:09:03.0047 1916 sym_u3 - ok
17:09:03.0079 1916 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
17:09:03.0079 1916 sysaudio - ok
17:09:03.0126 1916 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:09:03.0141 1916 Tcpip - ok
17:09:03.0204 1916 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:09:03.0204 1916 TDPIPE - ok
17:09:03.0235 1916 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
17:09:03.0235 1916 TDTCP - ok
17:09:03.0266 1916 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:09:03.0266 1916 TermDD - ok
17:09:03.0313 1916 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
17:09:03.0313 1916 toshidpt - ok
17:09:03.0344 1916 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
17:09:03.0344 1916 TosIde - ok
17:09:03.0360 1916 tosporte (0470bf2d5f49ff98464ac2c838e6a080) C:\WINDOWS\system32\DRIVERS\tosporte.sys
17:09:03.0360 1916 tosporte - ok
17:09:03.0391 1916 Tosrfbd (077869082a635e8ff2c205dc95c78775) C:\WINDOWS\system32\Drivers\tosrfbd.sys
17:09:03.0391 1916 Tosrfbd - ok
17:09:03.0407 1916 Tosrfbnp (613e09572f4c5b92ca6be8bdc4cc5b7d) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
17:09:03.0407 1916 Tosrfbnp - ok
17:09:03.0422 1916 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
17:09:03.0422 1916 Tosrfcom - ok
17:09:03.0438 1916 Tosrfhid (f4e4795528d17ff8d1d6d98ebbb92655) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
17:09:03.0438 1916 Tosrfhid - ok
17:09:03.0469 1916 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
17:09:03.0469 1916 tosrfnds - ok
17:09:03.0547 1916 TosRfSnd (b5518adb2b0029ff95d22e8e7336f49f) C:\WINDOWS\system32\drivers\TosRfSnd.sys
17:09:03.0563 1916 TosRfSnd - ok
17:09:03.0579 1916 Tosrfusb (ac2123e788230c712d0919ed0fec9ddd) C:\WINDOWS\system32\Drivers\tosrfusb.sys
17:09:03.0579 1916 Tosrfusb - ok
17:09:03.0641 1916 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
17:09:03.0641 1916 Udfs - ok
17:09:03.0673 1916 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
17:09:03.0673 1916 ultra - ok
17:09:03.0719 1916 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
17:09:03.0719 1916 Update - ok
17:09:03.0782 1916 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:09:03.0782 1916 USBAAPL - ok
17:09:03.0829 1916 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
17:09:03.0829 1916 usbaudio - ok
17:09:03.0938 1916 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:09:03.0938 1916 usbccgp - ok
17:09:03.0969 1916 USBCCID (ca16635aac61993a27ebeeb3f683fa8e) C:\WINDOWS\system32\DRIVERS\usbccid.sys
17:09:03.0969 1916 USBCCID - ok
17:09:03.0985 1916 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:09:03.0985 1916 usbehci - ok
17:09:03.0985 1916 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:09:04.0001 1916 usbhub - ok
17:09:04.0016 1916 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:09:04.0032 1916 usbprint - ok
17:09:04.0079 1916 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:09:04.0079 1916 usbscan - ok
17:09:04.0126 1916 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:09:04.0126 1916 USBSTOR - ok
17:09:04.0157 1916 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:09:04.0157 1916 usbuhci - ok
17:09:04.0188 1916 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
17:09:04.0188 1916 VgaSave - ok
17:09:04.0220 1916 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:09:04.0220 1916 viaagp - ok
17:09:04.0282 1916 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:09:04.0282 1916 ViaIde - ok
17:09:04.0313 1916 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
17:09:04.0313 1916 VolSnap - ok
17:09:04.0345 1916 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:09:04.0345 1916 Wanarp - ok
17:09:04.0360 1916 WDICA - ok
17:09:04.0391 1916 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
17:09:04.0391 1916 wdmaud - ok
17:09:04.0454 1916 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
17:09:04.0454 1916 winachsf - ok
17:09:04.0579 1916 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:09:04.0579 1916 WS2IFSL - ok
17:09:04.0641 1916 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:09:04.0876 1916 \Device\Harddisk0\DR0 - ok
17:09:04.0876 1916 Boot (0x1200) (0d7822660f212a60aaeaac283ab27560) \Device\Harddisk0\DR0\Partition0
17:09:04.0876 1916 \Device\Harddisk0\DR0\Partition0 - ok
17:09:04.0876 1916 ============================================================
17:09:04.0876 1916 Scan finished
17:09:04.0876 1916 ============================================================
17:09:04.0892 3400 Detected object count: 1
17:09:04.0892 3400 Actual detected object count: 1
17:09:34.0007 3400 Backup copy found, using it..
17:09:34.0023 3400 C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot
17:09:35.0961 3400 AFD ( Rootkit.Win32.ZAccess.aml ) - User select action: Cure
17:09:48.0636 1520 Deinitialize success

----------------

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:49 PM

Posted 21 December 2011 - 03:23 PM

Hi,It looks like zeroaccess rootkit was the issue and removed. How is it running now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 tristx

tristx
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 21 December 2011 - 03:49 PM

All the fake antivirus popups have come back and the browser redirects are more frequent. Also IE will open a webpage on it's own now even if I dont already have IE running.
I think it's pretty safe to say whatever bug got in is still here and was able to reinstall itself.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:49 PM

Posted 21 December 2011 - 04:49 PM

Thats what I needed to know, the rootkit is regenerating and we need you to make a new topic so we can dig it out.

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Include a link back to this topic.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 tristx

tristx
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 24 December 2011 - 12:58 AM

I created a new post in the 'Virus, Trojan, Spyware, and Malware Removal Logs' section.

http://www.bleepingcomputer.com/forums/topic434282.html#entry2522412

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:49 PM

Posted 24 December 2011 - 11:24 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 3 - 5 days and ALL logs are amswered.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users