Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus


  • Please log in to reply
7 replies to this topic

#1 Graeme 1

Graeme 1

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 14 April 2012 - 06:36 AM

My wife's computer has developed the habit of flicking to unwanted websites, and is running SO SLOW. I have deduced that it has the Redirect Virus and I was advised to use Combofix, BUT the instructions said no, not unless I have a helper, so here I am.
The infected computer, (not this one) is running Windows XP Home, SP3. The antivirus is CA and we have Spybot S&D, and Malwarebytes installed, which have served us well in the past, but not this time.
I have searched for TDSS Serve.sys in vain, and am unable to access C:\Windows\System32\drivers\etc\hosts, both of which were suggested as a fix on another website.
I am using my own computer to post as the infected computer is so slow as to be almost unusable.

*Edit: Moved topic from XP to the more appropriate forum. ~ Queen-Evie*

Edited by Queen-Evie, 14 April 2012 - 07:56 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:56 AM

Posted 14 April 2012 - 08:47 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 Graeme 1

Graeme 1
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 15 April 2012 - 06:40 AM

Thanks narenxp,
I launched TDSSkiller, didn't read the instructions properly at first and ran the wrong parameters. This found a virus:
12:02:02.0234 2744 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
12:02:03.0171 2744 ============================================================
12:02:03.0171 2744 Current date / time: 2012/04/15 12:02:03.0171
12:02:03.0171 2744 SystemInfo:
12:02:03.0171 2744
12:02:03.0171 2744 OS Version: 5.1.2600 ServicePack: 3.0
12:02:03.0171 2744 Product type: Workstation
12:02:03.0171 2744 ComputerName: AMD
12:02:03.0171 2744 UserName: User 1
12:02:03.0171 2744 Windows directory: C:\WINDOWS
12:02:03.0171 2744 System windows directory: C:\WINDOWS
12:02:03.0171 2744 Processor architecture: Intel x86
12:02:03.0171 2744 Number of processors: 1
12:02:03.0171 2744 Page size: 0x1000
12:02:03.0171 2744 Boot type: Normal boot
12:02:03.0171 2744 ============================================================
12:02:05.0031 2744 Drive \Device\Harddisk0\DR0 - Size: 0x9515A5E00 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:02:05.0046 2744 Drive \Device\Harddisk1\DR1 - Size: 0x262862400 (9.54 Gb), SectorSize: 0x200, Cylinders: 0x4DD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:02:05.0046 2744 \Device\Harddisk0\DR0:
12:02:05.0046 2744 MBR used
12:02:05.0046 2744 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
12:02:05.0046 2744 \Device\Harddisk1\DR1:
12:02:05.0046 2744 MBR used
12:02:05.0046 2744 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x131305E
12:02:05.0062 2744 Initialize success
12:02:05.0062 2744 ============================================================
12:02:10.0828 3276 ============================================================
12:02:10.0828 3276 Scan started
12:02:10.0828 3276 Mode: Manual;
12:02:10.0828 3276 ============================================================
12:02:11.0187 3276 Abiosdsk - ok
12:02:11.0265 3276 abp480n5 - ok
12:02:11.0359 3276 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:02:11.0390 3276 ACPI - ok
12:02:11.0500 3276 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:02:11.0515 3276 ACPIEC - ok
12:02:11.0671 3276 AdobeActiveFileMonitor (e42f7b36b4d8866184e8df9776ca4226) C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
12:02:11.0687 3276 AdobeActiveFileMonitor - ok
12:02:11.0859 3276 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:02:11.0937 3276 AdobeFlashPlayerUpdateSvc - ok
12:02:12.0031 3276 adpu160m - ok
12:02:12.0125 3276 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:02:12.0156 3276 aec - ok
12:02:12.0250 3276 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:02:12.0296 3276 AFD - ok
12:02:12.0375 3276 Aha154x - ok
12:02:12.0421 3276 aic78u2 - ok
12:02:12.0531 3276 aic78xx - ok
12:02:12.0625 3276 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
12:02:12.0640 3276 Alerter - ok
12:02:12.0734 3276 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
12:02:12.0765 3276 ALG - ok
12:02:12.0843 3276 AliIde - ok
12:02:12.0968 3276 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
12:02:13.0000 3276 AmdK7 - ok
12:02:13.0046 3276 amsint - ok
12:02:13.0171 3276 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:02:13.0187 3276 Apple Mobile Device - ok
12:02:13.0296 3276 AppMgmt - ok
12:02:13.0375 3276 asc - ok
12:02:13.0453 3276 asc3350p - ok
12:02:13.0500 3276 asc3550 - ok
12:02:13.0640 3276 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:02:13.0671 3276 aspnet_state - ok
12:02:13.0796 3276 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:02:13.0812 3276 AsyncMac - ok
12:02:13.0953 3276 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:02:13.0953 3276 atapi - ok
12:02:14.0015 3276 Atdisk - ok
12:02:14.0125 3276 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:02:14.0140 3276 Atmarpc - ok
12:02:14.0250 3276 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
12:02:14.0265 3276 AudioSrv - ok
12:02:14.0375 3276 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:02:14.0390 3276 audstub - ok
12:02:14.0515 3276 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:02:14.0515 3276 Beep - ok
12:02:14.0671 3276 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
12:02:14.0796 3276 BITS - ok
12:02:14.0921 3276 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
12:02:14.0968 3276 Bonjour Service - ok
12:02:15.0109 3276 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
12:02:15.0125 3276 Browser - ok
12:02:15.0265 3276 CaCCProvSP (e8bbdf1199fc425c243191960a78755e) C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
12:02:15.0296 3276 CaCCProvSP - ok
12:02:15.0375 3276 CAISafe (58da9ab565e54a3a7c1fb53ceb075f49) C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
12:02:15.0406 3276 CAISafe - ok
12:02:15.0546 3276 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:02:15.0546 3276 cbidf2k - ok
12:02:15.0625 3276 cd20xrnt - ok
12:02:15.0718 3276 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:02:15.0718 3276 Cdaudio - ok
12:02:15.0875 3276 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:02:15.0906 3276 Cdfs - ok
12:02:15.0968 3276 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:02:15.0984 3276 Cdrom - ok
12:02:16.0109 3276 Changer - ok
12:02:16.0218 3276 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
12:02:16.0250 3276 CiSvc - ok
12:02:16.0343 3276 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
12:02:16.0359 3276 ClipSrv - ok
12:02:16.0531 3276 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:02:16.0562 3276 clr_optimization_v2.0.50727_32 - ok
12:02:16.0640 3276 CmdIde - ok
12:02:16.0687 3276 COMSysApp - ok
12:02:16.0734 3276 Cpqarray - ok
12:02:16.0796 3276 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
12:02:16.0812 3276 CryptSvc - ok
12:02:16.0921 3276 dac2w2k - ok
12:02:16.0984 3276 dac960nt - ok
12:02:17.0078 3276 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:02:17.0093 3276 DcomLaunch - ok
12:02:17.0218 3276 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
12:02:17.0234 3276 Dhcp - ok
12:02:17.0328 3276 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:02:17.0359 3276 Disk - ok
12:02:17.0437 3276 dmadmin - ok
12:02:17.0687 3276 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:02:17.0906 3276 dmboot - ok
12:02:18.0046 3276 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:02:18.0093 3276 dmio - ok
12:02:18.0218 3276 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:02:18.0234 3276 dmload - ok
12:02:18.0328 3276 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
12:02:18.0343 3276 dmserver - ok
12:02:18.0468 3276 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:02:18.0484 3276 DMusic - ok
12:02:18.0593 3276 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
12:02:18.0609 3276 Dnscache - ok
12:02:18.0718 3276 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
12:02:18.0750 3276 Dot3svc - ok
12:02:18.0875 3276 dpti2o - ok
12:02:18.0953 3276 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:02:18.0968 3276 drmkaud - ok
12:02:19.0078 3276 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
12:02:19.0109 3276 EapHost - ok
12:02:19.0265 3276 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
12:02:19.0296 3276 ERSvc - ok
12:02:19.0421 3276 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:02:19.0437 3276 Eventlog - ok
12:02:19.0531 3276 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
12:02:19.0562 3276 EventSystem - ok
12:02:19.0781 3276 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:02:19.0843 3276 Fastfat - ok
12:02:19.0984 3276 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:02:20.0015 3276 FastUserSwitchingCompatibility - ok
12:02:20.0265 3276 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:02:20.0296 3276 Fdc - ok
12:02:20.0390 3276 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
12:02:20.0421 3276 FETND5BV - ok
12:02:20.0500 3276 FETNDIS - ok
12:02:20.0625 3276 FETNDISB (a583bc166495b07f704533754ce29cbd) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
12:02:20.0640 3276 FETNDISB - ok
12:02:20.0734 3276 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:02:20.0750 3276 Fips - ok
12:02:20.0937 3276 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:02:20.0968 3276 Flpydisk - ok
12:02:21.0125 3276 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:02:21.0156 3276 FltMgr - ok
12:02:21.0359 3276 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:02:21.0375 3276 FontCache3.0.0.0 - ok
12:02:21.0500 3276 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:02:21.0500 3276 Fs_Rec - ok
12:02:21.0593 3276 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:02:21.0640 3276 Ftdisk - ok
12:02:21.0734 3276 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
12:02:21.0750 3276 gameenum - ok
12:02:21.0828 3276 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:02:21.0843 3276 GEARAspiWDM - ok
12:02:22.0000 3276 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:02:22.0015 3276 Gpc - ok
12:02:22.0171 3276 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
12:02:22.0234 3276 gupdate - ok
12:02:22.0265 3276 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
12:02:22.0281 3276 gupdatem - ok
12:02:22.0343 3276 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:02:22.0375 3276 gusvc - ok
12:02:22.0500 3276 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:02:22.0531 3276 helpsvc - ok
12:02:22.0578 3276 HidServ - ok
12:02:22.0640 3276 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
12:02:22.0656 3276 hkmsvc - ok
12:02:22.0750 3276 hpn - ok
12:02:22.0859 3276 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:02:22.0906 3276 HPZid412 - ok
12:02:23.0000 3276 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:02:23.0031 3276 HPZipr12 - ok
12:02:23.0140 3276 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:02:23.0156 3276 HPZius12 - ok
12:02:23.0281 3276 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:02:23.0343 3276 HTTP - ok
12:02:23.0453 3276 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
12:02:23.0468 3276 HTTPFilter - ok
12:02:23.0578 3276 i2omgmt - ok
12:02:23.0640 3276 i2omp - ok
12:02:23.0718 3276 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:02:23.0734 3276 i8042prt - ok
12:02:23.0843 3276 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:02:23.0890 3276 IDriverT - ok
12:02:24.0078 3276 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:02:24.0171 3276 idsvc - ok
12:02:24.0359 3276 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:02:24.0390 3276 Imapi - ok
12:02:24.0484 3276 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
12:02:24.0531 3276 ImapiService - ok
12:02:24.0640 3276 ini910u - ok
12:02:24.0687 3276 IntelIde - ok
12:02:24.0750 3276 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:02:24.0781 3276 Ip6Fw - ok
12:02:24.0906 3276 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:02:24.0921 3276 IpFilterDriver - ok
12:02:25.0015 3276 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:02:25.0031 3276 IpInIp - ok
12:02:25.0156 3276 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:02:25.0187 3276 IpNat - ok
12:02:25.0328 3276 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
12:02:25.0421 3276 iPod Service - ok
12:02:25.0531 3276 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:02:25.0562 3276 IPSec - ok
12:02:25.0750 3276 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
12:02:25.0765 3276 irda - ok
12:02:25.0843 3276 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:02:25.0859 3276 IRENUM - ok
12:02:25.0937 3276 Irmon (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\System32\irmon.dll
12:02:25.0953 3276 Irmon - ok
12:02:26.0078 3276 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:02:26.0093 3276 isapnp - ok
12:02:26.0234 3276 JavaQuickStarterService (e731921db2e17dcd3db472fad5549c57) C:\Program Files\Java\jre6\bin\jqs.exe
12:02:26.0265 3276 JavaQuickStarterService - ok
12:02:26.0421 3276 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:02:26.0437 3276 Kbdclass - ok
12:02:26.0531 3276 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:02:26.0546 3276 kmixer - ok
12:02:26.0671 3276 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:02:26.0718 3276 KSecDD - ok
12:02:26.0796 3276 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
12:02:26.0828 3276 lanmanserver - ok
12:02:26.0937 3276 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
12:02:27.0000 3276 lanmanworkstation - ok
12:02:27.0093 3276 lbrtfdc - ok
12:02:27.0171 3276 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
12:02:27.0187 3276 LmHosts - ok
12:02:27.0312 3276 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
12:02:27.0328 3276 Messenger - ok
12:02:27.0437 3276 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:02:27.0437 3276 mnmdd - ok
12:02:27.0546 3276 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
12:02:27.0562 3276 mnmsrvc - ok
12:02:27.0671 3276 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:02:27.0703 3276 Modem - ok
12:02:27.0843 3276 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:02:27.0859 3276 Mouclass - ok
12:02:27.0968 3276 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:02:27.0984 3276 MountMgr - ok
12:02:28.0109 3276 mraid35x - ok
12:02:28.0187 3276 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:02:28.0234 3276 MRxDAV - ok
12:02:28.0390 3276 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:02:28.0453 3276 MRxSmb - ok
12:02:28.0578 3276 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
12:02:28.0593 3276 MSDTC - ok
12:02:28.0750 3276 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:02:28.0765 3276 Msfs - ok
12:02:28.0843 3276 MSIServer - ok
12:02:28.0953 3276 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:02:28.0968 3276 MSKSSRV - ok
12:02:29.0093 3276 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:02:29.0125 3276 MSPCLOCK - ok
12:02:29.0187 3276 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:02:29.0203 3276 MSPQM - ok
12:02:29.0359 3276 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:02:29.0375 3276 mssmbios - ok
12:02:29.0468 3276 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:02:29.0500 3276 Mup - ok
12:02:29.0609 3276 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
12:02:29.0656 3276 napagent - ok
12:02:29.0765 3276 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:02:29.0796 3276 NDIS - ok
12:02:29.0921 3276 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:02:29.0937 3276 NdisTapi - ok
12:02:30.0046 3276 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:02:30.0062 3276 Ndisuio - ok
12:02:30.0203 3276 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:02:30.0218 3276 NdisWan - ok
12:02:30.0296 3276 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:02:30.0328 3276 NDProxy - ok
12:02:30.0468 3276 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:02:30.0484 3276 NetBIOS - ok
12:02:30.0578 3276 NetBT (9c3cf35bdca2114e17bcda0156b7de67) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:02:30.0609 3276 NetBT ( Virus.Win32.ZAccess.k ) - infected
12:02:30.0609 3276 NetBT - detected Virus.Win32.ZAccess.k (0)
12:02:30.0718 3276 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:02:30.0750 3276 NetDDE - ok
12:02:30.0765 3276 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:02:30.0781 3276 NetDDEdsdm - ok
12:02:30.0843 3276 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:02:30.0859 3276 Netlogon - ok
12:02:30.0968 3276 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
12:02:31.0000 3276 Netman - ok
12:02:31.0156 3276 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:02:31.0187 3276 NetTcpPortSharing - ok
12:02:31.0296 3276 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
12:02:31.0328 3276 Nla - ok
12:02:31.0468 3276 NMIndexingService (193fa51dddd0bffded1c340f0434999a) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
12:02:31.0515 3276 NMIndexingService - ok
12:02:31.0640 3276 Nokia USB Generic (a32ea921cd2e99e9c180b1d478b4da0f) C:\WINDOWS\system32\drivers\nmwcdc.sys
12:02:31.0671 3276 Nokia USB Generic - ok
12:02:31.0812 3276 Nokia USB Modem (eeff633bc334d09dc4db5bf48e466a0a) C:\WINDOWS\system32\drivers\nmwcdcm.sys
12:02:31.0828 3276 Nokia USB Modem - ok
12:02:31.0921 3276 Nokia USB Phone Parent (d2e494f5b5748628ce2823c187cdda7f) C:\WINDOWS\system32\drivers\nmwcd.sys
12:02:31.0953 3276 Nokia USB Phone Parent - ok
12:02:32.0125 3276 Nokia USB Port (eeff633bc334d09dc4db5bf48e466a0a) C:\WINDOWS\system32\drivers\nmwcdcj.sys
12:02:32.0140 3276 Nokia USB Port - ok
12:02:32.0218 3276 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:02:32.0234 3276 Npfs - ok
12:02:32.0421 3276 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:02:32.0484 3276 Ntfs - ok
12:02:32.0593 3276 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:02:32.0609 3276 NtLmSsp - ok
12:02:32.0703 3276 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
12:02:32.0750 3276 NtmsSvc - ok
12:02:32.0859 3276 NTSIM (a568b9a9ffe2d9387222a5c90f86d731) C:\WINDOWS\system32\ntsim.sys
12:02:32.0875 3276 NTSIM - ok
12:02:32.0984 3276 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:02:33.0015 3276 Null - ok
12:02:33.0078 3276 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:02:33.0093 3276 NwlnkFlt - ok
12:02:33.0203 3276 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:02:33.0218 3276 NwlnkFwd - ok
12:02:33.0343 3276 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:02:33.0375 3276 Parport - ok
12:02:33.0468 3276 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:02:33.0484 3276 PartMgr - ok
12:02:33.0593 3276 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:02:33.0593 3276 ParVdm - ok
12:02:33.0750 3276 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:02:33.0765 3276 PCI - ok
12:02:33.0906 3276 PCIDump - ok
12:02:33.0984 3276 PCIIde - ok
12:02:34.0125 3276 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:02:34.0156 3276 Pcmcia - ok
12:02:34.0218 3276 PDCOMP - ok
12:02:34.0312 3276 PDFRAME - ok
12:02:34.0359 3276 PDRELI - ok
12:02:34.0421 3276 PDRFRAME - ok
12:02:34.0453 3276 perc2 - ok
12:02:34.0484 3276 perc2hib - ok
12:02:34.0578 3276 pfc (5903fa75200807ad739286bbf40c4904) C:\WINDOWS\system32\drivers\pfc.sys
12:02:34.0593 3276 pfc - ok
12:02:34.0750 3276 PhotoshopElementsDeviceConnect (d0f9f362023bf94cf58a1c3cdbbebe06) C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
12:02:34.0765 3276 PhotoshopElementsDeviceConnect - ok
12:02:34.0890 3276 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:02:34.0890 3276 PlugPlay - ok
12:02:35.0031 3276 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
12:02:35.0046 3276 Pml Driver HPZ12 - ok
12:02:35.0140 3276 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:02:35.0140 3276 PolicyAgent - ok
12:02:35.0265 3276 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:02:35.0281 3276 PptpMiniport - ok
12:02:35.0406 3276 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:02:35.0406 3276 ProtectedStorage - ok
12:02:35.0515 3276 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:02:35.0531 3276 PSched - ok
12:02:35.0671 3276 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:02:35.0687 3276 Ptilink - ok
12:02:35.0812 3276 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:02:35.0828 3276 PxHelp20 - ok
12:02:35.0921 3276 ql1080 - ok
12:02:36.0031 3276 Ql10wnt - ok
12:02:36.0093 3276 ql12160 - ok
12:02:36.0156 3276 ql1240 - ok
12:02:36.0187 3276 ql1280 - ok
12:02:36.0265 3276 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:02:36.0265 3276 RasAcd - ok
12:02:36.0359 3276 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
12:02:36.0375 3276 RasAuto - ok
12:02:36.0500 3276 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
12:02:36.0515 3276 Rasirda - ok
12:02:36.0656 3276 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:02:36.0687 3276 Rasl2tp - ok
12:02:36.0812 3276 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
12:02:36.0843 3276 RasMan - ok
12:02:36.0984 3276 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:02:37.0000 3276 RasPppoe - ok
12:02:37.0125 3276 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:02:37.0140 3276 Raspti - ok
12:02:37.0234 3276 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:02:37.0265 3276 Rdbss - ok
12:02:37.0390 3276 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:02:37.0406 3276 RDPCDD - ok
12:02:37.0515 3276 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:02:37.0546 3276 RDPWD - ok
12:02:37.0687 3276 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
12:02:37.0718 3276 RDSessMgr - ok
12:02:37.0843 3276 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:02:37.0875 3276 redbook - ok
12:02:37.0968 3276 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
12:02:37.0984 3276 RemoteAccess - ok
12:02:38.0093 3276 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
12:02:38.0109 3276 RpcLocator - ok
12:02:38.0234 3276 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:02:38.0265 3276 RpcSs - ok
12:02:38.0359 3276 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
12:02:38.0406 3276 RSVP - ok
12:02:38.0515 3276 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:02:38.0531 3276 SamSs - ok
12:02:38.0625 3276 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
12:02:38.0656 3276 SCardSvr - ok
12:02:38.0734 3276 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
12:02:38.0765 3276 Schedule - ok
12:02:38.0906 3276 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:02:38.0921 3276 Secdrv - ok
12:02:39.0046 3276 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
12:02:39.0062 3276 seclogon - ok
12:02:39.0171 3276 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
12:02:39.0187 3276 SENS - ok
12:02:39.0312 3276 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:02:39.0328 3276 serenum - ok
12:02:39.0406 3276 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:02:39.0437 3276 Serial - ok
12:02:39.0531 3276 ServiceLayer (bf1adc427620e14f45bc00447524a1dc) C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
12:02:39.0562 3276 ServiceLayer - ok
12:02:39.0734 3276 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:02:39.0750 3276 Sfloppy - ok
12:02:39.0875 3276 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
12:02:39.0921 3276 SharedAccess - ok
12:02:40.0031 3276 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:02:40.0031 3276 ShellHWDetection - ok
12:02:40.0109 3276 Simbad - ok
12:02:40.0171 3276 Sparrow - ok
12:02:40.0234 3276 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:02:40.0250 3276 splitter - ok
12:02:40.0390 3276 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:02:40.0421 3276 Spooler - ok
12:02:40.0500 3276 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:02:40.0531 3276 sr - ok
12:02:40.0656 3276 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
12:02:40.0687 3276 srservice - ok
12:02:40.0812 3276 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:02:40.0843 3276 Srv - ok
12:02:40.0953 3276 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
12:02:40.0968 3276 SSDPSRV - ok
12:02:41.0046 3276 STIrUsb (a1a16662c6b1a665d965d61b9eecc5a7) C:\WINDOWS\system32\DRIVERS\irstusb.sys
12:02:41.0062 3276 STIrUsb - ok
12:02:41.0203 3276 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
12:02:41.0281 3276 stisvc - ok
12:02:41.0406 3276 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:02:41.0421 3276 swenum - ok
12:02:41.0515 3276 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:02:41.0531 3276 swmidi - ok
12:02:41.0578 3276 SwPrv - ok
12:02:41.0656 3276 symc810 - ok
12:02:41.0750 3276 symc8xx - ok
12:02:41.0796 3276 sym_hi - ok
12:02:41.0843 3276 sym_u3 - ok
12:02:41.0890 3276 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:02:41.0921 3276 sysaudio - ok
12:02:42.0031 3276 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
12:02:42.0062 3276 SysmonLog - ok
12:02:42.0171 3276 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
12:02:42.0218 3276 TapiSrv - ok
12:02:42.0359 3276 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:02:42.0406 3276 Tcpip - ok
12:02:42.0531 3276 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:02:42.0546 3276 TDPIPE - ok
12:02:42.0625 3276 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:02:42.0656 3276 TDTCP - ok
12:02:42.0781 3276 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:02:42.0796 3276 TermDD - ok
12:02:42.0875 3276 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
12:02:42.0921 3276 TermService - ok
12:02:43.0046 3276 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:02:43.0046 3276 Themes - ok
12:02:43.0125 3276 TosIde - ok
12:02:43.0218 3276 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
12:02:43.0234 3276 TrkWks - ok
12:02:43.0359 3276 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
12:02:43.0375 3276 uagp35 - ok
12:02:43.0500 3276 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:02:43.0531 3276 Udfs - ok
12:02:43.0625 3276 ultra - ok
12:02:43.0703 3276 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:02:43.0765 3276 Update - ok
12:02:43.0890 3276 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
12:02:43.0921 3276 upnphost - ok
12:02:44.0062 3276 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
12:02:44.0078 3276 UPS - ok
12:02:44.0218 3276 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
12:02:44.0250 3276 USBAAPL - ok
12:02:44.0359 3276 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:02:44.0390 3276 usbccgp - ok
12:02:44.0468 3276 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:02:44.0484 3276 usbehci - ok
12:02:44.0609 3276 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:02:44.0625 3276 usbhub - ok
12:02:44.0750 3276 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:02:44.0781 3276 usbprint - ok
12:02:44.0812 3276 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:02:44.0843 3276 usbscan - ok
12:02:44.0968 3276 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:02:44.0984 3276 USBSTOR - ok
12:02:45.0093 3276 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:02:45.0109 3276 usbuhci - ok
12:02:45.0187 3276 VET-FILT (e6287f6c77e71adfc6badb106cd30e7d) C:\WINDOWS\system32\drivers\VET-FILT.sys
12:02:45.0218 3276 VET-FILT - ok
12:02:45.0453 3276 VET-REC (cb98d6c1ade8a891cbbfd9beb1774f48) C:\WINDOWS\system32\drivers\VET-REC.sys
12:02:45.0468 3276 VET-REC - ok
12:02:45.0546 3276 VETEBOOT (c079f80582c31728029f3efcdfeaf221) C:\WINDOWS\system32\drivers\VETEBOOT.sys
12:02:45.0593 3276 VETEBOOT - ok
12:02:45.0734 3276 VETEFILE (31bab965e7af8295c22f641401d622b3) C:\WINDOWS\system32\drivers\VETEFILE.sys
12:02:45.0796 3276 VETEFILE - ok
12:02:45.0906 3276 VETFDDNT (05bdabe6664f48c54a6d3c538c8f2cc1) C:\WINDOWS\system32\drivers\VETFDDNT.sys
12:02:45.0921 3276 VETFDDNT - ok
12:02:46.0000 3276 VETMONNT (f5897ff7eb733670f92e798ef5358b88) C:\WINDOWS\system32\drivers\VETMONNT.sys
12:02:46.0046 3276 VETMONNT - ok
12:02:46.0218 3276 VETMSGNT (85874f218ce1f439a63e70b4b8aafdb8) C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
12:02:46.0250 3276 VETMSGNT - ok
12:02:46.0390 3276 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:02:46.0406 3276 VgaSave - ok
12:02:46.0515 3276 viagfx (0cc705db634a3bc355887e3d478dd386) C:\WINDOWS\system32\DRIVERS\vtmini.sys
12:02:46.0546 3276 viagfx - ok
12:02:46.0625 3276 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
12:02:46.0640 3276 ViaIde - ok
12:02:46.0796 3276 VIAudio (82e33b1f9bd95b51ae5878dbdb197b54) C:\WINDOWS\system32\drivers\viaudios.sys
12:02:46.0812 3276 VIAudio - ok
12:02:46.0921 3276 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:02:46.0937 3276 VolSnap - ok
12:02:47.0062 3276 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
12:02:47.0093 3276 VSS - ok
12:02:47.0203 3276 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
12:02:47.0234 3276 W32Time - ok
12:02:47.0375 3276 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:02:47.0406 3276 Wanarp - ok
12:02:47.0468 3276 wceusbsh (dc7f91b2ed24a738c807ea07f298928c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
12:02:47.0515 3276 wceusbsh - ok
12:02:47.0609 3276 WDICA - ok
12:02:47.0734 3276 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:02:47.0765 3276 wdmaud - ok
12:02:47.0859 3276 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
12:02:47.0875 3276 WebClient - ok
12:02:47.0984 3276 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:02:48.0000 3276 winmgmt - ok
12:02:48.0140 3276 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:02:48.0156 3276 WmdmPmSN - ok
12:02:48.0281 3276 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:02:48.0312 3276 WmiApSrv - ok
12:02:48.0453 3276 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
12:02:48.0578 3276 WMPNetworkSvc - ok
12:02:48.0703 3276 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
12:02:48.0734 3276 wuauserv - ok
12:02:48.0890 3276 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:02:48.0906 3276 WudfPf - ok
12:02:49.0046 3276 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:02:49.0062 3276 WudfRd - ok
12:02:49.0140 3276 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:02:49.0171 3276 WudfSvc - ok
12:02:49.0265 3276 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
12:02:49.0343 3276 WZCSVC - ok
12:02:49.0453 3276 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
12:02:49.0484 3276 xmlprov - ok
12:02:49.0515 3276 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:02:49.0671 3276 \Device\Harddisk0\DR0 - ok
12:02:49.0687 3276 MBR (0x1B8) (b4acc00bc9965556fdff2f295c1de5f5) \Device\Harddisk1\DR1
12:02:49.0781 3276 \Device\Harddisk1\DR1 - ok
12:02:49.0796 3276 Boot (0x1200) (52e4e6b535b16f03e27783ccbdc7f478) \Device\Harddisk0\DR0\Partition0
12:02:49.0796 3276 \Device\Harddisk0\DR0\Partition0 - ok
12:02:49.0812 3276 Boot (0x1200) (985552921cbf800919445a7fa0e71c47) \Device\Harddisk1\DR1\Partition0
12:02:49.0812 3276 \Device\Harddisk1\DR1\Partition0 - ok
12:02:49.0812 3276 ============================================================
12:02:49.0812 3276 Scan finished
12:02:49.0812 3276 ============================================================
12:02:49.0843 3248 Detected object count: 1
12:02:49.0843 3248 Actual detected object count: 1
12:03:04.0281 3248 C:\WINDOWS\system32\DRIVERS\netbt.sys - copied to quarantine
12:03:05.0421 3248 C:\WINDOWS\$NtUninstallKB36039$\925875176\@ - copied to quarantine
12:03:05.0437 3248 C:\WINDOWS\$NtUninstallKB36039$\925875176\cfg.ini - copied to quarantine
12:03:05.0468 3248 C:\WINDOWS\$NtUninstallKB36039$\925875176\Desktop.ini - copied to quarantine
12:03:05.0531 3248 C:\WINDOWS\$NtUninstallKB36039$\925875176\L\lfnaoqir - copied to quarantine
12:03:05.0562 3248 C:\WINDOWS\$NtUninstallKB36039$\925875176\oemid - copied to quarantine
12:03:05.0593 3248 C:\WINDOWS\$NtUninstallKB36039$\925875176\U\00000001.@ - copied to quarantine
12:03:05.0625 3248 C:\WINDOWS\$NtUninstallKB36039$\925875176\U\00000002.@ - copied to quarantine
12:03:05.0656 3248 C:\WINDOWS\$NtUninstallKB36039$\925875176\U\00000004.@ - copied to quarantine
12:03:05.0687 3248 C:\WINDOWS\$NtUninstallKB36039$\925875176\U\80000000.@ - copied to quarantine
12:03:05.0781 3248 C:\WINDOWS\$NtUninstallKB36039$\925875176\U\80000004.@ - copied to quarantine
12:03:05.0828 3248 C:\WINDOWS\$NtUninstallKB36039$\925875176\U\80000032.@ - copied to quarantine
12:03:05.0859 3248 C:\WINDOWS\$NtUninstallKB36039$\925875176\version - copied to quarantine
12:03:08.0531 3248 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\netbt.sys) error 1813
12:03:26.0187 3248 Backup copy found, using it..
12:03:26.0468 3248 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot
12:03:55.0656 3248 C:\WINDOWS\$NtUninstallKB36039$\2406639922 - will be deleted on reboot
12:03:55.0656 3248 C:\WINDOWS\$NtUninstallKB36039$\925875176\@ - will be deleted on reboot
12:03:55.0656 3248 C:\WINDOWS\$NtUninstallKB36039$\925875176\cfg.ini - will be deleted on reboot
12:03:55.0656 3248 C:\WINDOWS\$NtUninstallKB36039$\925875176\Desktop.ini - will be deleted on reboot
12:03:55.0687 3248 C:\WINDOWS\$NtUninstallKB36039$\925875176\oemid - will be deleted on reboot
12:03:55.0984 3248 C:\WINDOWS\$NtUninstallKB36039$\925875176\U\00000001.@ - will be deleted on reboot
12:03:55.0984 3248 C:\WINDOWS\$NtUninstallKB36039$\925875176\U\00000002.@ - will be deleted on reboot
12:03:55.0984 3248 C:\WINDOWS\$NtUninstallKB36039$\925875176\U\00000004.@ - will be deleted on reboot
12:03:55.0984 3248 C:\WINDOWS\$NtUninstallKB36039$\925875176\U\80000000.@ - will be deleted on reboot
12:03:55.0984 3248 C:\WINDOWS\$NtUninstallKB36039$\925875176\U\80000004.@ - will be deleted on reboot
12:03:55.0984 3248 C:\WINDOWS\$NtUninstallKB36039$\925875176\U\80000032.@ - will be deleted on reboot
12:03:55.0984 3248 C:\WINDOWS\$NtUninstallKB36039$\925875176\version - will be deleted on reboot
12:03:55.0984 3248 NetBT ( Virus.Win32.ZAccess.k ) - User select action: Cure
12:04:09.0890 0824 Deinitialize success

Then I ran it again with the correct parameters:

14:18:55.0703 3972 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
14:18:56.0640 3972 ============================================================
14:18:56.0640 3972 Current date / time: 2012/04/15 14:18:56.0640
14:18:56.0640 3972 SystemInfo:
14:18:56.0640 3972
14:18:56.0640 3972 OS Version: 5.1.2600 ServicePack: 3.0
14:18:56.0640 3972 Product type: Workstation
14:18:56.0640 3972 ComputerName: AMD
14:18:56.0640 3972 UserName: User 1
14:18:56.0640 3972 Windows directory: C:\WINDOWS
14:18:56.0640 3972 System windows directory: C:\WINDOWS
14:18:56.0640 3972 Processor architecture: Intel x86
14:18:56.0640 3972 Number of processors: 1
14:18:56.0640 3972 Page size: 0x1000
14:18:56.0640 3972 Boot type: Normal boot
14:18:56.0640 3972 ============================================================
14:18:58.0609 3972 Drive \Device\Harddisk0\DR0 - Size: 0x9515A5E00 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:18:58.0625 3972 Drive \Device\Harddisk1\DR1 - Size: 0x262862400 (9.54 Gb), SectorSize: 0x200, Cylinders: 0x4DD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:18:58.0625 3972 \Device\Harddisk0\DR0:
14:18:58.0625 3972 MBR used
14:18:58.0625 3972 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
14:18:58.0625 3972 \Device\Harddisk1\DR1:
14:18:58.0625 3972 MBR used
14:18:58.0625 3972 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x131305E
14:18:58.0671 3972 Initialize success
14:18:58.0671 3972 ============================================================
14:19:23.0500 3004 ============================================================
14:19:23.0500 3004 Scan started
14:19:23.0500 3004 Mode: Manual; TDLFS;
14:19:23.0500 3004 ============================================================
14:19:24.0609 3004 Abiosdsk - ok
14:19:24.0656 3004 abp480n5 - ok
14:19:24.0796 3004 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:19:24.0812 3004 ACPI - ok
14:19:25.0015 3004 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:19:25.0062 3004 ACPIEC - ok
14:19:25.0234 3004 AdobeActiveFileMonitor (e42f7b36b4d8866184e8df9776ca4226) C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
14:19:25.0265 3004 AdobeActiveFileMonitor - ok
14:19:25.0468 3004 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:19:25.0531 3004 AdobeFlashPlayerUpdateSvc - ok
14:19:25.0625 3004 adpu160m - ok
14:19:25.0781 3004 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:19:25.0812 3004 aec - ok
14:19:26.0078 3004 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:19:26.0140 3004 AFD - ok
14:19:26.0234 3004 Aha154x - ok
14:19:26.0390 3004 aic78u2 - ok
14:19:26.0562 3004 aic78xx - ok
14:19:26.0687 3004 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:19:26.0781 3004 Alerter - ok
14:19:26.0937 3004 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
14:19:26.0968 3004 ALG - ok
14:19:27.0125 3004 AliIde - ok
14:19:27.0234 3004 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
14:19:27.0296 3004 AmdK7 - ok
14:19:27.0453 3004 amsint - ok
14:19:27.0609 3004 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:19:27.0656 3004 Apple Mobile Device - ok
14:19:27.0750 3004 AppMgmt - ok
14:19:27.0859 3004 asc - ok
14:19:27.0906 3004 asc3350p - ok
14:19:28.0031 3004 asc3550 - ok
14:19:28.0218 3004 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:19:28.0234 3004 aspnet_state - ok
14:19:28.0390 3004 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:19:28.0453 3004 AsyncMac - ok
14:19:28.0640 3004 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:19:28.0656 3004 atapi - ok
14:19:28.0781 3004 Atdisk - ok
14:19:28.0890 3004 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:19:28.0906 3004 Atmarpc - ok
14:19:29.0031 3004 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
14:19:29.0062 3004 AudioSrv - ok
14:19:29.0250 3004 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:19:29.0265 3004 audstub - ok
14:19:29.0437 3004 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:19:29.0453 3004 Beep - ok
14:19:29.0546 3004 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
14:19:29.0687 3004 BITS - ok
14:19:29.0843 3004 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:19:29.0890 3004 Bonjour Service - ok
14:19:30.0046 3004 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
14:19:30.0093 3004 Browser - ok
14:19:30.0281 3004 CaCCProvSP (e8bbdf1199fc425c243191960a78755e) C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
14:19:30.0312 3004 CaCCProvSP - ok
14:19:30.0406 3004 CAISafe (58da9ab565e54a3a7c1fb53ceb075f49) C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
14:19:30.0421 3004 CAISafe - ok
14:19:30.0562 3004 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:19:30.0562 3004 cbidf2k - ok
14:19:30.0703 3004 cd20xrnt - ok
14:19:30.0812 3004 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:19:30.0828 3004 Cdaudio - ok
14:19:30.0984 3004 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:19:31.0031 3004 Cdfs - ok
14:19:31.0203 3004 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:19:31.0234 3004 Cdrom - ok
14:19:31.0406 3004 Changer - ok
14:19:31.0484 3004 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
14:19:31.0515 3004 CiSvc - ok
14:19:31.0671 3004 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
14:19:31.0687 3004 ClipSrv - ok
14:19:31.0875 3004 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:19:31.0921 3004 clr_optimization_v2.0.50727_32 - ok
14:19:32.0000 3004 CmdIde - ok
14:19:32.0078 3004 COMSysApp - ok
14:19:32.0125 3004 Cpqarray - ok
14:19:32.0203 3004 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
14:19:32.0218 3004 CryptSvc - ok
14:19:32.0312 3004 dac2w2k - ok
14:19:32.0375 3004 dac960nt - ok
14:19:32.0484 3004 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:19:32.0500 3004 DcomLaunch - ok
14:19:32.0609 3004 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
14:19:32.0640 3004 Dhcp - ok
14:19:32.0781 3004 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:19:32.0796 3004 Disk - ok
14:19:32.0859 3004 dmadmin - ok
14:19:33.0000 3004 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:19:33.0062 3004 dmboot - ok
14:19:33.0203 3004 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:19:33.0234 3004 dmio - ok
14:19:33.0359 3004 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:19:33.0359 3004 dmload - ok
14:19:33.0468 3004 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
14:19:33.0484 3004 dmserver - ok
14:19:33.0578 3004 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:19:33.0609 3004 DMusic - ok
14:19:33.0703 3004 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
14:19:33.0718 3004 Dnscache - ok
14:19:33.0828 3004 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
14:19:33.0859 3004 Dot3svc - ok
14:19:33.0937 3004 dpti2o - ok
14:19:34.0046 3004 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:19:34.0062 3004 drmkaud - ok
14:19:34.0156 3004 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
14:19:34.0171 3004 EapHost - ok
14:19:34.0281 3004 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
14:19:34.0296 3004 ERSvc - ok
14:19:34.0421 3004 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:19:34.0453 3004 Eventlog - ok
14:19:34.0546 3004 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
14:19:34.0578 3004 EventSystem - ok
14:19:34.0703 3004 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:19:34.0734 3004 Fastfat - ok
14:19:34.0859 3004 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:19:34.0906 3004 FastUserSwitchingCompatibility - ok
14:19:35.0046 3004 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:19:35.0062 3004 Fdc - ok
14:19:35.0156 3004 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
14:19:35.0171 3004 FETND5BV - ok
14:19:35.0265 3004 FETNDIS - ok
14:19:35.0359 3004 FETNDISB (a583bc166495b07f704533754ce29cbd) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
14:19:35.0375 3004 FETNDISB - ok
14:19:35.0453 3004 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:19:35.0468 3004 Fips - ok
14:19:35.0562 3004 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:19:35.0578 3004 Flpydisk - ok
14:19:35.0671 3004 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:19:35.0703 3004 FltMgr - ok
14:19:35.0859 3004 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:19:35.0890 3004 FontCache3.0.0.0 - ok
14:19:35.0984 3004 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:19:35.0984 3004 Fs_Rec - ok
14:19:36.0078 3004 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:19:36.0109 3004 Ftdisk - ok
14:19:36.0187 3004 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
14:19:36.0203 3004 gameenum - ok
14:19:36.0312 3004 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:19:36.0328 3004 GEARAspiWDM - ok
14:19:36.0453 3004 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:19:36.0468 3004 Gpc - ok
14:19:36.0625 3004 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
14:19:36.0656 3004 gupdate - ok
14:19:36.0671 3004 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
14:19:36.0671 3004 gupdatem - ok
14:19:36.0750 3004 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:19:36.0796 3004 gusvc - ok
14:19:36.0921 3004 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:19:36.0937 3004 helpsvc - ok
14:19:37.0593 3004 HidServ - ok
14:19:37.0703 3004 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
14:19:37.0718 3004 hkmsvc - ok
14:19:37.0796 3004 hpn - ok
14:19:37.0875 3004 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:19:37.0906 3004 HPZid412 - ok
14:19:38.0031 3004 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:19:38.0046 3004 HPZipr12 - ok
14:19:38.0140 3004 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:19:38.0156 3004 HPZius12 - ok
14:19:38.0296 3004 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:19:38.0328 3004 HTTP - ok
14:19:38.0406 3004 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
14:19:38.0437 3004 HTTPFilter - ok
14:19:38.0515 3004 i2omgmt - ok
14:19:38.0578 3004 i2omp - ok
14:19:38.0671 3004 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:19:38.0687 3004 i8042prt - ok
14:19:38.0796 3004 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:19:38.0843 3004 IDriverT - ok
14:19:39.0203 3004 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:19:39.0359 3004 idsvc - ok
14:19:39.0484 3004 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:19:39.0500 3004 Imapi - ok
14:19:39.0609 3004 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
14:19:39.0640 3004 ImapiService - ok
14:19:39.0734 3004 ini910u - ok
14:19:39.0781 3004 IntelIde - ok
14:19:39.0875 3004 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:19:39.0890 3004 Ip6Fw - ok
14:19:40.0015 3004 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:19:40.0015 3004 IpFilterDriver - ok
14:19:40.0140 3004 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:19:40.0156 3004 IpInIp - ok
14:19:40.0265 3004 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:19:40.0281 3004 IpNat - ok
14:19:40.0468 3004 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
14:19:40.0546 3004 iPod Service - ok
14:19:40.0656 3004 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:19:40.0671 3004 IPSec - ok
14:19:40.0953 3004 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
14:19:40.0968 3004 irda - ok
14:19:41.0156 3004 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:19:41.0171 3004 IRENUM - ok
14:19:41.0265 3004 Irmon (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\System32\irmon.dll
14:19:41.0281 3004 Irmon - ok
14:19:41.0421 3004 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:19:41.0453 3004 isapnp - ok
14:19:41.0625 3004 JavaQuickStarterService (e731921db2e17dcd3db472fad5549c57) C:\Program Files\Java\jre6\bin\jqs.exe
14:19:41.0640 3004 JavaQuickStarterService - ok
14:19:41.0781 3004 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:19:41.0796 3004 Kbdclass - ok
14:19:41.0875 3004 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:19:41.0906 3004 kmixer - ok
14:19:42.0093 3004 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:19:42.0140 3004 KSecDD - ok
14:19:42.0265 3004 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
14:19:42.0296 3004 lanmanserver - ok
14:19:42.0468 3004 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
14:19:42.0687 3004 lanmanworkstation - ok
14:19:42.0890 3004 lbrtfdc - ok
14:19:43.0031 3004 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
14:19:43.0046 3004 LmHosts - ok
14:19:43.0265 3004 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
14:19:43.0296 3004 Messenger - ok
14:19:43.0390 3004 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:19:43.0406 3004 mnmdd - ok
14:19:43.0484 3004 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
14:19:43.0500 3004 mnmsrvc - ok
14:19:43.0609 3004 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:19:43.0625 3004 Modem - ok
14:19:43.0718 3004 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:19:43.0734 3004 Mouclass - ok
14:19:43.0828 3004 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:19:43.0843 3004 MountMgr - ok
14:19:43.0937 3004 mraid35x - ok
14:19:44.0015 3004 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:19:44.0078 3004 MRxDAV - ok
14:19:44.0218 3004 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:19:44.0328 3004 MRxSmb - ok
14:19:44.0437 3004 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
14:19:44.0468 3004 MSDTC - ok
14:19:44.0718 3004 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:19:44.0750 3004 Msfs - ok
14:19:44.0796 3004 MSIServer - ok
14:19:44.0953 3004 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:19:44.0984 3004 MSKSSRV - ok
14:19:45.0187 3004 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:19:45.0218 3004 MSPCLOCK - ok
14:19:45.0453 3004 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:19:45.0484 3004 MSPQM - ok
14:19:45.0671 3004 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:19:45.0703 3004 mssmbios - ok
14:19:45.0812 3004 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:19:45.0875 3004 Mup - ok
14:19:46.0046 3004 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
14:19:46.0093 3004 napagent - ok
14:19:46.0250 3004 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:19:46.0343 3004 NDIS - ok
14:19:46.0484 3004 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:19:46.0515 3004 NdisTapi - ok
14:19:46.0609 3004 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:19:46.0656 3004 Ndisuio - ok
14:19:47.0500 3004 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:19:47.0531 3004 NdisWan - ok
14:19:47.0718 3004 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:19:47.0750 3004 NDProxy - ok
14:19:48.0062 3004 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:19:48.0109 3004 NetBIOS - ok
14:19:48.0343 3004 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:19:48.0390 3004 NetBT - ok
14:19:48.0531 3004 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:19:48.0578 3004 NetDDE - ok
14:19:48.0593 3004 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:19:48.0593 3004 NetDDEdsdm - ok
14:19:48.0703 3004 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:19:48.0718 3004 Netlogon - ok
14:19:48.0843 3004 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
14:19:48.0921 3004 Netman - ok
14:19:49.0109 3004 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:19:49.0171 3004 NetTcpPortSharing - ok
14:19:49.0265 3004 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
14:19:49.0312 3004 Nla - ok
14:19:49.0453 3004 NMIndexingService (193fa51dddd0bffded1c340f0434999a) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
14:19:49.0500 3004 NMIndexingService - ok
14:19:49.0625 3004 Nokia USB Generic (a32ea921cd2e99e9c180b1d478b4da0f) C:\WINDOWS\system32\drivers\nmwcdc.sys
14:19:49.0640 3004 Nokia USB Generic - ok
14:19:49.0750 3004 Nokia USB Modem (eeff633bc334d09dc4db5bf48e466a0a) C:\WINDOWS\system32\drivers\nmwcdcm.sys
14:19:49.0765 3004 Nokia USB Modem - ok
14:19:49.0859 3004 Nokia USB Phone Parent (d2e494f5b5748628ce2823c187cdda7f) C:\WINDOWS\system32\drivers\nmwcd.sys
14:19:49.0890 3004 Nokia USB Phone Parent - ok
14:19:50.0031 3004 Nokia USB Port (eeff633bc334d09dc4db5bf48e466a0a) C:\WINDOWS\system32\drivers\nmwcdcj.sys
14:19:50.0046 3004 Nokia USB Port - ok
14:19:50.0140 3004 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:19:50.0156 3004 Npfs - ok
14:19:50.0328 3004 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:19:50.0390 3004 Ntfs - ok
14:19:50.0484 3004 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:19:50.0484 3004 NtLmSsp - ok
14:19:50.0609 3004 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
14:19:50.0640 3004 NtmsSvc - ok
14:19:50.0765 3004 NTSIM (a568b9a9ffe2d9387222a5c90f86d731) C:\WINDOWS\system32\ntsim.sys
14:19:50.0781 3004 NTSIM - ok
14:19:50.0875 3004 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:19:50.0890 3004 Null - ok
14:19:51.0015 3004 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:19:51.0015 3004 NwlnkFlt - ok
14:19:51.0140 3004 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:19:51.0140 3004 NwlnkFwd - ok
14:19:51.0234 3004 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:19:51.0265 3004 Parport - ok
14:19:51.0406 3004 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:19:51.0421 3004 PartMgr - ok
14:19:51.0531 3004 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:19:51.0531 3004 ParVdm - ok
14:19:51.0640 3004 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:19:51.0671 3004 PCI - ok
14:19:51.0734 3004 PCIDump - ok
14:19:51.0796 3004 PCIIde - ok
14:19:51.0906 3004 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:19:51.0937 3004 Pcmcia - ok
14:19:51.0984 3004 PDCOMP - ok
14:19:52.0046 3004 PDFRAME - ok
14:19:52.0109 3004 PDRELI - ok
14:19:52.0140 3004 PDRFRAME - ok
14:19:52.0171 3004 perc2 - ok
14:19:52.0203 3004 perc2hib - ok
14:19:52.0281 3004 pfc (5903fa75200807ad739286bbf40c4904) C:\WINDOWS\system32\drivers\pfc.sys
14:19:52.0312 3004 pfc - ok
14:19:52.0453 3004 PhotoshopElementsDeviceConnect (d0f9f362023bf94cf58a1c3cdbbebe06) C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
14:19:52.0484 3004 PhotoshopElementsDeviceConnect - ok
14:19:52.0640 3004 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:19:52.0640 3004 PlugPlay - ok
14:19:52.0765 3004 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
14:19:52.0796 3004 Pml Driver HPZ12 - ok
14:19:52.0890 3004 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:19:52.0890 3004 PolicyAgent - ok
14:19:52.0984 3004 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:19:53.0000 3004 PptpMiniport - ok
14:19:53.0125 3004 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:19:53.0125 3004 ProtectedStorage - ok
14:19:53.0250 3004 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:19:53.0265 3004 PSched - ok
14:19:53.0375 3004 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:19:53.0375 3004 Ptilink - ok
14:19:53.0531 3004 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:19:53.0578 3004 PxHelp20 - ok
14:19:53.0812 3004 ql1080 - ok
14:19:54.0171 3004 Ql10wnt - ok
14:19:54.0234 3004 ql12160 - ok
14:19:54.0406 3004 ql1240 - ok
14:19:54.0609 3004 ql1280 - ok
14:19:54.0765 3004 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:19:54.0921 3004 RasAcd - ok
14:19:55.0062 3004 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
14:19:55.0171 3004 RasAuto - ok
14:19:55.0343 3004 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
14:19:55.0421 3004 Rasirda - ok
14:19:55.0703 3004 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:19:55.0781 3004 Rasl2tp - ok
14:19:56.0046 3004 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
14:19:56.0140 3004 RasMan - ok
14:19:56.0312 3004 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:19:56.0343 3004 RasPppoe - ok
14:19:56.0453 3004 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:19:56.0453 3004 Raspti - ok
14:19:56.0562 3004 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:19:56.0593 3004 Rdbss - ok
14:19:56.0718 3004 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:19:56.0734 3004 RDPCDD - ok
14:19:56.0828 3004 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
14:19:56.0859 3004 RDPWD - ok
14:19:57.0000 3004 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
14:19:57.0031 3004 RDSessMgr - ok
14:19:57.0156 3004 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:19:57.0171 3004 redbook - ok
14:19:57.0265 3004 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
14:19:57.0281 3004 RemoteAccess - ok
14:19:57.0390 3004 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
14:19:57.0406 3004 RpcLocator - ok
14:19:57.0531 3004 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:19:57.0546 3004 RpcSs - ok
14:19:57.0640 3004 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
14:19:57.0687 3004 RSVP - ok
14:19:57.0796 3004 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:19:57.0796 3004 SamSs - ok
14:19:57.0875 3004 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
14:19:57.0906 3004 SCardSvr - ok
14:19:58.0000 3004 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
14:19:58.0015 3004 Schedule - ok
14:19:58.0140 3004 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:19:58.0156 3004 Secdrv - ok
14:19:58.0265 3004 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
14:19:58.0281 3004 seclogon - ok
14:19:58.0390 3004 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
14:19:58.0406 3004 SENS - ok
14:19:58.0546 3004 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:19:58.0578 3004 serenum - ok
14:19:58.0671 3004 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:19:58.0703 3004 Serial - ok
14:19:58.0796 3004 ServiceLayer (bf1adc427620e14f45bc00447524a1dc) C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
14:19:58.0812 3004 ServiceLayer - ok
14:19:58.0953 3004 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:19:58.0984 3004 Sfloppy - ok
14:19:59.0109 3004 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
14:19:59.0140 3004 SharedAccess - ok
14:19:59.0265 3004 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:19:59.0265 3004 ShellHWDetection - ok
14:19:59.0312 3004 Simbad - ok
14:19:59.0406 3004 Sparrow - ok
14:19:59.0656 3004 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:19:59.0671 3004 splitter - ok
14:19:59.0781 3004 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:19:59.0812 3004 Spooler - ok
14:19:59.0937 3004 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:19:59.0968 3004 sr - ok
14:20:00.0078 3004 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
14:20:00.0125 3004 srservice - ok
14:20:00.0250 3004 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:20:00.0328 3004 Srv - ok
14:20:00.0421 3004 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
14:20:00.0453 3004 SSDPSRV - ok
14:20:00.0562 3004 STIrUsb (a1a16662c6b1a665d965d61b9eecc5a7) C:\WINDOWS\system32\DRIVERS\irstusb.sys
14:20:00.0578 3004 STIrUsb - ok
14:20:00.0703 3004 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
14:20:00.0750 3004 stisvc - ok
14:20:00.0875 3004 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:20:00.0906 3004 swenum - ok
14:20:00.0984 3004 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:20:01.0000 3004 swmidi - ok
14:20:01.0062 3004 SwPrv - ok
14:20:01.0218 3004 symc810 - ok
14:20:01.0265 3004 symc8xx - ok
14:20:01.0328 3004 sym_hi - ok
14:20:01.0421 3004 sym_u3 - ok
14:20:01.0531 3004 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:20:01.0546 3004 sysaudio - ok
14:20:01.0671 3004 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
14:20:01.0703 3004 SysmonLog - ok
14:20:01.0812 3004 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
14:20:01.0843 3004 TapiSrv - ok
14:20:01.0984 3004 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:20:02.0015 3004 Tcpip - ok
14:20:02.0187 3004 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:20:02.0203 3004 TDPIPE - ok
14:20:02.0296 3004 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:20:02.0328 3004 TDTCP - ok
14:20:02.0437 3004 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:20:02.0453 3004 TermDD - ok
14:20:02.0578 3004 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
14:20:02.0609 3004 TermService - ok
14:20:02.0734 3004 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:20:02.0734 3004 Themes - ok
14:20:02.0796 3004 TosIde - ok
14:20:02.0906 3004 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
14:20:02.0937 3004 TrkWks - ok
14:20:03.0046 3004 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
14:20:03.0078 3004 uagp35 - ok
14:20:03.0218 3004 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:20:03.0234 3004 Udfs - ok
14:20:03.0312 3004 ultra - ok
14:20:03.0390 3004 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:20:03.0437 3004 Update - ok
14:20:03.0546 3004 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
14:20:03.0578 3004 upnphost - ok
14:20:03.0687 3004 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
14:20:03.0718 3004 UPS - ok
14:20:03.0828 3004 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:20:03.0843 3004 USBAAPL - ok
14:20:03.0937 3004 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:20:03.0953 3004 usbccgp - ok
14:20:04.0062 3004 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:20:04.0078 3004 usbehci - ok
14:20:04.0156 3004 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:20:04.0187 3004 usbhub - ok
14:20:04.0296 3004 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:20:04.0312 3004 usbprint - ok
14:20:04.0390 3004 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:20:04.0421 3004 usbscan - ok
14:20:04.0484 3004 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:20:04.0515 3004 USBSTOR - ok
14:20:04.0671 3004 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:20:04.0687 3004 usbuhci - ok
14:20:04.0781 3004 VET-FILT (e6287f6c77e71adfc6badb106cd30e7d) C:\WINDOWS\system32\drivers\VET-FILT.sys
14:20:04.0796 3004 VET-FILT - ok
14:20:04.0937 3004 VET-REC (cb98d6c1ade8a891cbbfd9beb1774f48) C:\WINDOWS\system32\drivers\VET-REC.sys
14:20:04.0968 3004 VET-REC - ok
14:20:05.0031 3004 VETEBOOT (c079f80582c31728029f3efcdfeaf221) C:\WINDOWS\system32\drivers\VETEBOOT.sys
14:20:05.0078 3004 VETEBOOT - ok
14:20:05.0203 3004 VETEFILE (31bab965e7af8295c22f641401d622b3) C:\WINDOWS\system32\drivers\VETEFILE.sys
14:20:05.0265 3004 VETEFILE - ok
14:20:05.0375 3004 VETFDDNT (05bdabe6664f48c54a6d3c538c8f2cc1) C:\WINDOWS\system32\drivers\VETFDDNT.sys
14:20:05.0406 3004 VETFDDNT - ok
14:20:05.0515 3004 VETMONNT (f5897ff7eb733670f92e798ef5358b88) C:\WINDOWS\system32\drivers\VETMONNT.sys
14:20:05.0593 3004 VETMONNT - ok
14:20:05.0765 3004 VETMSGNT (85874f218ce1f439a63e70b4b8aafdb8) C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
14:20:05.0796 3004 VETMSGNT - ok
14:20:05.0937 3004 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:20:05.0953 3004 VgaSave - ok
14:20:06.0062 3004 viagfx (0cc705db634a3bc355887e3d478dd386) C:\WINDOWS\system32\DRIVERS\vtmini.sys
14:20:06.0093 3004 viagfx - ok
14:20:06.0171 3004 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:20:06.0203 3004 ViaIde - ok
14:20:06.0359 3004 VIAudio (82e33b1f9bd95b51ae5878dbdb197b54) C:\WINDOWS\system32\drivers\viaudios.sys
14:20:06.0390 3004 VIAudio - ok
14:20:06.0468 3004 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:20:06.0484 3004 VolSnap - ok
14:20:06.0609 3004 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
14:20:06.0656 3004 VSS - ok
14:20:06.0765 3004 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
14:20:06.0796 3004 W32Time - ok
14:20:06.0921 3004 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:20:06.0937 3004 Wanarp - ok
14:20:07.0015 3004 wceusbsh (dc7f91b2ed24a738c807ea07f298928c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
14:20:07.0062 3004 wceusbsh - ok
14:20:07.0140 3004 WDICA - ok
14:20:07.0250 3004 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:20:07.0265 3004 wdmaud - ok
14:20:07.0343 3004 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
14:20:07.0375 3004 WebClient - ok
14:20:07.0484 3004 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:20:07.0500 3004 winmgmt - ok
14:20:07.0625 3004 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
14:20:07.0640 3004 WmdmPmSN - ok
14:20:07.0781 3004 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:20:07.0812 3004 WmiApSrv - ok
14:20:07.0937 3004 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
14:20:08.0062 3004 WMPNetworkSvc - ok
14:20:08.0203 3004 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
14:20:08.0234 3004 wuauserv - ok
14:20:08.0375 3004 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:20:08.0390 3004 WudfPf - ok
14:20:08.0531 3004 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:20:08.0562 3004 WudfRd - ok
14:20:08.0625 3004 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
14:20:08.0656 3004 WudfSvc - ok
14:20:08.0750 3004 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
14:20:08.0796 3004 WZCSVC - ok
14:20:08.0937 3004 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
14:20:08.0968 3004 xmlprov - ok
14:20:09.0000 3004 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:20:09.0250 3004 \Device\Harddisk0\DR0 - ok
14:20:09.0281 3004 MBR (0x1B8) (b4acc00bc9965556fdff2f295c1de5f5) \Device\Harddisk1\DR1
14:20:09.0453 3004 \Device\Harddisk1\DR1 - ok
14:20:09.0500 3004 Boot (0x1200) (52e4e6b535b16f03e27783ccbdc7f478) \Device\Harddisk0\DR0\Partition0
14:20:09.0500 3004 \Device\Harddisk0\DR0\Partition0 - ok
14:20:09.0531 3004 Boot (0x1200) (985552921cbf800919445a7fa0e71c47) \Device\Harddisk1\DR1\Partition0
14:20:09.0531 3004 \Device\Harddisk1\DR1\Partition0 - ok
14:20:09.0531 3004 ============================================================
14:20:09.0531 3004 Scan finished
14:20:09.0531 3004 ============================================================
14:20:09.0562 3568 Detected object count: 0
14:20:09.0562 3568 Actual detected object count: 0
14:22:35.0796 1324 Deinitialize success


Then snoozed CA and downloaded gmer, which took about 3 hours to scan, the log follows:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-15 18:41:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD400BB-00JHC0 rev.05.01C05
Running: 9v9n1emq.exe; Driver: C:\DOCUME~1\USER1~1\LOCALS~1\Temp\pxtdrpow.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2764] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 011D9720 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2764] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 0140E21B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2764] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 0140E1F4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2764] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 0140E17E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs VET-FILT.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs VET-REC.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat VET-FILT.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat VET-REC.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)

---- EOF - GMER 1.0.15 ----


Then downloaded aswMBR, log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-15 18:47:21
-----------------------------
18:47:21.031 OS Version: Windows 5.1.2600 Service Pack 3
18:47:21.031 Number of processors: 1 586 0x801
18:47:21.031 ComputerName: AMD UserName:
18:47:22.046 Initialize success
19:12:57.875 AVAST engine defs: 12041500
19:13:06.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
19:13:06.656 Disk 0 Vendor: WDC_WD400BB-00JHC0 05.01C05 Size: 38165MB BusType: 3
19:13:06.656 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
19:13:06.656 Disk 1 Vendor: ST310212A 3.02 Size: 9768MB BusType: 3
19:13:06.781 Disk 0 MBR read successfully
19:13:06.781 Disk 0 MBR scan
19:13:07.375 Disk 0 Windows XP default MBR code
19:13:07.437 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
19:13:08.031 Disk 0 scanning sectors +78140160
19:13:08.765 Disk 0 scanning C:\WINDOWS\system32\drivers
19:14:51.093 Service scanning
19:15:18.015 Modules scanning
19:17:06.562 Disk 0 trace - called modules:
19:17:06.640 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
19:17:06.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83773ab8]
19:17:06.640 3 CLASSPNP.SYS[f7a18fd7] -> nt!IofCallDriver -> \Device\00000057[0x83719130]
19:17:06.640 5 ACPI.sys[f798f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x837d8940]
19:17:07.390 AVAST engine scan C:\WINDOWS
19:19:53.984 AVAST engine scan C:\WINDOWS\system32
19:39:21.984 AVAST engine scan C:\WINDOWS\system32\drivers
19:41:49.812 AVAST engine scan C:\Documents and Settings\User 1
21:01:57.109 AVAST engine scan C:\Documents and Settings\All Users
21:05:50.546 Scan finished successfully
21:30:21.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User 1\My Documents\MBR.dat"
21:30:21.218 The log file has been saved successfully to "C:\Documents and Settings\User 1\My Documents\aswMBR.txt"


What next?
Thanks,
Graeme1

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:56 AM

Posted 15 April 2012 - 09:41 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 Graeme 1

Graeme 1
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 15 April 2012 - 10:58 PM

Hi Narenxp,

MBAM found 3 threats and removed them, a reboot and MBAM came up clear.

ESET log follows:
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CKI48O6L\panempire_com[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U7JDC1AQ\enter[1].htm JS/Kryptik.MK trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U7JDC1AQ\enter[2].htm JS/Kryptik.MK trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VEQU2B3D\dasdasaseq[1].htm JS/Kryptik.MB trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.04.2012_12.02.03\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Rootkit.Kryptik.LI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.04.2012_12.02.03\rtkt0000\zafs0000\tsk0009.dta Win32/Sirefef.ET trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.04.2012_12.02.03\rtkt0000\zafs0000\tsk0010.dta a variant of Win32/Sirefef.EU trojan cleaned by deleting - quarantined
E:\WINDOWS\SYSTEM\IEHelperMiddleMan.dll probably a variant of Win32/Adware.Agent.ELCJKGS application cleaned by deleting - quarantined
E:\System Volume Information\_restore{B98CEFC7-8437-4A17-BA41-503AEA96BEE3}\RP1396\A0084465.dll probably a variant of Win32/Adware.Agent.ELCJKGS application cleaned by deleting - quarantined

Mini Toolbox Log:
MiniToolBox by Farbar Version: 18-01-2012
Ran by User 1 (administrator) on 16-04-2012 at 13:42:51
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

There are 15193 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

VIA Rhine II Fast Ethernet Adapter = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : amd

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : VIA Rhine II Fast Ethernet Adapter

Physical Address. . . . . . . . . : 00-0F-EA-DB-59-3B

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.5

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Monday, 16 April 2012 1:45:54 PM

Lease Expires . . . . . . . . . . : Monday, 16 April 2012 2:45:54 PM

Server: mygateway1.ar7
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Address: 74.125.237.105



Pinging google.com [74.125.237.105] with 32 bytes of data:



Reply from 74.125.237.105: bytes=32 time=16ms TTL=55

Reply from 74.125.237.105: bytes=32 time=15ms TTL=57



Ping statistics for 74.125.237.105:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 15ms, Maximum = 16ms, Average = 15ms

Server: mygateway1.ar7
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Address: 72.30.38.140



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=201ms TTL=53

Reply from 72.30.38.140: bytes=32 time=270ms TTL=53



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 201ms, Maximum = 270ms, Average = 235ms

Server: mygateway1.ar7
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0f ea db 59 3b ...... VIA Compatable Fast Ethernet Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.5 192.168.1.5 20
192.168.1.0 255.255.255.0 192.168.1.5 192.168.1.5 20
192.168.1.5 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.5 192.168.1.5 20
224.0.0.0 240.0.0.0 192.168.1.5 192.168.1.5 20
255.255.255.255 255.255.255.255 192.168.1.5 192.168.1.5 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\VetRedir.dll [83256] (Computer Associates International, Inc.)
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\VetRedir.dll [83256] (Computer Associates International, Inc.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/15/2012 09:58:45 PM) (Source: Application Hang) (User: )
Description: Fault bucket 735502607.

Error: (04/15/2012 09:58:39 PM) (Source: Application Hang) (User: )
Description: Hanging application regedit.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/14/2012 11:27:49 AM) (Source: Application Error) (User: )
Description: Faulting application isafe.exe, version 8.0.9.0, faulting module isafserv.dll, version 8.0.9.0, fault address 0x00011790.
Processing media-specific event for [isafe.exe!ws!]

Error: (04/11/2012 03:58:37 PM) (Source: Application Hang) (User: )
Description: Hanging application thunderbird.exe, version 11.0.0.4469, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/10/2012 05:12:41 PM) (Source: UmxAgent) (User: )
Description: C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe

Error: (04/10/2012 04:55:59 PM) (Source: UmxAgent) (User: )
Description: C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe

Error: (04/09/2012 11:03:46 AM) (Source: UmxAgent) (User: )
Description: C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe

Error: (04/09/2012 10:36:38 AM) (Source: UmxAgent) (User: )
Description: C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe

Error: (04/08/2012 04:46:01 PM) (Source: UmxAgent) (User: )
Description: C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe

Error: (04/07/2012 10:02:28 PM) (Source: UmxAgent) (User: )
Description: C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe


System errors:
=============
Error: (04/16/2012 10:46:18 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (04/15/2012 02:31:34 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (04/15/2012 00:05:33 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (04/15/2012 00:01:13 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (04/15/2012 00:01:08 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (04/15/2012 00:00:11 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (04/15/2012 11:59:41 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (04/15/2012 11:59:41 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (04/15/2012 11:59:41 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (04/15/2012 11:59:41 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127


Microsoft Office Sessions:
=========================
Error: (04/15/2012 09:58:45 PM) (Source: Application Hang)(User: )
Description: 735502607

Error: (04/15/2012 09:58:39 PM) (Source: Application Hang)(User: )
Description: regedit.exe5.1.2600.5512hungapp0.0.0.000000000

Error: (04/14/2012 11:27:49 AM) (Source: Application Error)(User: )
Description: isafe.exe8.0.9.0isafserv.dll8.0.9.000011790

Error: (04/11/2012 03:58:37 PM) (Source: Application Hang)(User: )
Description: thunderbird.exe11.0.0.4469hungapp0.0.0.000000000

Error: (04/10/2012 05:12:41 PM) (Source: UmxAgent)(User: )
Description: C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe

Error: (04/10/2012 04:55:59 PM) (Source: UmxAgent)(User: )
Description: C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe

Error: (04/09/2012 11:03:46 AM) (Source: UmxAgent)(User: )
Description: C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe

Error: (04/09/2012 10:36:38 AM) (Source: UmxAgent)(User: )
Description: C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe

Error: (04/08/2012 04:46:01 PM) (Source: UmxAgent)(User: )
Description: C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe

Error: (04/07/2012 10:02:28 PM) (Source: UmxAgent)(User: )
Description: C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe


=========================== Installed Programs ============================

2600 (Version: 43.0.217.000)
2600_Help (Version: 43.0.217.000)
2600Trb (Version: 43.0.217.000)
ACDSee for PENTAX 2.0 (Version: 6.0.24)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe Acrobat 5.0 (Version: 5.0)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.228)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Photoshop Elements 3.0 (Version: 003.000.0000)
Adobe Reader 9.5.0 (Version: 9.5.0)
AiO_Scan (Version: 43.0.217.000)
AiOSoftware (Version: 43.0.217.000)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ArcSoft PhotoStudio 2000
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 43.1.5.000)
CA Anti-Virus (Version: 9.0.0.174)
CA Anti-Virus (Version: 9.0.0.198)
CallingID (Version: 1.6.0.67)
Canon iP4700 series Printer Driver
Canon MP Navigator EX 3.0
Canon MP640 series MP Drivers
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CD-LabelPrint
Copy (Version: 43.1.5.000)
CreativeProjects (Version: 43.1.5.000)
CreativeProjectsTemplates (Version: 43.1.5.000)
Critical Update for Windows Media Player 11 (KB959772)
CueTour (Version: 43.1.5.000)
CyberLink DVD Suite (Version: 5.0.3019)
Dear Jane (Version: 1.0)
Destinations (Version: 43.1.5.000)
Director (Version: 43.1.5.000)
DocProc (Version: 4.0.0.0)
DocumentViewer (Version: 43.0.217.000)
ESET Online Scanner v3
EZITREE Plus v10.92
Fax (Version: 43.0.217.000)
GdiplusUpgrade (Version: 1.00.01)
Google Chrome (Version: 18.0.1025.162)
Google Earth (Version: 6.1.0.5001)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
Hoyle Card Games 2011 (remove only)
HP Diagnostic Assistant (Version: 1.0.0.0)
HP Image Zone 4.2 (Version: 4.2)
HP PSC & OfficeJet 4.2
HP Update (Version: 5.002.001.004)
HPODiscovery (Version: 1.0.0.0)
HPSystemDiagnostics (Version: 1.5.0.0)
InstantShare (Version: 4.0.0.40)
iPod for Windows 2006-01-10 (Version: 4.7.0)
iTunes (Version: 10.6.0.40)
Japanese Fonts Support For Adobe Reader 9 (Version: 9.0.0)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 2 (Version: 1.6.0.20)
Java™ 6 Update 23 (Version: 6.0.230)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ 6 Update 7 (Version: 1.6.0.70)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
Karen K Stone Quilts (Version: 1.00.0000)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft ActiveSync 3.7
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office 2000 Standard (Version: 9.00.2720)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Mozilla Firefox 11.0 (x86 en-GB) (Version: 11.0)
Mozilla Thunderbird 11.0.1 (x86 en-GB) (Version: 11.0.1)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MYOB FirstAccounts v3.1
Nero 7 Essentials (Version: 7.03.1303)
neroxml (Version: 1.0.0)
Nikon View 6
Nokia Connectivity Cable Driver (Version: 6.80.5.1)
Nokia PC Connectivity Solution (Version: 6.11.10.0)
Nokia PC Suite (Version: 6.80.22)
Overland (Version: 2.1.5)
overland (Version: 2.1.6.2)
PhotoGallery (Version: 43.1.5.000)
PrintScreen (Version: 43.1.5.000)
ProductContext (Version: 43.0.217.000)
QFolder (Version: 1.00.0000)
QuickProjects (Version: 43.1.5.000)
QuickTime (Version: 7.71.80.42)
Readme (Version: 43.0.217.000)
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Scan (Version: 4.1.0.0)
SkinsHP1 (Version: 43.1.5.000)
TrayApp (Version: 43.1.5.000)
UniChrome IGP Driver and Utilities
Unload (Version: 4.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB976749) (Version: 1)
Update for Windows XP (KB978207) (Version: 1)
Update for Windows XP (KB980182) (Version: 1)
VIA Audio Driver Setup Program
VIA Rhine-Family Fast Ethernet Adapter
VoiceOver Kit (Version: 1.40.128.0)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 43.1.5.000)
Windows Driver Package - Nokia Modem (04/06/2006 6.8.0.17) (Version: 04/06/2006 6.8.0.17)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinZip
Women's Murder Club - Death in Scarlet (Version: 1.00)

========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 735.48 MB
Available physical RAM: 470.44 MB
Total Pagefile: 1799.5 MB
Available Pagefile: 1470.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.21 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:37.26 GB) (Free:8.16 GB) NTFS
4 Drive e: () (Fixed) (Total:9.53 GB) (Free:6.37 GB) FAT32

========================= Users: ========================================

User accounts for \\AMD

Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0 User 1


**** End of log ****

I hope you can make sense of all this!
Cheers
Graeme

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:56 AM

Posted 15 April 2012 - 11:24 PM

That looks good

Download hosts fix

http://go.microsoft.com/?linkid=9668866

Run it

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp


Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#7 Graeme 1

Graeme 1
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 16 April 2012 - 12:42 AM

Thank you narenxp.
Do I need to remove the downloaded programs or should they stay where they are?
Cheers
Graeme

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:56 AM

Posted 16 April 2012 - 08:56 AM

Remove them except for malwarebytes

Run a frequent scan with malwarebytes

good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users