Spyware - General

I'm getting a screen that is scanning my hard disk and showing some errors. It has completely blanked out all of my programs

[Please read and follow all these instructions very carefully]

Delete any existing version of ComboFix you have sitting on your desktop

Please read and follow all these instructions very carefully

Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Here or Hereto your Desktop.
As you download it rename it to username123.exe


**Note:  It is important that it is saved directly to your desktop  and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

• Very Important! Temporarily disable your anti-virus and  anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
• Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  
• Remember to re enable the protection again after combofix has finished
  

--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running

Double click on renamed combofix.exe & follow the prompts.

If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you. 
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version. 

Please tell us if it has cured the problems or if there are any outstanding issues

Its taking for ever ! Been over 2hrs with Combofix trying to fix the problem. I only see the blue screen with the message that the time may double for badly affected machines.

[Microsoft MVP/Consumer Security]

if it has been that long, then reboot & run combofix again please

I've done it over 3 times now. This is what happens

1. Runs for over 2 hrs and then freezes up.
2. I have to reboot and cant see combofix again
3. Have to download combofix and save it by a name different than username123.exe
4. Repeat steps 1 to 3

Whats going on? How do you fix it?

[Microsoft MVP/Consumer Security]

sounds like the only cure for this one will be format & reinstall windows

Even before I try that I wanted to try one last time. Tell me why does Combofix freeze up? Is there anyways that Combofix can be run if downloaded on a USB stick.

[Microsoft MVP/Consumer Security]

you can try from a USB stick, but it is likely that it will still freeze

are you definitely disabling your antivirus, becasue some antiviruses will stop combofix working

So this is what I did -

1. Didnt touch the system for a few days
2. When I switched on after 2 wks I could see the desktop icons
3. Ran Malwarebyte's scan that removed 13 malwares
4. Combofix froze up again

How do I see what AntiVirus Software I have ( I dont remember which one is it). I checked in Control panel under Virus Protection and it shows me that my Virus Protection is NotMonitored.

Below are the results from HiJack This:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:54:04 PM, on 1/28/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\vsnpstd3.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [FpNsnrTURn.exe] C:\Documents and Settings\All Users\Application Data\FpNsnrTURn.exe
O4 - HKLM\..\Run: [LQWxKGCKoVDdhWT.exe] C:\Documents and Settings\All Users\Application Data\LQWxKGCKoVDdhWT.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (file missing)

--
End of file - 7699 bytes

[Microsoft MVP/Consumer Security]

try this to see what it does
Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684
let it cure anything it fnds ( except SPTD.SYS, which should be ignored) & then reboot

post back with its log

It shows fixing 3 errors bt it knocked off my internet connection. I havent been able to connect as my connection cannot recognize my IP address.

Do you know if it is because of the tdss killer ?

[Microsoft MVP/Consumer Security]

It shouldn't do but it is possible that one of the infected files that was "cured" or quarantined was part of the internet connection
this malware is one of the hardest to fix & in many cases is completely uncurable

can you post the tdss killer log so I can see what it did fix
 and suggest the next steps from there

By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
Logs have names like: UtilityName.Version_Date_Time_log.txt.
E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

Attached.
I still cant use that Laptop to get online.

14:09:37.0468 3952   TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
14:09:38.0515 3952   ============================================================
14:09:38.0515 3952   Current date / time: 2012/01/29 14:09:38.0515
14:09:38.0515 3952   SystemInfo:
14:09:38.0515 3952   
14:09:38.0515 3952   OS Version: 5.1.2600 ServicePack: 2.0
14:09:38.0515 3952   Product type: Workstation
14:09:38.0515 3952   ComputerName: HOME-E05143223D
14:09:38.0515 3952   UserName: Kaustubh Borah
14:09:38.0515 3952   Windows directory: C:\WINDOWS
14:09:38.0515 3952   System windows directory: C:\WINDOWS
14:09:38.0515 3952   Processor architecture: Intel x86
14:09:38.0515 3952   Number of processors: 2
14:09:38.0515 3952   Page size: 0x1000
14:09:38.0515 3952   Boot type: Normal boot
14:09:38.0515 3952   ============================================================
14:09:40.0343 3952   Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:09:40.0375 3952   Initialize success
14:09:43.0578 2656   ============================================================
14:09:43.0578 2656   Scan started
14:09:43.0578 2656   Mode: Manual;
14:09:43.0578 2656   ============================================================
14:09:44.0187 2656   Abiosdsk - ok
14:09:44.0203 2656   abp480n5 - ok
14:09:44.0250 2656   ACPI            (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:09:44.0250 2656   ACPI - ok
14:09:44.0281 2656   ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:09:44.0281 2656   ACPIEC - ok
14:09:44.0281 2656   adpu160m - ok
14:09:44.0328 2656   aec             (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
14:09:44.0328 2656   aec - ok
14:09:44.0375 2656   AegisP          (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
14:09:44.0375 2656   AegisP - ok
14:09:44.0421 2656   AFD             (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
14:09:44.0421 2656   AFD - ok
14:09:44.0437 2656   Aha154x - ok
14:09:44.0453 2656   aic78u2 - ok
14:09:44.0468 2656   aic78xx - ok
14:09:44.0484 2656   AliIde - ok
14:09:44.0484 2656   amsint - ok
14:09:44.0531 2656   ApfiltrService  (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
14:09:44.0578 2656   ApfiltrService - ok
14:09:44.0625 2656   Arp1394         (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:09:44.0625 2656   Arp1394 - ok
14:09:44.0875 2656   asc - ok
14:09:44.0921 2656   asc3350p - ok
14:09:44.0921 2656   asc3550 - ok
14:09:45.0046 2656   AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:09:45.0046 2656   AsyncMac - ok
14:09:45.0093 2656   atapi           (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:09:45.0093 2656   atapi - ok
14:09:45.0109 2656   Atdisk - ok
14:09:45.0140 2656   Atmarpc         (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:09:45.0140 2656   Atmarpc - ok
14:09:45.0171 2656   audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:09:45.0171 2656   audstub - ok
14:09:45.0234 2656   b57w2k          (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
14:09:45.0234 2656   b57w2k - ok
14:09:45.0265 2656   Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:09:45.0265 2656   Beep - ok
14:09:45.0281 2656   BthEnum         (d24b8d1784c68a25060fffbe8ed34b76) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
14:09:45.0281 2656   BthEnum - ok
14:09:45.0281 2656   BthPan          (10355270be12641b9764235da39dcf0f) C:\WINDOWS\system32\DRIVERS\bthpan.sys
14:09:45.0281 2656   BthPan - ok
14:09:45.0328 2656   BTHPORT         (95ef6f3f386d93ee1e4d9ca45a50252a) C:\WINDOWS\system32\Drivers\BTHport.sys
14:09:45.0343 2656   BTHPORT - ok
14:09:45.0359 2656   BTHUSB          (f06d4cb9918b462a84d9ac00027efc30) C:\WINDOWS\system32\Drivers\BTHUSB.sys
14:09:45.0359 2656   BTHUSB - ok
14:09:45.0437 2656   catchme - ok
14:09:45.0515 2656   cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:09:45.0515 2656   cbidf2k - ok
14:09:45.0546 2656   CCDECODE        (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:09:45.0546 2656   CCDECODE - ok
14:09:45.0562 2656   cd20xrnt - ok
14:09:45.0578 2656   Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:09:45.0578 2656   Cdaudio - ok
14:09:45.0625 2656   Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
14:09:45.0625 2656   Cdfs - ok
14:09:45.0671 2656   Cdrom           (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:09:45.0671 2656   Cdrom - ok
14:09:45.0718 2656   cercsr6         (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
14:09:45.0718 2656   cercsr6 - ok
14:09:45.0750 2656   Changer - ok
14:09:45.0781 2656   CmBatt          (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:09:45.0781 2656   CmBatt - ok
14:09:45.0796 2656   CmdIde - ok
14:09:45.0812 2656   Compbatt        (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:09:45.0812 2656   Compbatt - ok
14:09:45.0828 2656   Cpqarray - ok
14:09:45.0828 2656   dac2w2k - ok
14:09:45.0843 2656   dac960nt - ok
14:09:45.0859 2656   Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
14:09:45.0859 2656   Disk - ok
14:09:45.0921 2656   dmboot          (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
14:09:45.0953 2656   dmboot - ok
14:09:45.0984 2656   dmio            (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
14:09:45.0984 2656   dmio - ok
14:09:46.0015 2656   dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:09:46.0015 2656   dmload - ok
14:09:46.0062 2656   DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
14:09:46.0062 2656   DMusic - ok
14:09:46.0093 2656   dpti2o - ok
14:09:46.0109 2656   drmkaud         (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
14:09:46.0109 2656   drmkaud - ok
14:09:46.0171 2656   Fastfat         (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
14:09:46.0171 2656   Fastfat - ok
14:09:46.0203 2656   Fdc             (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
14:09:46.0203 2656   Fdc - ok
14:09:46.0218 2656   Fips            (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
14:09:46.0218 2656   Fips - ok
14:09:46.0234 2656   Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:09:46.0234 2656   Flpydisk - ok
14:09:46.0265 2656   FltMgr          (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:09:46.0281 2656   FltMgr - ok
14:09:46.0281 2656   Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:09:46.0281 2656   Fs_Rec - ok
14:09:46.0296 2656   Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:09:46.0296 2656   Ftdisk - ok
14:09:46.0312 2656   Gpc             (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:09:46.0312 2656   Gpc - ok
14:09:46.0375 2656   HDAudBus        (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:09:46.0390 2656   HDAudBus - ok
14:09:46.0406 2656   hpn - ok
14:09:46.0468 2656   HSF_DPV         (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
14:09:46.0484 2656   HSF_DPV - ok
14:09:46.0515 2656   HSXHWAZL        (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
14:09:46.0515 2656   HSXHWAZL - ok
14:09:46.0578 2656   HTTP            (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
14:09:46.0578 2656   HTTP - ok
14:09:46.0609 2656   i2omgmt - ok
14:09:46.0625 2656   i2omp - ok
14:09:46.0656 2656   i8042prt        (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:09:46.0656 2656   i8042prt - ok
14:09:46.0718 2656   ialm            (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:09:46.0750 2656   ialm - ok
14:09:46.0796 2656   Imapi           (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:09:46.0796 2656   Imapi - ok
14:09:46.0812 2656   ini910u - ok
14:09:46.0828 2656   IntelIde - ok
14:09:46.0859 2656   intelppm        (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:09:46.0859 2656   intelppm - ok
14:09:46.0890 2656   Ip6Fw           (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:09:46.0890 2656   Ip6Fw - ok
14:09:46.0921 2656   IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:09:46.0921 2656   IpFilterDriver - ok
14:09:46.0953 2656   IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:09:46.0953 2656   IpInIp - ok
14:09:46.0984 2656   IpNat           (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:09:46.0984 2656   IpNat - ok
14:09:47.0015 2656   IPSec           (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:09:47.0015 2656   IPSec - ok
14:09:47.0062 2656   IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:09:47.0062 2656   IRENUM - ok
14:09:47.0140 2656   isapnp          (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:09:47.0140 2656   isapnp - ok
14:09:47.0187 2656   Kbdclass        (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:09:47.0187 2656   Kbdclass - ok
14:09:47.0218 2656   kmixer          (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
14:09:47.0234 2656   kmixer - ok
14:09:47.0250 2656   KSecDD          (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
14:09:47.0250 2656   KSecDD - ok
14:09:47.0265 2656   lbrtfdc - ok
14:09:47.0296 2656   mdmxsdk         (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:09:47.0296 2656   mdmxsdk - ok
14:09:47.0343 2656   mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:09:47.0343 2656   mnmdd - ok
14:09:47.0406 2656   Modem           (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
14:09:47.0406 2656   Modem - ok
14:09:47.0437 2656   Mouclass        (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:09:47.0453 2656   Mouclass - ok
14:09:47.0468 2656   MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
14:09:47.0468 2656   MountMgr - ok
14:09:47.0484 2656   mraid35x - ok
14:09:47.0484 2656   MRxDAV          (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:09:47.0500 2656   MRxDAV - ok
14:09:47.0546 2656   MRxSmb          (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:09:47.0562 2656   MRxSmb - ok
14:09:47.0593 2656   Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
14:09:47.0609 2656   Msfs - ok
14:09:47.0656 2656   MSKSSRV         (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:09:47.0656 2656   MSKSSRV - ok
14:09:47.0687 2656   MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:09:47.0687 2656   MSPCLOCK - ok
14:09:47.0703 2656   MSPQM           (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
14:09:47.0703 2656   MSPQM - ok
14:09:47.0718 2656   mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:09:47.0734 2656   mssmbios - ok
14:09:47.0750 2656   MSTEE           (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
14:09:47.0750 2656   MSTEE - ok
14:09:47.0765 2656   Mup             (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
14:09:47.0765 2656   Mup - ok
14:09:47.0796 2656   NABTSFEC        (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:09:47.0796 2656   NABTSFEC - ok
14:09:47.0843 2656   NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
14:09:47.0843 2656   NDIS - ok
14:09:47.0843 2656   NdisIP          (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:09:47.0859 2656   NdisIP - ok
14:09:47.0890 2656   NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:09:47.0890 2656   NdisTapi - ok
14:09:47.0937 2656   Ndisuio         (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:09:47.0937 2656   Ndisuio - ok
14:09:47.0953 2656   NdisWan         (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:09:47.0953 2656   NdisWan - ok
14:09:47.0953 2656   NDProxy         (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
14:09:47.0968 2656   NDProxy - ok
14:09:47.0984 2656   NetBIOS         (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:09:47.0984 2656   NetBIOS - ok
14:09:48.0000 2656   NetBT           (9fc6efee0882004f3ff0322dd27dbf24) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:09:48.0000 2656   NetBT ( Virus.Win32.ZAccess.g ) - infected
14:09:48.0000 2656   NetBT - detected Virus.Win32.ZAccess.g (0)
14:09:48.0062 2656   NIC1394         (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:09:48.0062 2656   NIC1394 - ok
14:09:48.0093 2656   Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
14:09:48.0093 2656   Npfs - ok
14:09:48.0125 2656   Ntfs            (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
14:09:48.0140 2656   Ntfs - ok
14:09:48.0218 2656   Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:09:48.0218 2656   Null - ok
14:09:48.0265 2656   NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:09:48.0265 2656   NwlnkFlt - ok
14:09:48.0281 2656   NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:09:48.0281 2656   NwlnkFwd - ok
14:09:48.0312 2656   ohci1394        (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:09:48.0312 2656   ohci1394 - ok
14:09:48.0343 2656   OMCI            (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
14:09:48.0343 2656   OMCI - ok
14:09:48.0375 2656   Parport         (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
14:09:48.0375 2656   Parport - ok
14:09:48.0390 2656   PartMgr         (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
14:09:48.0406 2656   PartMgr - ok
14:09:48.0437 2656   ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:09:48.0437 2656   ParVdm - ok
14:09:48.0500 2656   PCI             (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
14:09:48.0500 2656   PCI - ok
14:09:48.0515 2656   PCIDump - ok
14:09:48.0515 2656   PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:09:48.0515 2656   PCIIde - ok
14:09:48.0546 2656   Pcmcia          (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:09:48.0546 2656   Pcmcia - ok
14:09:48.0562 2656   PDCOMP - ok
14:09:48.0562 2656   PDFRAME - ok
14:09:48.0578 2656   PDRELI - ok
14:09:48.0593 2656   PDRFRAME - ok
14:09:48.0593 2656   perc2 - ok
14:09:48.0609 2656   perc2hib - ok
14:09:48.0656 2656   PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:09:48.0656 2656   PptpMiniport - ok
14:09:48.0656 2656   PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
14:09:48.0671 2656   PSched - ok
14:09:48.0671 2656   Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:09:48.0671 2656   Ptilink - ok
14:09:48.0687 2656   ql1080 - ok
14:09:48.0687 2656   Ql10wnt - ok
14:09:48.0703 2656   ql12160 - ok
14:09:48.0718 2656   ql1240 - ok
14:09:48.0718 2656   ql1280 - ok
14:09:48.0750 2656   RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:09:48.0750 2656   RasAcd - ok
14:09:48.0765 2656   Rasl2tp         (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:09:48.0765 2656   Rasl2tp - ok
14:09:48.0781 2656   RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:09:48.0781 2656   RasPppoe - ok
14:09:48.0796 2656   Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:09:48.0796 2656   Raspti - ok
14:09:48.0828 2656   Rdbss           (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:09:48.0828 2656   Rdbss - ok
14:09:48.0843 2656   RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:09:48.0843 2656   RDPCDD - ok
14:09:48.0875 2656   rdpdr           (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:09:48.0875 2656   rdpdr - ok
14:09:48.0937 2656   RDPWD           (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
14:09:48.0937 2656   RDPWD - ok
14:09:48.0984 2656   redbook         (a99fa400285b20b64a3d039a99087216) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:09:48.0984 2656   redbook ( Virus.Win32.ZAccess.k ) - infected
14:09:48.0984 2656   redbook - detected Virus.Win32.ZAccess.k (0)
14:09:49.0000 2656   RFCOMM          (99c4b74981a1413f142a3903130088cb) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
14:09:49.0000 2656   RFCOMM - ok
14:09:49.0046 2656   s24trans        (2e4e912ce95f5ef4d4a5079f6ce367fc) C:\WINDOWS\system32\DRIVERS\s24trans.sys
14:09:49.0062 2656   s24trans - ok
14:09:49.0093 2656   Secdrv          (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:09:49.0093 2656   Secdrv - ok
14:09:49.0140 2656   serenum         (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:09:49.0140 2656   serenum - ok
14:09:49.0156 2656   Serial          (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
14:09:49.0156 2656   Serial - ok
14:09:49.0171 2656   Sfloppy         (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:09:49.0171 2656   Sfloppy - ok
14:09:49.0218 2656   Simbad - ok
14:09:49.0265 2656   SLIP            (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:09:49.0265 2656   SLIP - ok
14:09:49.0828 2656   SNPSTD3         (11bb0e11d42cc3a43d741d9b30839be1) C:\WINDOWS\system32\DRIVERS\snpstd3.sys
14:09:50.0343 2656   SNPSTD3 - ok
14:09:50.0406 2656   Sparrow - ok
14:09:50.0453 2656   splitter        (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
14:09:50.0453 2656   splitter - ok
14:09:50.0484 2656   sr              (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
14:09:50.0484 2656   sr - ok
14:09:50.0515 2656   Srv             (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
14:09:50.0531 2656   Srv - ok
14:09:50.0609 2656   STHDA           (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
14:09:50.0625 2656   STHDA - ok
14:09:50.0718 2656   streamip        (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:09:50.0718 2656   streamip - ok
14:09:50.0734 2656   swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:09:50.0750 2656   swenum - ok
14:09:50.0781 2656   swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
14:09:50.0781 2656   swmidi - ok
14:09:50.0796 2656   symc810 - ok
14:09:50.0796 2656   symc8xx - ok
14:09:50.0812 2656   sym_hi - ok
14:09:50.0812 2656   sym_u3 - ok
14:09:50.0843 2656   sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
14:09:50.0843 2656   sysaudio - ok
14:09:50.0890 2656   Tcpip           (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:09:50.0906 2656   Tcpip - ok
14:09:50.0984 2656   TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:09:50.0984 2656   TDPIPE - ok
14:09:51.0000 2656   TDTCP           (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
14:09:51.0000 2656   TDTCP - ok
14:09:51.0031 2656   TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:09:51.0031 2656   TermDD - ok
14:09:51.0046 2656   TosIde - ok
14:09:51.0109 2656   Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
14:09:51.0109 2656   Udfs - ok
14:09:51.0109 2656   UIUSys - ok
14:09:51.0125 2656   ultra - ok
14:09:51.0156 2656   Update          (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
14:09:51.0156 2656   Update - ok
14:09:51.0203 2656   usbccgp         (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:09:51.0203 2656   usbccgp - ok
14:09:51.0250 2656   USBCCID         (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
14:09:51.0250 2656   USBCCID - ok
14:09:51.0328 2656   usbehci         (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:09:51.0328 2656   usbehci - ok
14:09:51.0343 2656   usbhub          (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:09:51.0343 2656   usbhub - ok
14:09:51.0375 2656   usbscan         (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:09:51.0375 2656   usbscan - ok
14:09:51.0406 2656   USBSTOR         (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:09:51.0406 2656   USBSTOR - ok
14:09:51.0421 2656   usbuhci         (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:09:51.0421 2656   usbuhci - ok
14:09:51.0421 2656   VgaSave         (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
14:09:51.0421 2656   VgaSave - ok
14:09:51.0437 2656   ViaIde - ok
14:09:51.0468 2656   VolSnap         (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
14:09:51.0468 2656   VolSnap - ok
14:09:51.0546 2656   w39n51          (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
14:09:51.0578 2656   w39n51 - ok
14:09:51.0656 2656   Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:09:51.0656 2656   Wanarp - ok
14:09:51.0656 2656   WDICA - ok
14:09:51.0703 2656   wdmaud          (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
14:09:51.0703 2656   wdmaud - ok
14:09:51.0750 2656   winachsf        (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
14:09:51.0765 2656   winachsf - ok
14:09:51.0843 2656   WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:09:51.0843 2656   WS2IFSL - ok
14:09:51.0875 2656   WSTCODEC        (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:09:51.0875 2656   WSTCODEC - ok
14:09:51.0921 2656   MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:09:51.0953 2656   \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
14:09:51.0953 2656   \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
14:09:51.0968 2656   Boot (0x1200)   (270612f27323bbeee8a581f8cc3d7cea) \Device\Harddisk0\DR0\Partition0
14:09:51.0968 2656   \Device\Harddisk0\DR0\Partition0 - ok
14:09:51.0968 2656   ============================================================
14:09:51.0968 2656   Scan finished
14:09:51.0968 2656   ============================================================
14:09:51.0984 3924   Detected object count: 3
14:09:51.0984 3924   Actual detected object count: 3
14:10:31.0250 3924   VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\netbt.sys) error 1813
14:10:36.0250 3924   Backup copy found, using it..
14:10:36.0265 3924   C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot
14:10:37.0171 3924   C:\WINDOWS\system32\c_75784.nls - will be deleted on reboot
14:10:38.0046 3924   NetBT ( Virus.Win32.ZAccess.g ) - User select action: Cure
14:10:38.0078 3924   VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\redbook.sys) error 1813
14:10:38.0312 3924   Backup copy found, using it..
14:10:38.0312 3924   C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured on reboot
14:10:39.0250 3924   C:\WINDOWS\system32\c_75784.nls - will be deleted on reboot
14:10:40.0015 3924   redbook ( Virus.Win32.ZAccess.k ) - User select action: Cure
14:10:40.0046 3924   \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
14:10:40.0046 3924   \Device\Harddisk0\DR0 - ok
14:10:40.0046 3924   \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
14:10:46.0625 3676   Deinitialize success

Combo fix

ComboFix 12-02-03.02 - Kaustubh Borah 02/03/2012  19:56:24.18.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1014.741 [GMT -6:00]
Running from: E:\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\~PdIJQ3fF1Qm9CK
c:\documents and settings\All Users\Application Data\~PdIJQ3fF1Qm9CKr
c:\documents and settings\All Users\Application Data\PdIJQ3fF1Qm9CK
c:\documents and settings\Kaustubh Borah\Desktop\System Check.lnk
c:\documents and settings\Kaustubh Borah\Start Menu\Programs\System Check
c:\documents and settings\Kaustubh Borah\Start Menu\Programs\System Check\System Check.lnk
c:\documents and settings\Kaustubh Borah\Start Menu\Programs\System Check\Uninstall System Check.lnk
.
.
(((((((((((((((((((((((((   Files Created from 2012-01-04 to 2012-02-04  )))))))))))))))))))))))))))))))
.
.
2012-01-29 05:50 . 2012-01-29 05:52   --------   d-----w-   c:\windows\system32\NtmsData
2012-01-07 16:45 . 2012-01-07 16:45   626688   ----a-w-   c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-07 16:45 . 2012-01-07 16:45   548864   ----a-w-   c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-07 16:45 . 2012-01-07 16:45   479232   ----a-w-   c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-07 16:45 . 2012-01-07 16:45   43992   ----a-w-   c:\program files\Mozilla Firefox\mozutils.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 20:11 . 2011-06-10 17:46   57472   ----a-w-   c:\windows\system32\drivers\redbook.sys
2012-01-29 20:11 . 2004-08-04 10:00   162816   ----a-w-   c:\windows\system32\drivers\netbt.sys
2011-12-10 21:24 . 2011-06-10 23:39   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-12-05 00:16 . 2011-12-05 00:16   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2011-12-05 00:16 . 2011-12-05 00:16   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2011-11-30 08:33 . 2011-06-11 04:23   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-17 01:10 . 2011-11-17 01:10   388096   ----a-r-   c:\documents and settings\Kaustubh Borah\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-07 16:45 . 2011-06-11 04:27   121816   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-11-16_03.32.30   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-04 01:55 . 2012-02-04 01:55   16384              c:\windows\temp\Perflib_Perfdata_130.dat
+ 2004-08-04 10:00 . 2012-02-04 01:59   41756              c:\windows\system32\perfc009.dat
- 2011-06-10 22:58 . 2011-06-10 22:59   32768              c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-06-10 22:58 . 2012-01-11 04:27   32768              c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-10 22:58 . 2011-06-10 22:59   32768              c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-06-10 22:58 . 2012-01-11 04:27   32768              c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2011-06-10 22:58 . 2011-06-10 22:59   16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-01-11 04:36 . 2012-01-11 04:27   16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-12-05 00:20 . 2011-12-05 00:20   22016              c:\windows\Installer\1e972.msi
+ 2011-12-05 00:17 . 2011-12-05 00:17   18944              c:\windows\Installer\1e96a.msi
+ 2011-12-05 00:16 . 2011-12-05 00:16   92672              c:\windows\Installer\1e960.msi
+ 2011-12-05 00:15 . 2011-12-05 00:15   24064              c:\windows\Installer\1e95b.msi
- 2011-06-15 04:26 . 2011-06-15 04:26   5632              c:\windows\system32\pndx5032.dll
+ 2011-12-05 00:16 . 2011-12-05 00:16   5632              c:\windows\system32\pndx5032.dll
- 2011-06-15 04:26 . 2011-06-15 04:26   6656              c:\windows\system32\pndx5016.dll
+ 2011-12-05 00:16 . 2011-12-05 00:16   6656              c:\windows\system32\pndx5016.dll
- 2008-07-29 13:05 . 2008-07-29 13:05   655872              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 14:05 . 2008-07-29 14:05   655872              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
- 2008-07-29 13:05 . 2008-07-29 13:05   572928              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 14:05 . 2008-07-29 14:05   572928              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 09:54 . 2008-07-29 09:54   225280              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
- 2008-07-29 08:54 . 2008-07-29 08:54   225280              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2011-12-05 00:16 . 2011-12-05 00:16   198832              c:\windows\system32\rmoc3260.dll
+ 2011-06-15 04:26 . 2011-12-05 00:16   272896              c:\windows\system32\pncrt.dll
- 2011-06-15 04:26 . 2011-06-15 04:26   272896              c:\windows\system32\pncrt.dll
+ 2004-08-04 10:00 . 2012-02-04 01:59   315952              c:\windows\system32\perfh009.dat
+ 2011-11-30 08:33 . 2011-11-30 08:33   247968              c:\windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe
+ 2011-12-09 01:55 . 2011-12-09 01:55   253952              c:\windows\system32\config\systemprofile\ntuser.dat
+ 2012-01-19 00:16 . 2012-01-19 00:16   333824              c:\windows\Installer\1c2b04.msi
+ 2011-12-11 09:59 . 2011-12-11 10:06   7327928              c:\windows\system32\Restore\rstrlog.dat
+ 2011-06-11 04:29 . 2011-11-30 08:33   8527008              c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2011-11-17 01:10 . 2011-11-17 01:10   1094656              c:\windows\Installer\1bce5.msi
+ 2011-06-11 04:59 . 2012-01-13 21:47   52128560              c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-12-05 296056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-06-10 23:16   13672   ----a-w-   c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Kaustubh Borah\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Kaustubh Borah\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
.
S0 63149983;63149983;c:\windows\system32\drivers\12925252.sys --> c:\windows\system32\drivers\12925252.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/4/2011 6:15 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/4/2011 6:15 PM 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-05 00:15]
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-05 00:15]
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-562591055-839522115-1003Core.job
- c:\documents and settings\Kaustubh Borah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-08 15:55]
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-562591055-839522115-1003UA.job
- c:\documents and settings\Kaustubh Borah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-08 15:55]
.
2012-02-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-484763869-562591055-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 22:14]
.
2012-01-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-484763869-562591055-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 22:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Kaustubh Borah\Application Data\Mozilla\Firefox\Profiles\o0du32ef.default\
FF - prefs.js: browser.startup.homepage - about:blank
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-FpNsnrTURn.exe - c:\documents and settings\All Users\Application Data\FpNsnrTURn.exe
HKLM-Run-LQWxKGCKoVDdhWT.exe - c:\documents and settings\All Users\Application Data\LQWxKGCKoVDdhWT.exe
SafeBoot-63149983.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-03 20:00
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\drivers\tsk1D.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\drivers\tsk1F.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(908)
c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll
.
Completion time: 2012-02-03  20:01:33
ComboFix-quarantined-files.txt  2012-02-04 02:01
ComboFix2.txt  2011-12-26 22:32
ComboFix3.txt  2011-12-26 22:16
ComboFix4.txt  2011-12-26 08:27
ComboFix5.txt  2012-01-28 06:09
.
Pre-Run: 35,369,013,248 bytes free
Post-Run: 35,443,388,416 bytes free
.
- - End Of File - - EEE2FD406893AD2D0EF011DBDCB48826

[Microsoft MVP/Consumer Security]

You might fix it by downloading & installing SP3 for XP but I thiunk you will end up having to reinstall windows

Go here to download and save the full 316 MB SP3 upgrade.

After it's been downloaded and saved, do the following:

Double-click the saved SP3 upgrade file to start the upgrade process.

It'll take 30 - 60 minutes or more to complete, so be patient.

If you're not prompted to restart the computer after the upgrade is complete, do so.

Restart the computer again.